Skip to main content

Where threat modeling can shine - an example from the EU MDCG-2019

From the  EU MDCG 2019-16 Guidance on Cybersecurity for medical devices, December 2019, this is the guidance on foreseeable risks. 

Medical device manufacturers should ensure that a medical device is designed and manufactured in a way that ensures that the risks associated with reasonably foreseeable environmental conditions are removed or minimised. This may include the infield monitoring of the software’s vulnerabilities and the possibility to perform a device update (outside the context of a field safety corrective action) through, for example delivering patches to ensure the continued security of the device.

During the risk management process, the manufacturer should foresee or evaluate the potential exploitation of those vulnerabilities that may be a result of reasonably foreseeable misuse. This, however, may depend on the specific situation. For example, using an unsecured memory-stick to enter data into a medical IT system can be considered “reasonably foreseeable misuse”, while the input of x-ray images via a CD may be considered “intended use”. Due to the huge variety of use environments, this decision may even depend on the specific installation and use environment.

During the product security risk management process, the manufacturers need to distinguish two important areas:

 Safety risk management normally covered in the overall product risk management, and

 Security risk, which is not associated to safety.

This relates back to the process and tools for threat monitoring as the example given is a perfect fit for the type of scenario that threat modeling is able to bring forth. 

Labels:

Comments

Post a Comment

Popular posts from this blog

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test. It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph. What unit tests should we write? How do we know what to test? Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test. In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete. Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently. It should test the inputs "goes into" an...
Post a Comment
Read more

Healthcare and Health Informatics Glossary

Here is a glossary of terms useful in Healthcare and Health Informatics ACO (Accountable Care Organization) MEDICARE’s outcomes-based contracting approach Arden Syntax an approach to specifying medical knowledge and clinical decision support rules in a form that is independent of any EHR and thus sharable across hospitals ARRA (American Recovery and Reconstruction Act) the Obama administration’s 2009 economic stimulus bill Blue Button an ASCII text based standard for heath information sharing first introduced by the Veteran’s Administration to facilitate access to records stored in VistA by their patients. The newer Blue Button + format provides both human and machine readable formats. CCD (Continuity of Care Document) an XML-based patient summary based on the CDA architecture CCOW (Clinical Context Object Workshop) an HL7 standard for synchronizing and coordinating applications to automatically follow the patient, user (and other) contexts to allow the clinical u...
2 comments
Read more

It's all broken...

So, Scott Hanselman struck a chord again:  Everything's broken and nobody's upset . The worst part is I can see that I'm part of the problem on both sides . I've excused many problems with software - shrugging as I restart the software or reboot. I save my anger for those occasions where I fell I've lost serious work and substantial time. Other than that I accept problems, glitches, crashes as "the cost of doing business". I believe it's actually because I've amused myself and earned a living creating software, that I am able to accept what's often pitiable quality. I've spent time working on systems that are not much more than breadboards with wires cascading from it, where getting something, anything to work was a huge accomplishment. But that was then and this is now. No way would I put up with a car that suffers from numerous small problems as today's software can. And putting these two thoughts together, it's now frightening ...
2 comments
Read more