Cybersecurity-Risk-Management for Medical Devices: ARGOS

In our daily business, we receive many questions about cybersecurity. Especially the complexity of the topic and identifying the right “starting-point” is challenging for manufacturers of medical devices. But this is exactly where we offer our help: we support manufacturers in extending their existing risk management with the required cybersecurity aspects, utilizing our “ARGOS” approach.

ARGOS makes it possible to efficiently implement the mandatory regulatory requirements in customized processes.

Why is cybersecurity so important for every medical device manufacturer?

Incidents such as loss of data or blackmailing by encrypting mass storage devices (ransomware) are omnipresent in the current daily press. Both by the choice of attack targets and by the scale and scope, they are a serious concern, also in the medical device field. Once an attack has been carried out with success, damage limitation – if at all – is only possible with considerable expenditure of time and money.

Dealing with Medical Devices, theft or disclosure of data (such as patient data or diagnostic information) is not the only risk. The failure of diagnostics or treatment due to cyber-attacks must also be considered!

In addition, Regulation (EU) 2017/745 (MDR) (Medical Device Regulation, MDR) mandatorily requires considerations on information security (see, among others, Annex I – Essential Safety and Performance Requirements, 17.2. and 17.4.).

As we cannot avoid being attacked, our common goal must be to defeat such attacks in advance so that they cannot succeed, even if an attack is executed.

We have established a procedure for advancing your “conventional” risk management to meet these requirements: ARGOSAdvancing Risk-management and Governance On the basis of Security.

Motivation for attackers: assets

Every product incorporates goods requiring protection: so-called “assets”. These assets can be “virtual goods” (such as patient information and treatment data) or other properties worth protecting (such as the setting of security-relevant parameters or intellectual property). In short, it is these assets that the attacker is targeting, because he wants to gain access to them. The initial step is therefore to work with you to systematically identify these assets.

Interfaces: gateways to the assets

Every product provides interfaces, connecting it to its environment. And the adversary uses these interfaces to gain access to the goods worth protecting.

Obvious for security considerations are interfaces such as data interfaces, which serve the exchange of information between devices or device parts. But other interfaces that may not be so obvious are relevant to our considerations, too, such as interfaces for interacting with the user. Therefore, once we have identified the assets, we work with you to determine the interfaces through which attacks may take place.

Interfaces
Assets

The product in its environment

Operating environment (zone)

A medical device (as any device or software) is operated in an environment (“zone”). One such zone could be the internet, where anyone can access the medical device or its interfaces at any time. An entirely different zone would be operating the device within a controlled environment, only accessible after authentication, i.e., within an access-controlled area in a hospital. The characteristics of these zones needs to be examined in detail, which we also do in dialog with you. Each environment incorporates its own threats, which we systematically identify (threat modeling).

Threats

The recognition and modeling of attack scenarios is called “Threat Modeling”. For this purpose, we use the knowledge gained so far (assets, interfaces, environment) for a targeted approach, for example based on the “STRIDE” approach.

Spoofing
Tampering
Repudiation
Information disclosure (privacy breach)
Denial of Service (D.o.S.)
Elevation of privilege

Each individual security risk is applied to each interface or asset.

Example: „Tampering“

  • Is it possible to manipulate the asset “examination report”? For example, wrong patient / incorrect diagnosis / … ?
  • Is it possible to manipulate interface XYZ? To control the product and trigger unwanted movements that lead to patient danger?
Zone
Threats
Interfaces
Assets

Advanced risk management

After threats have been identified and analyzed, action can be taken against them.

Since the threats have been systematically analyzed, risk management and option analysis (finding adequate mitigations) are efficient and targeted! The system is hardened, and it has now the ability to protect itself against attacks (“Security Capabilities”).

As with “classic” risk management, the mitigations take effect at different levels. “Cybersecurity” describes information security requirements that go far beyond “conventional” computer and network security!

Zone
Threats
Interfaces
Assets
Risk Management
Security Capabilities

Implementation

We are here to help you integrating the described advanced cybersecurity risk management into your existing risk management processes.

Together, we establish fast, simple, and user-friendly procedures, allowing you to independently examine your product not only for physical hazards in terms of operational safety, but also for weak points in information security (cybersecurity) to minimize the identified risks through adequate measures.

Because: the analysis of information security is a necessary part of the technical documentation for the approval and operation of your medical device!

Contact us. We will accompany you during the implementation and support you in all questions.