A Cyber Risk Scoring System for Medical Devices

Abstract

The increased connectivity of medical devices has expedited patient treatment and provides lifesaving capabilities, but a lack of emphasis on device security has led to cybersecurity breaches for many healthcare organizations. Most medical professionals do not have a background in information technology or cybersecurity, yet they are responsible for assessing which treatment provides the best balance of risk and probability for success. This paper presents a two-part risk assessment framework that uses a doctors worst case assessment of a devices potential to impact a patient and a security questionnaire based on the STRIDE model to generate a risk score on a scale from 0 to 10. Four test cases based on relevant medical devices are used to demonstrate the practical application of the framework.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 23, 2017
Accession Number
AD1054765

Entities

People

  • Ian W. Stine

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Computer Network Security
  • Computer Security Techniques
  • Cyberattacks
  • Cybersecurity
  • Cyberspace Operations
  • Denial Of Service Attack
  • Department Of Homeland Security
  • Governments
  • Health Services
  • Human-Machine Interfaces
  • Information Operations
  • Information Security
  • Information Systems
  • Medical Personnel
  • Risk Analysis
  • United States Government

Fields of Study

  • Computer science
  • Medicine

Readers

  • Aviation Safety Risk Assessment.
  • Economics
  • Trauma or Military Medicine

Technology Areas

  • Cyber