Medical Device QMS Cybersecurity: Threat Modeling
Health-ISAC mention in Med Device Online: It is strongly recommended that medical device manufacturers join the Health Information Sharing and Analysis Center4 (Health-ISAC) to obtain complimentary information from additional threat intelligence sources. Since threats are constantly evolving, it is important to leverage threat intelligence sources to gain knowledge on the latest threats, learn how attackers may target your devices, and implement the appropriate actions.
Link to full article: https://www.meddeviceonline.com/doc/medical-device-qms-cybersecurity-threat-modeling-0001
Healthcare is increasingly dependent on digital services and connected medical devices, leading to an increase in cyberattacks, primarily due to the value of data that can be obtained. Regulations play a key role in defining cybersecurity requirements and adopting cybersecurity and data protection related measures. The FDA has been involved in medical device cybersecurity since the 2000s and is moving forward with its overhaul of its medical device cybersecurity expectations. In an earlier article, I provided a detailed evaluation of FDA’s latest guidance, highlighting all the areas and actions that a medical device manufacturer will need to address.1 In this article series, I will detail and expand upon on how to best “teach” your QMS cybersecurity. In Part 1, I will discuss the fundamental activity of threat modeling. Part 2 will cover how to best implement security by design in your organization. I will examine the integration of security risk management into the medical device risk management program in Part 3. Lastly, in Part 4, I will go through the steps to plan, execute, report, and act upon penetration testing and vulnerability scanning, how to interpret the results, and how to prioritize your efforts.
Please go to Med Device online to read this article:
https://www.meddeviceonline.com/doc/medical-device-qms-cybersecurity-threat-modeling-0001
- Related Resources & News
- Health-ISAC Hacking Healthcare 8-26-2024
- What is Threat Intelligence? A Comprehensive Overview
- Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
- Federal Authorities Work to Boost Health-Care Cybersecurity
- Health-ISAC Hacking Healthcare 8-9-2024
- Health-ISAC Medical Device Blog – VEX
- Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
- Health-ISAC Hacking Healthcare 8-2-2024
- Protecting Healthcare Organizations with Human-Centric Email Security
- American Hospital Association and Health-ISAC Joint Threat Bulletin