Medical Device Threat Modeling Compliance
Medical devices are increasingly complex and connected systems existing in complex connected ecosystems of healthcare delivery. Standard security controls can ensure some baseline security capabilities, but they fail to address the myriad of ways that medical devices are used, interface with the healthcare ecosystem, and most important, how security risks could result in unacceptable safety issues. Instead, for several years, the Food and Drug Administration (FDA) has recognized the value of threat modeling as an approach to strengthen the cybersecurity and safety of medical devices.