Medical Device Safety Management Using Cybersecurity Risk Analysis

Hospital biomedical engineering teams are responsible for establishing and regulating medical equipment management programs (MEMPs); these programs ensure the safety and reliability of medical devices. Concomitant with rapid technological advancements, medical devices have been developed that are no...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 8; pp. 115370 - 115382
Main Authors Kim, Dong-Won, Choi, Jin-Young, Han, Keun-Hee
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Biomedical engineering
Biomedical equipment
Computer security
cybercare
Cybersecurity
Decision making
Evaluation
Identification methods
Medical devices
Medical electronics
Medical equipment
Medical services
Medical technology
Multiple criterion
Risk analysis
Risk assessment
Risk management
Safety
Safety management
security management
Threat evaluation
Threat models
Online AccessGet full text

Cover

More Information
Summary:Hospital biomedical engineering teams are responsible for establishing and regulating medical equipment management programs (MEMPs); these programs ensure the safety and reliability of medical devices. Concomitant with rapid technological advancements, medical devices have been developed that are now being integrated with information and communication technology. However, with the convergence of such diverse technologies, internal and external security threats are continuously increasing. Thus, to reduce medical device security threats, important devices must be identified and prioritized. In this study, we propose a multicriteria decision-making model that prioritizes medical devices by extending the Fennigkoh and Smith model to include security threats. First, we formulate criteria for evaluating medical device functions based on the classification of the medical devices according to their unique functions, connections, and data types. Then, through threat modeling, we develop a method of identifying and evaluating security threats to these devices. We discuss establishing a safer MEMP by analyzing the attack occurrence probability (AOP) and attack success probability (ASP) of medical devices and the inherent security threats that these devices face, none of which are considered in the existing model. Thus, by using the enhanced Fennigkoh and Smith model, our proposed approach enables the development of improved security-enhanced MEMPs, including cybersecurity risk assessments.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.3003032