CLINICAL STRIDE: ADAPTING A THREAT MODELING FRAMEWORK FOR ENVIRONMENTS WHERE TECHNICAL VULNERABILITIES PRODUCE PHYSICAL CONSEQUENCES IN PATIENTS
DOI:
https://doi.org/10.56238/levv17n58-078Keywords:
Threat Modeling, STRIDE, Connected Medical Devices, Healthcare Cybersecurity, Patient SafetyAbstract
The increasing integration of connected medical devices in hospital environments introduces cyberattack vectors whose consequences transcend the digital domain, potentially resulting in direct physical harm to patients. Although the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) is widely adopted in software engineering for threat modeling, its direct application to clinical systems presents significant gaps, as it does not consider the causal chain between technical failures and adverse clinical outcomes. This work performs a descriptive-analytical analysis of the applicability of STRIDE to the context of connected medical devices, proposing adaptations that incorporate the patient safety dimension into the original model. This research is based on vulnerabilities documented in databases such as CVE/NVD, incidents reported in the literature, and regulatory guidelines from the FDA, ANVISA, and IEC 62443. The results demonstrate that each STRIDE category manifests itself distinctly in clinical environments, with the potential to compromise the integrity of pharmacological dosages, the availability of life support equipment, and the confidentiality of sensitive patient data. The proposed adaptation, called Clinical STRIDE, adds a layer of physical impact assessment that classifies threats according to their ability to cause injury, therapeutic delay, or death, contributing to a threat modeling more suited to the digital health ecosystem.
Downloads
References
AKRAM, R. N.; SOLOMON, M. G. Challenges of security and trust in medical cyber-physical systems. Computer Security, Cham, v. 11, n. 1, p. 82-98, jan. 2019.
ALMOHRI, H. M. J. et al. Threat modeling of a smart grid secondary substation. Electronics, Basel, v. 6, n. 4, p. 89-103, dez. 2017.
ANVISA. Instrução Normativa nº 161: Requisitos de segurança cibernética para software como dispositivo médico. Diário Oficial da União, Brasília, 2022.
BURNS, A. et al. Exploring the role of security in the medical device lifecycle. International Journal of Medical Informatics, Amsterdam, v. 119, p. 95-102, nov. 2018.
CHRISTEY, S.; BURNS, T. Securing connected biomedical assets: a hospital CBAM framework. Journal of Healthcare Engineering, London, v. 2020, p. 1-14, 2020.
CLARK, S. S.; FU, K. Recent results in computer security for medical devices. International ICST Conference on Wireless Mobile Communication and Healthcare, Berlin, p. 111-118, 2012.
COVENTRY, L.; BRANLEY, D. Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas, Amsterdam, v. 113, p. 48-52, jul. 2018.
ECRI INSTITUTE. Top 10 health technology hazards for 2019. Plymouth Meeting: ECRI Institute, 2019. 42 p.
FDA. Cybersecurity in medical devices: quality system considerations and content of premarket submissions. Silver Spring: U.S. Food and Drug Administration, 2023. 57 p.
FELDMAN, L. et al. NIST SP 1800-30: Securing telehealth remote patient monitoring ecosystem. Gaithersburg: NIST, 2020. 214 p.
HALPERIN, D. et al. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. IEEE Symposium on Security and Privacy, Oakland, p. 129-142, 2008.
JALALI, M. S. et al. Cybersecurity in hospitals: a systematic, organizational perspective. Journal of Medical Internet Research, Toronto, v. 21, n. 5, p. e13597, 2019.
JOHNSON, C. Cybersafety: cybersecurity and safety-critical software engineering. IEEE First International Workshop on Safety and Security of Intelligent Vehicles, Florence, p. 1-8, 2016.
KRAMER, D. B. et al. Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance. PLoS ONE, San Francisco, v. 7, n. 7, p. e40200, 2012.
LEVESON, N. G. Engineering a safer world: systems thinking applied to safety. Cambridge: MIT Press, 2011. 560 p.
LI, C. et al. Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. IEEE 13th International Conference on e-Health Networking, Columbia, p. 150-156, 2011.
MAHLER, T. et al. CT-GAN: malicious tampering of 3D medical imagery using deep learning. USENIX Security Symposium, Santa Clara, p. 461-478, 2019.
MANDIANT. M-Trends 2024: annual threat intelligence report. Reston: Mandiant/Google Cloud, 2024. 88 p.
MOSES, V.; KATZ, J. Toward a new CVSS: scoring cyberthreats in healthcare environments. Journal of Digital Forensics, Security and Law, Dayton, v. 12, n. 2, p. 65-81, 2017.
NIST. Lightweight cryptography standardization process: selection of ASCON. Gaithersburg: National Institute of Standards and Technology, 2023.
RIOS, B.; BUTTS, J. Security evaluation of the BD Alaris infusion system. Technical Report, QED Secure Solutions, 2015.
RUSHANAN, M. et al. SoK: security and privacy in implantable medical devices and body area networks. IEEE Symposium on Security and Privacy, San Jose, p. 524-539, 2014.
SAMETINGER, J. et al. Security challenges for medical devices. Communications of the ACM, New York, v. 58, n. 4, p. 74-82, abr. 2015.
SHOSTACK, A. Threat modeling: designing for security. Indianapolis: Wiley, 2014. 624 p.
SMART, W.; SHERIDAN, N. Lessons learned review of the WannaCry ransomware cyber attack. London: Department of Health and Social Care, 2018. 24 p.
STERN, A. D. et al. Cybersecurity features of digital medical devices: an analysis of FDA product summaries. BMJ Open, London, v. 9, n. 6, p. e025374, 2019.
WILLIAMS, P. A. H.; WOODWARD, A. J. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Medical Devices: Evidence and Research, Auckland, v. 8, p. 305-316, 2015.
