{"id":576,"date":"2020-05-25T19:53:32","date_gmt":"2020-05-25T19:53:32","guid":{"rendered":"http:\/\/www.tgfrconsulting.com\/blog\/?p=576"},"modified":"2024-01-20T22:25:29","modified_gmt":"2024-01-20T22:25:29","slug":"basic-cybersecurity-for-medical-devices","status":"publish","type":"post","link":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/","title":{"rendered":"Basic Cybersecurity For Medical Devices"},"content":{"rendered":"<div class=\"entry\">\n\n\n<p>The FDA <a href=\"https:\/\/www.fda.gov\/media\/119933\/download\">Guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices<\/a> has triggered an increased interest in cybersecurity for medical devices . This guidance from the FDA details the key elements for protecting the medical device. These elements form a hierarchy as <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Asset  &#8211; anything that has value to an individual or an organization<\/li><li>Threats &#8211; Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm<\/li><li>Vulnerability &#8211; A weakness in the design, implementation, operation or internal control of the system that could expose the system to adverse threats<\/li><\/ul>\n\n\n\n<p>The following summarizes cybersecurity design for a medical device<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cybersecurity Assets and Vulnerabilities<\/h3>\n\n\n\n<p><em>&#8220;The design of the medical device seeks to eliminate vulnerabilities that would expose key assets to threats&#8221;<\/em><\/p>\n\n\n\n<p>As simple as this sounds,  many people struggle turning this simple concept into an actionable process.  <\/p>\n\n\n\n<p>The first step in the process identifies the assets of the device.  For a standard medical device the following are the key assets<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Executable Software Images<\/li><li>Configuration parameters controlling delivery of the therapy<\/li><li>User preference parameters controlling how the user interacts with the device.<\/li><li> Protected health care information<\/li><\/ul>\n\n\n\n<p> Other assets, such as databases of information and other elements of large IT systems usually don&#8217;t apply to a simple medical device.<\/p>\n\n\n\n<p>Identification of vulnerabilities starts by considering what could happen to the asset.  Corruption of the software executable images leads to device failure.  Replacement of the software executable images with malicious software can result in patient death.  <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Threats<\/h3>\n\n\n\n<p>After the identifying the vulnerabilities, threats can be determined.  Threats need the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An actor &#8211; this is usually an individual that intends to attack the asset<\/li><li>An asset &#8211; the asset under attack <\/li><li>A threat vector &#8211; the path or route used by the actor to attack the asset<\/li><li>the vulnerability<\/li><\/ul>\n\n\n\n<p>Let&#8217;s analyze the following <\/p>\n\n\n\n<p><em>&#8220;A malicious actor downloads modified executable images to the device&#8221;<\/em><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td>Element<\/td><td>Description<\/td><\/tr><tr><td>Actor<\/td><td>A malicious individual<\/td><\/tr><tr><td>Asset<\/td><td>The executable images for the device<\/td><\/tr><tr><td>Threat Vector<\/td><td>Download of unauthorized image<\/td><\/tr><tr><td>Vulnerability<\/td><td>The device accepts and installs an executable image from an unauthorized source<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Controlling Threats<\/h3>\n\n\n\n<p>Most often the protection of an asset should address the vulnerability. In this example, the optimum control may be to have the system only accept signed and encrypted software images, eliminating the vulnerability.   The following table shows controls for protecting the assets of a medical device<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td>Software executable images<\/td><td>The device will only install properly signed executable images<\/td><\/tr><tr><td>Configuration parameters<\/td><td>The device range checks all parameters to ensure the parameters are consistent with proper operation<\/td><\/tr><tr><td>Preference Parameters<\/td><td>The device range checks all parameters to ensure the parameters are consistent with proper operation<\/td><\/tr><tr><td>Protected Health Care information<\/td><td>All health care information transferred from the machine is encrypted<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The FDA Guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices has triggered an increased interest in cybersecurity for medical devices . This guidance from the FDA details the key elements for protecting the medical device. These elements form a hierarchy as Asset &#8211; anything that has value to an individual or &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61,6,1],"tags":[],"class_list":{"0":"post-576","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-archived","7":"category-product-design-and-development","8":"category-uncategorized","9":"anons"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC<\/title>\n<meta name=\"description\" content=\"Basic Cybersecurity For Medical Devices Uncategorized\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC\" \/>\n<meta property=\"og:description\" content=\"Basic Cybersecurity For Medical Devices Uncategorized\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"TGFR Consulting LLC\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-25T19:53:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-20T22:25:29+00:00\" \/>\n<meta name=\"author\" content=\"Timothy Robinson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Timothy Robinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\"},\"author\":{\"name\":\"Timothy Robinson\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/5e055d3bb1c73babd5af6a3d1f31ca05\"},\"headline\":\"Basic Cybersecurity For Medical Devices\",\"datePublished\":\"2020-05-25T19:53:32+00:00\",\"dateModified\":\"2024-01-20T22:25:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\"},\"wordCount\":469,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#organization\"},\"articleSection\":[\"Archive\",\"Product Design and Development\"],\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\",\"url\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\",\"name\":\"Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC\",\"isPartOf\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#website\"},\"datePublished\":\"2020-05-25T19:53:32+00:00\",\"dateModified\":\"2024-01-20T22:25:29+00:00\",\"description\":\"Basic Cybersecurity For Medical Devices Uncategorized\",\"breadcrumb\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tgfrconsulting.