ThreatModeling Medical Devices
Use-cases, research, tips & much more !
- 3 Topics
- 8 Replies
Startling statistics from the Office for Civil Rights (OCR) reveal that in the first half of 2023, the healthcare sector endured no less than 295 breaches, casting a long shadow over the data security landscape. These breaches compromised the personal information of over 39 million individuals. What's even more concerning is the financial toll on healthcare organizations, as each breach incurred an average cost of $10.1 million in 2022. This represents a substantial 9.4% increase from the previous year, significantly higher than any other sector's data breach expenses. Healthcare data breaches are the unauthorized access, use, disclosure, disruption, modification, or destruction of protected health information (PHI). PHI is any information that can be used to identify an individual and that relates to their past, present, or future physical or mental health condition, the provision of health care to them, or the payment for their health care. Healthcare data breaches can happen in a nu
There comes a time when you need to see a specialist Doctor for certain rare conditions. The problem with these specialists is there are too many patients and too few doctors. Some companies who own robotic surgical tools are beginning to train these doctors to use their robotic tools to aid in surgery. A certain number of companies are training doctors to do remote surgery with the robot. Doctors who are on the other side of the country can do a procedure through a robot remotely. This can come with its own risks certainly (connectivity issues, DDOS, spoofing the signals) But would you take the chance? Or would you rather wait 6 months to see a specialist. This could easily become the future of medicine.
Ever since “smart” medical devices have come out, there have been a great deal of vulnerabilities affecting them. Whether it is due to connection through IoT devices, or to the existence of multiple operating systems communicating with each other, medical devices are inherently insecure. Only recently has the FDA begun requiring medical device manufacturers to threat model their devices as a comprehensive check to see where the vulnerabilities and weaknesses can arise inside the architecture. ThreatModeler was recently at an event held by Health Information Analysis Sharing Center (H-ISAC) and met with dozens of CISOs & CISSPs of various health care companies. It was shocking to learn that the majority of these high-ranking cybersecurity officials did not really understand what threat modeling is! Even though the FDA has made it mandatory for these manufacturers to use threat modeling to increase device security, it is bewildering that most of them have brushed this mandate under t
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.