Raso Emanuele, Nanni Francesca, Lestini Francesco, Bracciale Lorenzo, Panico Giorgia, Bianchi Giuseppe, Orengo Giancarlo, Marrocco Gaetano, Loreti Pierpaolo
Department of Electronic Engineering, University of Rome Tor Vergata, 00133 Rome, Italy.
Department of Civil Engineering and Computer Science Engineering, University of Rome Tor Vergata, 00133 Rome, Italy.
Sensors (Basel). 2025 Jul 16;25(14):4418. doi: 10.3390/s25144418.
The healthcare industry is witnessing a rapid rise in the adoption of wearable and implantable medical devices, including advanced electrochemical sensors and other smart diagnostic technologies. These devices are increasingly used to enable real-time monitoring of physiological parameters, allowing for faster diagnosis and more personalized care plans. Their growing presence reflects a broader shift toward smart connected healthcare systems aimed at delivering immediate and actionable insights to both patients and medical professionals. At the same time, the healthcare industry is increasingly targeted by cyberattacks, primarily due to the high value of medical information; in addition, the growing integration of ICT technologies into medical devices has introduced new vulnerabilities that were previously absent in this sector. To mitigate these risks, new international guidelines advocate the adoption of best practices for secure software development, emphasizing a approach in the design and implementation of such devices. However, the vast and fragmented nature of the information required to effectively support these development processes poses a challenge for the numerous stakeholders involved. In this paper, we demonstrate how key features of the Malware Information Sharing Platform (MISP) can be leveraged to systematically collect and structure vulnerability-related information for medical devices. We propose tailored structures, objects, and taxonomies specific to medical devices, facilitating a standardized data representation that enhances the security-by-design development of these devices.
医疗保健行业正在见证可穿戴和植入式医疗设备的采用率迅速上升,包括先进的电化学传感器和其他智能诊断技术。这些设备越来越多地用于实现生理参数的实时监测,从而实现更快的诊断和更个性化的护理计划。它们的日益普及反映了向智能互联医疗系统的更广泛转变,旨在为患者和医疗专业人员提供即时且可操作的见解。与此同时,医疗保健行业越来越成为网络攻击的目标,主要是因为医疗信息的高价值;此外,信息通信技术(ICT)技术越来越多地融入医疗设备,带来了该领域以前不存在的新漏洞。为了降低这些风险,新的国际准则提倡采用安全软件开发的最佳实践,强调在此类设备的设计和实施中采用一种方法。然而,有效支持这些开发过程所需信息的庞大和分散性质给众多相关利益者带来了挑战。在本文中,我们展示了如何利用恶意软件信息共享平台(MISP)的关键特性来系统地收集和整理与医疗设备漏洞相关的信息。我们提出了针对医疗设备的定制结构、对象和分类法,促进标准化的数据表示,从而增强这些设备的设计安全性开发。
