Authors
Electrical and Computer Engineering Department, King Abdulaziz University, Jeddah, Saudi Arabia
Electrical and Computer Engineering Department, King Abdulaziz University, Jeddah, Saudi Arabia
Abstract
The term “Internet of Things (IoT)” has gained significant traction in recent years due to its wide-ranging applications across various industries, including the healthcare sector. These medical devices, known as connected medical devices, offer immense benefits to patients with chronic diseases and others. However, despite their advantages, regulatory bodies responsible for issuing medical device sales and usage permits currently lack a standardized method for evaluating the security and cybersecurity resilience of these devices before granting approval.
The proposed threat modeling approach is an engineering tool that utilizes the STRIDE model to identify and categorize potential threats to connected devices, determine the mitigation techniques employed, and generate a comprehensive report. Additionally, the DREAD model is employed to assess the severity of potential threats throughout the development life cycle of the connected medical device.
This paper aims to validate the accuracy and realism of the outcomes derived from this tool and assess the ease of implementation of the proposed methodology by medical device designers and biomedical engineers who lack cybersecurity expertise.
The results of applying the proposed threat modeling approach using the STRIDE and DREAD models to an open-source connected pulse oximeter revealed a low average severity score for the connected medical device against potential cyber threats. Our approach was also compared to other threat modeling methods in terms of the number of steps, implementation complexity, and result realism. The findings demonstrat that our threat modeling approach requires the fewest steps, does not necessitate cybersecurity expertise for implementation, and produces more realistic and stable results.
Consequently, we propose that the FDA adopt and implement our proposed approach to expedite the approval process for the sale and use of these medical devices, enabling healthcare providers to leverage connected medical devices on a wider scale to combat diseases and epidemics, ultimately delivering higher quality and more effective healthcare.