CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices

TL;DR

This paper introduces CyMed, a comprehensive cybersecurity testing framework for connected medical devices, providing concrete measures to enhance their resilience against cyber threats, addressing a critical gap in existing safety regulations.

Contribution

The paper presents CyMed, a novel cybersecurity framework specifically designed for CMDs, with practical testing procedures and expert validation to improve device security.

Findings

CyMed effectively identifies vulnerabilities in CMDs.

Expert interviews confirm the framework's practical applicability.

Practical tests demonstrate improved cybersecurity resilience.

Abstract

Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. Any malfunction could not only remove the health benefits the CMDs provide, they could also cause further harm to the patient. Due to this, there are many safety regulations which must be adhered to prior to a CMD entering the market. However, while many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. While there are recent regulations which aim to enforce cybersecurity practices, they are vague and do not contain the concrete steps necessary to implement cybersecurity. This paper aims to fill that gap by describing a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack. The CyMed framework is subsequently evaluated based on practical tests as well as expert interviews.