A Method of Assessing Data Quality in Publicly Available Cybersecurity Data Sources for Use in Medical Device Cybersecurity Risk Management

This paper addresses the growing risk of cybersecurity threats in the healthcare industry, fueled by Healthcare 4.0 and the proliferation of connected medical devices. Existing risk methodologies primarily focus on identifying risk after a product has been designed, which poses challenges for implementing security by design early in the development lifecycle. Inadequate security measures in medical devices not only pose a risk of patient data exposure but also the potential for patient harm, including serious injury or death. The healthcare industry faces resource and expertise challenges in executing risk analysis early and ensuring that product security protects patient safety. To address these issues, this paper has sought the opinions of industry professionals to find out what are the main issues that were affecting the development of early product risk assessments and proposes a Risk Intelligence Framework that utilizes publicly available data sources to support the assessment.