Abstract
Hospital biomedical engineering teams are responsible for establishing and regulating medical equipment management programs (MEMPs); these programs ensure the safety and reliability of medical devices. Concomitant with rapid technological advancements, medical devices have been developed that are now being integrated with information and communication technology. However, with the convergence of such diverse technologies, internal and external security threats are continuously increasing. Thus, to reduce medical device security threats, important devices must be identified and prioritized. In this study, we propose a multicriteria decision-making model that prioritizes medical devices by extending the Fennigkoh and Smith model to include security threats. First, we formulate criteria for evaluating medical device functions based on the classification of the medical devices according to their unique functions, connections, and data types. Then, through threat modeling, we develop a method of identifying and evaluating security threats to these devices. We discuss establishing a safer MEMP by analyzing the attack occurrence probability (AOP) and attack success probability (ASP) of medical devices and the inherent security threats that these devices face, none of which are considered in the existing model. Thus, by using the enhanced Fennigkoh and Smith model, our proposed approach enables the development of improved security-enhanced MEMPs, including cybersecurity risk assessments.
Highlights
The unexpected nature of risks associated with the use of medical devices and equipment causes the safety of such devices and equipment to be constantly under threat; these threats can lead to physical damage or financial loss to people
In this study, we proposed a multicriteria decision-making model to prioritize medical devices based on security threats against them
The model uses analytic hierarchy process (AHP) to identify medical devices of high importance that need to be included in hospital management programs (MEMPs)
Summary
The unexpected nature of risks associated with the use of medical devices and equipment causes the safety of such devices and equipment to be constantly under threat; these threats can lead to physical damage or financial loss to people. This problem is further exacerbated by the proliferation and combination of medical devices and equipment [1]–[4]. While risk management is essential in various industries, it is important in medicine, wherein safety is of the utmost importance because medical devices are used on human patients.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have