Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. \ \ Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.

How Can Software SMEs Become Medical Device

The amount of software content within medical devices has grown considerably over recent years and will continue to do so as the level of complexity of medical devices increase. This is driven by the fact that software is introduced to produce sophisticated medical devices that would not be possible using only hardware. This therefore presents opportunities for software development SMEs to become medical device software development organisations. However, some obstacles need to be addressed and overcome in order to make the transition from being a generic software development organisation to becoming a medical device software development organisation. This paper describes these obstacles and how research that is currently being performed within the Regulated Software Research Group in Dundalk Institute of Technology may be used to assist with this transitio

A Model-Based Approach to Comprehensive Risk Management for Medical Devices

The European medical technology industry consists of around 27,000 companies, more than 95% of them small and medium-sized enterprises (SMEs), with over 675,000 employees [MEDT17]. In the European Union (EU) alone, medical devices constituted by far the biggest part of the medical technology (MedTech) sector with a market of 95 billion euros in annual sales in 2015 [EURO15].The European medical technology industry consists of around 27,000 companies, more than 95% of them small and medium-sized enterprises (SMEs), with over 675,000 employees [MEDT17]. In the European Union (EU) alone, medical devices constituted by far the biggest part of the medical technology (MedTech) sector with a market of 95 billion euros in annual sales in 2015 [EURO15]

A Risk Management Capability Model for use in Medical Device Companies

Medical device software is a risky business. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. It is therefore no surprise that regulators throughout the world are penalising medical device manufacturers that do not demonstrate that sufficient attention is devoted to the areas of hazard analysis and risk management (RM) throughout the software lifecycle. If a medical device company fails to comply with the regulations of a given country, in effect they surrender their legal right to market their device in that country. With so much at stake, it is in everybody’s best interest that the medical device manufacturer gets it right. However, with so many different standards, regulatory guidance papers and industry guides on RM, the task of collating this information into a usable model is itself daunting. This paper seeks to extract the important concepts from a number of industry accepted standards and guides, and present them as a generic usable model for the medical device software industry