Join our Slack Channel: https://join.slack.com/t/csaiotwg/shared_invite/zt-165s7f45j-Ob7lJp5pW64hxD~gAkND7A

CSA IoTWG / MITRE Collaboration

Focus Area: Medical Device Security Project Title: Cloud Security for Connected Medical Devices

Purpose:

(1) Host a library of attack flows that HDOs can use to model and simulate attacks impacting patient safety.

(2) Provide a set of security patterns that MDMs and CSPs/ SaaS partners can use to securely design cloud-connected medical devices, including AI/ML-based solutions.

(2) Provide HDOs with a way to objectively understand and measure the security of any given cloud-connected medical device, including AI/ML-based medical devices.

Abstract:

Medical devices are becoming reliant on cloud services that support machine learning, data storage, EHR integration, messaging, digital twins, and various other capabilities. Medical Device Manufacturers (MDMs) must design secure architectures and implement secure configurations of these cloud services in order to assure the confidentiality, integrity, and availability of patient data and the safety of patients. Failure to do so may result in degradation of service availability, tampering or manipulation of patient diagnosis or treatment plans, or compromise of protected health information (PHI).

This project will identify attack flows relevant to cloud-connected medical device architecture. Over the long-term, this may include software-as-a-medical device (SaMD), telehealth devices, and on-premise connected medical devices. Attack flows will be created based on defined use cases. Attack flows will support creation of threat models, aligned with the MITRE Threat Modeling Playbook. Identified threats will be used to determine recommended security controls to apply to the SaaS/Device and a shared responsibility model will be created that allocates control responsibility across CSP, MDM, HDO, EHR Vendor, and Patient based on the specific reference architecture.

This project will include the creation of a library of attack flows that can be used by HDOs to model /simulate attacks on devices. Attack flows will be in machine-readable format, as defined by https://ctid.mitre-engenuity.org/our-work/attack-flow/.

Additional efforts may be undertaken after identification of controls, including but not limited to:

• Definition of a comprehensive security architecture
• Creation of security as code artifacts using tools such as Terraform

Stakeholders

* Health Delivery Organizations (HDOs) * Medical Device Manufacturers (MDMs) * Electronic Health Record (EHR) providers * Cloud Security Providers (CSPs)

Goals

* Create a library of machine-readable patient-safety focused attack flows Define one or more cloud-based medical device reference architectures * Create a threat model based on defined reference architectures * Identify cyber security controls to mitigate identified threats * Assign responsibilities using a RACI format to each identified control

References:

MITRE Threat Modeling Playbook. https://www.mitre.org/publications/technical-papers/playbook-threat-modeling-medical-devices