Mitre and the Medical Device Innovation Consortium (MDIC) released a playbook for medical device threat modeling, designed to support healthcare organizations with the development or improvement of a systemic threat model approach to securing the enterprise device infrastructure.
The co-authored guidance aims to strengthen medical device cybersecurity across the sector using threat modeling, a method supported by the Food and Drug Administration. The FDA collaborated with Mitre and MDIC on threat modeling bootcamps for device manufacturers.
The purpose of the bootcamp series was to expand upon existing threat modeling to train the medical device through a “train-the-trainer” approach, which would result in the creation of threat modeling ambassadors for their respective organizations. The bootcamps ultimately led to the playbook’s creation.
“The threat modeling bootcamps and the first-of-its-kind playbook apply scientific methods of threat modeling, leading to safer, more resilient medical devices that improve patient lives,” said Suzanne Schwartz, M.D., director of the Office of Strategic Partnerships & Technology Innovation at the FDA’s Center for Devices and Radiological Health, in a statement.
“Every company has unique challenges when it comes to safety and security of the devices, but it’s evident that cybersecurity is a shared responsibility of a wide range of stakeholders including the patient community,” said Pamela Goldberg, MDIC president and CEO, in the release. “We need more collaborative efforts to increase awareness and scale best practices in this area.”
As discussed in several recent cybersecurity presentations and reports, medical devices are among the hardest endpoints to secure in healthcare given the breadth and scope of devices, as well as the complexity of the device ecosystem. Many providers struggle with understanding their full inventory of devices, where they exist on the network, and how they communicate.
The challenge has resulted in many providers simply balancing the risk the best they can because it’s simply not possible to monitor or patch every vulnerability on every device on the network.
At DefCon’s Biohacking Village, Samantha Jacques, vice president of clinical engineering at McLaren Health Care, explained that each needed security element is risk-ranked by prioritizing what needs to be tackled first. But even the elements that aren’t on the top of the priority list are “still an entrypoint onto the network and can completely shut down the system.”
“We struggle truly on a daily basis to decide what we’re going to focus our resources on,” Jacques explained. “We need to figure out what is the risk we’re willing to accept, and I hate to tell you, everything else falls off the table.”
The new playbook can help support some of these critical challenges, which compile the previous bootcamp series with interviews from medical device manufacturers and cybersecurity leaders that outline the current strategies and practices to implement threat modeling into the device development lifecycle.
Healthcare organizations can leverage the insights to better understand the importance of threat modeling and the positive impact it can have on overall medical device security. The guidance includes examples of threat modeling and various applications and methodologies.
The playbook can be used to educate stakeholders on the purpose and benefit of threat modeling and how it can fit into existing processes.
Mitre has been steadily working to support efforts to better safeguard medical devices and subsequently, the patients that could be impacted during a device compromise or security incident.
Previous Mitre insights include a Common Vulnerability Scoring System rubric for medical devices, along with a medical device incident preparedness and response framework for health delivery organizations. The Cloud Security Alliance (CSA) IoT Working Group also recently released its own medical device incident response playbook aimed at healthcare entities.
“MITRE is proud to once again support the FDA’s strong commitment to medical device cybersecurity and patient safety,” said Kim Warren, vice president, director, Health FFRDC, MITRE, in a statement.
“As a co-author of the Playbook for Threat Modeling Medical Devices, we applied our decades of cybersecurity expertise helping other organizations prepare to defend attacks on their infrastructure,” she added. “As medical devices increasingly connect to the internet, all private and public stakeholders must continue to prioritize device cybersecurity for patient safety.”