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Basic Cybersecurity For Medical Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#website\",\"url\":\"https:\/\/www.tgfrconsulting.com\/blog\/\",\"name\":\"TGFR Consulting LLC\",\"description\":\"Transforming Medical Device Development\",\"publisher\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tgfrconsulting.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#organization\",\"name\":\"TGFR Consulting LLC\",\"url\":\"https:\/\/www.tgfrconsulting.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.tgfrconsulting.com\/blog\/wp-content\/uploads\/2024\/11\/TGFR_Consulting.png\",\"contentUrl\":\"https:\/\/www.tgfrconsulting.com\/blog\/wp-content\/uploads\/2024\/11\/TGFR_Consulting.png\",\"width\":183,\"height\":103,\"caption\":\"TGFR Consulting LLC\"},\"image\":{\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.linkedin.com\/in\/tgfrobinson\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/5e055d3bb1c73babd5af6a3d1f31ca05\",\"name\":\"Timothy Robinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2e6854b703a237c3223c1fd92e8893bac38db9bc8f19904ee165380c5e180b2c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2e6854b703a237c3223c1fd92e8893bac38db9bc8f19904ee165380c5e180b2c?s=96&d=mm&r=g\",\"caption\":\"Timothy Robinson\"},\"description\":\"With over 30 years of medical device experience, Tim leverages his knowledge to guide people through the process of successful product development\",\"sameAs\":[\"https:\/\/tgfrconsulting.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC","description":"Basic Cybersecurity For Medical Devices Uncategorized","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/","og_locale":"en_US","og_type":"article","og_title":"Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC","og_description":"Basic Cybersecurity For Medical Devices Uncategorized","og_url":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/","og_site_name":"TGFR Consulting LLC","article_published_time":"2020-05-25T19:53:32+00:00","article_modified_time":"2024-01-20T22:25:29+00:00","author":"Timothy Robinson","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Timothy Robinson","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#article","isPartOf":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/"},"author":{"name":"Timothy Robinson","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/5e055d3bb1c73babd5af6a3d1f31ca05"},"headline":"Basic Cybersecurity For Medical Devices","datePublished":"2020-05-25T19:53:32+00:00","dateModified":"2024-01-20T22:25:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/"},"wordCount":469,"commentCount":0,"publisher":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/#organization"},"articleSection":["Archive","Product Design and Development"],"inLanguage":"en","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/","url":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/","name":"Basic Cybersecurity For Medical Devices - TGFR Consulting LLC TGFR Consulting LLC","isPartOf":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/#website"},"datePublished":"2020-05-25T19:53:32+00:00","dateModified":"2024-01-20T22:25:29+00:00","description":"Basic Cybersecurity For Medical Devices Uncategorized","breadcrumb":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.tgfrconsulting.com\/blog\/uncategorized\/basic-cybersecurity-for-medical-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tgfrconsulting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Basic Cybersecurity For Medical Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#website","url":"https:\/\/www.tgfrconsulting.com\/blog\/","name":"TGFR Consulting LLC","description":"Transforming Medical Device Development","publisher":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tgfrconsulting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Organization","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#organization","name":"TGFR Consulting LLC","url":"https:\/\/www.tgfrconsulting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.tgfrconsulting.com\/blog\/wp-content\/uploads\/2024\/11\/TGFR_Consulting.png","contentUrl":"https:\/\/www.tgfrconsulting.com\/blog\/wp-content\/uploads\/2024\/11\/TGFR_Consulting.png","width":183,"height":103,"caption":"TGFR Consulting LLC"},"image":{"@id":"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.linkedin.com\/in\/tgfrobinson"]},{"@type":"Person","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/5e055d3bb1c73babd5af6a3d1f31ca05","name":"Timothy Robinson","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/www.tgfrconsulting.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2e6854b703a237c3223c1fd92e8893bac38db9bc8f19904ee165380c5e180b2c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2e6854b703a237c3223c1fd92e8893bac38db9bc8f19904ee165380c5e180b2c?s=96&d=mm&r=g","caption":"Timothy Robinson"},"description":"With over 30 years of medical device experience, Tim leverages his knowledge to guide people through the process of successful product development","sameAs":["https:\/\/tgfrconsulting.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/posts\/576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/comments?post=576"}],"version-history":[{"count":5,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/posts\/576\/revisions"}],"predecessor-version":[{"id":581,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/posts\/576\/revisions\/581"}],"wp:attachment":[{"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/media?parent=576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/categories?post=576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tgfrconsulting.com\/blog\/wp-json\/wp\/v2\/tags?post=576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}