TY - JOUR
T1 - A cyber risk scoring system for medical devices
AU - Stine, Ian
AU - Rice, Mason
AU - Dunlap, Stephen
AU - Pecarina, John
N1 - Publisher Copyright:
© 2017
PY - 2017/12
Y1 - 2017/12
N2 - The increased connectivity of medical devices expedites patient treatment and provides lifesaving capabilities, but the lack of emphasis on device security has led to several cyber security breaches. Most medical professionals do not have adequate expertise in information technology or cyber security, yet they are responsible for assessing which medical devices provide the best balance of risk and probability of success. This paper proposes a cyber risk scoring system that considers a physician's worst-case assessment of the potential of a medical device to impact a patient. The scoring system also relies on a security questionnaire based on the STRIDE model that helps generate a risk score for the medical device. Three test scenarios involving medical devices are used to demonstrate the application and utility of the risk scoring system.
AB - The increased connectivity of medical devices expedites patient treatment and provides lifesaving capabilities, but the lack of emphasis on device security has led to several cyber security breaches. Most medical professionals do not have adequate expertise in information technology or cyber security, yet they are responsible for assessing which medical devices provide the best balance of risk and probability of success. This paper proposes a cyber risk scoring system that considers a physician's worst-case assessment of the potential of a medical device to impact a patient. The scoring system also relies on a security questionnaire based on the STRIDE model that helps generate a risk score for the medical device. Three test scenarios involving medical devices are used to demonstrate the application and utility of the risk scoring system.
KW - Cyber Risk Assessment
KW - Cyber Risk Scoring System
KW - Medical Devices
UR - http://www.scopus.com/inward/record.url?scp=85019618047&partnerID=8YFLogxK
U2 - 10.1016/j.ijcip.2017.04.001
DO - 10.1016/j.ijcip.2017.04.001
M3 - Article
AN - SCOPUS:85019618047
SN - 1874-5482
VL - 19
SP - 32
EP - 46
JO - International Journal of Critical Infrastructure Protection
JF - International Journal of Critical Infrastructure Protection
ER -