2022/9/28

A Cyber-Security Risk Assessment Methodology for Medical Imaging Devices: the Radiologists’ Perspective

Tom Mahler, Erez Shalom, Arnon Makori, Yuval Elovici, Yuval Shahar

Journal of Digital Imaging 35 (3), 666-677, 2022

Medical imaging devices (MIDs) are exposed to cyber-security threats. Currently, a comprehensive, efficient methodology dedicated to MID cyber-security risk assessment is lacking. We propose the Threat identification, ontology-based Likelihood, severity Decomposition, and Risk assessment (TLDR) methodology and demonstrate its feasibility and consistency with existing methodologies, while being more efficient, providing details regarding the severity components, and supporting organizational prioritization and customization. Using our methodology, the impact of 23 MIDs attacks (that were previously identified) was decomposed into six severity aspects. Four Radiology Medical Experts (RMEs) were asked to assess these six aspects for each attack. The TLDR methodology’s external consistency was demonstrated by calculating paired T-tests between TLDR severity assessments and those of existing …