MedDevRisk: Risk Analysis Methodology for Networked Medical Devices

Seale, Katherine
McDonald, Jeffrey
Glisson, William
Pardue, Harold
Jacobs, Michael
Journal Title
Journal ISSN
Volume Title
The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.
Security and Privacy Challenges for Healthcare, Risk assessment, medical devices, health IT, vulnerabilities, threats
Access Rights
Email if you need this content in ADA-compliant format.