posted on 2014-07-10, 13:50authored byAnita Finnegan, Fergal Mc Caffery, Gerry Coleman
The recent introduction of networked medical devices has posed many benefits for both the healthcare industry and improved patient care. However, because of the complexity of these devices, in particular the advanced communication ability of these devices, security is becoming an increasing concern. This paper presents work to develop a framework to assure the security of medical devices being incorporated into an IT network. It begins by looking at the development processes and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management processes. With the inclusion of a set of specific security controls, both the Healthcare Delivery Organisations and the Medical Device Manufacturers work together to establish fundamental security requirements. The Medical Device Manufacturer reports the achieved security assurance level of their device through the development of a security assurance case. The purpose of this approach is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers and Healthcare Delivery Organisations with the aim of increasing the overall security capability of medical devices.
History
Publication
The 13th International SPICE Conference on Process Improvement and Capability dEtermination [Software Process Improvement and Capability Determination ];349, pp. 25-36
Publisher
Springer
Note
peer-reviewed
Other Funding information
SFI
Rights
The original publication is available at www.springerlink.com