A Quantitative Risk Assessment Framework for the Cybersecurity of Networked Medical Devices

Maureen Van Devender, J. McDonald
{"title":"A Quantitative Risk Assessment Framework for the Cybersecurity of Networked Medical Devices","authors":"Maureen Van Devender, J. McDonald","doi":"10.34190/iccws.18.1.986","DOIUrl":null,"url":null,"abstract":"Medical devices are increasingly the source of cybersecurity exposure in healthcare organizations. Research and media reports demonstrate that the exploitation of cybersecurity vulnerabilities can have significant adverse impacts ranging from the exposure of sensitive and personally identifiable patient information to compromising the integrity and availability of clinical care. The results can include identity theft and negative health consequences, including loss of life. Assessing the risk posed by medical devices can provide healthcare organizations with information to prioritize mitigation efforts. However, producing accurate risk assessments in environments with both sparse historical data and a lack of validation regarding the accuracy of forecasts is particularly challenging. \nWe present a risk assessment framework for quantifying the risk posed by connected medical devices in trusted healthcare networks. Our framework is built upon prominent existing frameworks and guidance for general risk assessment and cybersecurity risk assessment. We add a method for quantifying risk, which to our knowledge is novel in the context of medical devices on trusted networks. The framework provides a structure for combining publicly available information along with expert elicitation about threats, vulnerabilities, and consequences. The goal is to provide healthcare organizations with actionable information for prioritizing and mitigating risks in medical devices.","PeriodicalId":429427,"journal":{"name":"International Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/iccws.18.1.986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Medical devices are increasingly the source of cybersecurity exposure in healthcare organizations. Research and media reports demonstrate that the exploitation of cybersecurity vulnerabilities can have significant adverse impacts ranging from the exposure of sensitive and personally identifiable patient information to compromising the integrity and availability of clinical care. The results can include identity theft and negative health consequences, including loss of life. Assessing the risk posed by medical devices can provide healthcare organizations with information to prioritize mitigation efforts. However, producing accurate risk assessments in environments with both sparse historical data and a lack of validation regarding the accuracy of forecasts is particularly challenging. We present a risk assessment framework for quantifying the risk posed by connected medical devices in trusted healthcare networks. Our framework is built upon prominent existing frameworks and guidance for general risk assessment and cybersecurity risk assessment. We add a method for quantifying risk, which to our knowledge is novel in the context of medical devices on trusted networks. The framework provides a structure for combining publicly available information along with expert elicitation about threats, vulnerabilities, and consequences. The goal is to provide healthcare organizations with actionable information for prioritizing and mitigating risks in medical devices.
网络化医疗设备网络安全的定量风险评估框架
医疗设备日益成为医疗机构网络安全风险的来源。研究和媒体报道表明,利用网络安全漏洞可能会产生重大的不利影响,从暴露敏感和个人身份的患者信息到损害临床护理的完整性和可用性。其结果可能包括身份盗窃和负面的健康后果,包括生命损失。评估医疗设备带来的风险可以为医疗保健组织提供信息,以便优先考虑缓解工作。然而,在历史数据稀少且缺乏预测准确性验证的环境中进行准确的风险评估尤其具有挑战性。我们提出了一个风险评估框架,用于量化可信医疗网络中连接医疗设备所带来的风险。我们的框架是建立在一般风险评估和网络安全风险评估的重要现有框架和指导之上的。我们增加了一种量化风险的方法,据我们所知,这在可信网络上的医疗设备环境中是新颖的。该框架提供了一个结构,用于将公开可用的信息与有关威胁、漏洞和后果的专家启发结合起来。目标是为医疗保健组织提供可操作的信息,以确定医疗设备的优先级并降低风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信