Management of the Security Issues of the Medical and Rehabilitation Devices
摘要
In the modern world, security and cybersecurity play an important role, both for medical devices and for the software of these devices. The purpose of this work is to develop a model for the qualitative and quantitative assessment of the risk of security issues of medical devices and rehabilitation devices. Fuzzy logic was applied to avoid problems with unavailable data regarding security issues and unknown exact values of frequency of occurrence of the basic events. Two Fuzzy Fault Trees (FFTs) were developed for digital security issues and the for operational security issues. They included 19 identified basic events. The developed fuzzy risk assessment system dedicated for the security issues of the medical and rehabilitation devices is able to perform fuzzification process (by developing membership functions for specialists assessing risks), draw Fuzzy Fault Tree structures, compute fuzzy risks for basic events, draw distribution of the fuzzy risk of the top event occurrence, perform defuzzification, and compute crisp risk of top event occurrence. The practical application of the proposed FFTs was shown in the examples of two medical devices. The proposed approach is helpful for IT professionals, medical and rehabilitation device manufacturers, medical physicists, and network vendors.