TGFR Consulting LLC The FDA Guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices has triggered an increased interest in cybersecurity for medical devices . This guidance from the FDA details the key elements for protecting the medical device. These elements form a hierarchy as
- Asset – anything that has value to an individual or an organization
- Threats – Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm
- Vulnerability – A weakness in the design, implementation, operation or internal control of the system that could expose the system to adverse threats
The following summarizes cybersecurity design for a medical device
Cybersecurity Assets and Vulnerabilities
“The design of the medical device seeks to eliminate vulnerabilities that would expose key assets to threats”
As simple as this sounds, many people struggle turning this simple concept into an actionable process.
The first step in the process identifies the assets of the device. For a standard medical device the following are the key assets
- Executable Software Images
- Configuration parameters controlling delivery of the therapy
- User preference parameters controlling how the user interacts with the device.
- Protected health care information
Other assets, such as databases of information and other elements of large IT systems usually don’t apply to a simple medical device.
Identification of vulnerabilities starts by considering what could happen to the asset. Corruption of the software executable images leads to device failure. Replacement of the software executable images with malicious software can result in patient death.
Threats
After the identifying the vulnerabilities, threats can be determined. Threats need the following:
- An actor – this is usually an individual that intends to attack the asset
- An asset – the asset under attack
- A threat vector – the path or route used by the actor to attack the asset
- the vulnerability
Let’s analyze the following
“A malicious actor downloads modified executable images to the device”
| Element | Description |
| Actor | A malicious individual |
| Asset | The executable images for the device |
| Threat Vector | Download of unauthorized image |
| Vulnerability | The device accepts and installs an executable image from an unauthorized source |
Controlling Threats
Most often the protection of an asset should address the vulnerability. In this example, the optimum control may be to have the system only accept signed and encrypted software images, eliminating the vulnerability. The following table shows controls for protecting the assets of a medical device
| Software executable images | The device will only install properly signed executable images |
| Configuration parameters | The device range checks all parameters to ensure the parameters are consistent with proper operation |
| Preference Parameters | The device range checks all parameters to ensure the parameters are consistent with proper operation |
| Protected Health Care information | All health care information transferred from the machine is encrypted |