Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/50302

MedDevRisk: Risk Analysis Methodology for Networked Medical Devices

File SizeFormat 
paper0415.pdf925.05 kBAdobe PDFView/Open

Item Summary

Title: MedDevRisk: Risk Analysis Methodology for Networked Medical Devices
Authors: Seale, Katherine
McDonald, Jeffrey
Glisson, William
Pardue, Harold
Jacobs, Michael
Keywords: Security and Privacy Challenges for Healthcare
Risk assessment, medical devices, health IT, vulnerabilities, threats
Issue Date: 03 Jan 2018
Abstract: The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.
Pages/Duration: 10 pages
URI/DOI: http://hdl.handle.net/10125/50302
ISBN: 978-0-9981331-1-9
DOI: 10.24251/HICSS.2018.414
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Security and Privacy Challenges for Healthcare


Please contact sspace@hawaii.edu if you need this content in an ADA compliant alternative format.

Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.