Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry-Reference-Cited by-同舟云学术

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

Published:2023-03-16 Issue:6 Volume:11 Page:872
ISSN:2227-9032
Container-title:Healthcare
language:en
Short-container-title:Healthcare

Author:

Puder Andreas¹^ORCID,Henle Jacqueline²^ORCID,Sax Eric³

Affiliation:

1. Embedded Systems, Getinge AB, 76437 Rastatt, Germany

2. Embedded Systems and Sensors Engineering (ESS), FZI Research Center for Information Technology, 10117 Berlin, Germany

3. Institute for Information Processing Technologies (ITIV), Karlsruhe Institute of Technology (KIT), 76131 Karlsruhe, Germany

Abstract

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table).

Funder

KIT-Publication Fund of the Karlsruhe Institute of Technology

Publisher

MDPI AG

Subject

Health Information Management,Health Informatics,Health Policy,Leadership and Management

Link

https://www.mdpi.com/2227-9032/11/6/872/pdf

Reference99 articles.

1. Anisetti, M., Ardagna, C., Cremonini, M., Damiani, E., Sessa, J., and Costa, L. (2022, October 01). Security Threat Landscape. Available online: https://sesar.di.unimi.it/security-threat-landscape/.

2. US Department of Health and Human Services (2008). The HIPAA Privacy Rule.

3. Cybersecurity and the Medical Device Product Development Lifecycle;Jones;Inform. Empower. Healthc. Transform.,2017

4. Cybersecurity in Hospitals: An Evaluation Model;Ahmed;J. Cybersecur. Priv.,2022

5. Cybersecurity in Hospitals: A Systematic, Organizational Perspective;Jalali;J. Med. Internet Res.,2018

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Survey of Internet of Things and Cyber-Physical Systems: Standards, Algorithms, Applications, Security, Challenges, and Future Directions;Information;2023-07-08

2. Concept for an Approval-Focused Over-The-Air Update Development Process;SAE Technical Paper Series;2023-06-26