We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
MEDICALHARM: A threat modeling designed for modern medical devices and a comprehensive study on effectiveness, user satisfaction, and security perspectives.
- Authors
Kwarteng, Emmanuel; Cebe, Mumin
- Abstract
Modern medical devices (MMDs) are a rapidly growing field of medical technology, and recent advances have allowed them to monitor and manage patients' health remotely. As these devices become more connected in order to enhance the delivery of patient care, the concerns surrounding security, privacy, and safety are also increasing. To effectively address these concerns, "shift-left security"—which involves addressing security risks as early as possible—is becoming increasingly important. To facilitate it, threat modeling must be implemented as the first step. While various threat modeling methodologies exist, MMDs need a tailored one that can take into account the safety of patients and the complexity of a typical MMD, which contains multiple sensors and actuators. Therefore, we present a new threat modeling methodology—MEDICALHARM—tailored to identifying threats in MMD systems. MEDICALHARM delivers a holistic approach by combining threat and risk analysis under the same scheme. It specifically articulates safety threats along with security and privacy threats. Furthermore, it offers an algorithmic scheme to enable non-security experts (engineers and developers) to easily participate in the threat modeling process. To illustrate its benefits, we performed a threat modeling exercise using MEDICALHARM on a Deep Brain Stimulation device and provided an exhaustive threats document. Then, we conducted a survey among cybersecurity experts in the MMD domain to assess the MEDICALHARM. The survey results reveal positive feedback from participants, especially regarding the integration of cybersecurity, privacy, and safety, its novel trust level categorization, and the documentation strategy. The insights obtained from the questionnaire underscore MEDICALHARM's potential as a structured, inclusive threat model methodology. Then, we compared the results of this exercise with another well-known threat model scheme (STRIDE) to demonstrate MEDICALHARM's distinctive features.
- Subjects
MEDICAL equipment design; DEEP brain stimulation; SATISFACTION; MEDICAL technology; MEDICAL equipment; PATIENT safety
- Publication
International Journal of Information Security, 2024, Vol 23, Issue 3, p2225
- ISSN
1615-5262
- Publication type
Article
- DOI
10.1007/s10207-024-00826-y