A cyber risk scoring system for medical devices

Ian Stine, Mason Rice, Stephen Dunlap, John Pecarina

Research output: Contribution to journalArticlepeer-review

26 Scopus citations

Abstract

The increased connectivity of medical devices expedites patient treatment and provides lifesaving capabilities, but the lack of emphasis on device security has led to several cyber security breaches. Most medical professionals do not have adequate expertise in information technology or cyber security, yet they are responsible for assessing which medical devices provide the best balance of risk and probability of success. This paper proposes a cyber risk scoring system that considers a physician's worst-case assessment of the potential of a medical device to impact a patient. The scoring system also relies on a security questionnaire based on the STRIDE model that helps generate a risk score for the medical device. Three test scenarios involving medical devices are used to demonstrate the application and utility of the risk scoring system.

Original languageEnglish
Pages (from-to)32-46
Number of pages15
JournalInternational Journal of Critical Infrastructure Protection
Volume19
DOIs
StatePublished - Dec 2017
Externally publishedYes

Keywords

  • Cyber Risk Assessment
  • Cyber Risk Scoring System
  • Medical Devices

Fingerprint

Dive into the research topics of 'A cyber risk scoring system for medical devices'. Together they form a unique fingerprint.

Cite this