Applying a Refined Approach to Cybersecurity Risk Assessments to the GE MAC VU360

An effective medical device cybersecurity management plan is built upon having an effective and thorough risk management process. Protecting medical devices and the information they store begins by understanding the potential risks that may affect the device and the impact those risks may have on patient safety, treatment care delivery, and the organization's business objectives. Risks to medical devices must be identified, analyzed, evaluated, controlled, and then monitored so that the devices are secure and reside in a protected environment. The first 3 of these risk management elements comprise what is known as a risk assessment. Here, available information is used to identify hazards and estimate their risk. These estimations are compared with documented risk criteria to evaluate the acceptability of each risk. The overarching goal of risk assessment is to gather all the information necessary to measure the applicable cybersecurity risks to a specific type or class of medical devices and then use a risk scoring matrix to prioritize risks with high severity and exploitability. Risks with a higher score are then addressed first to establish a risk mitigation plan to control the risk to an acceptable level.
Source: Journal of Clinical Engineering - Category: Medical Devices Tags: FEATURE ARTICLES Source Type: research