Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts

Samuel Senior; Laura Carmichael; Steve Taylor; Mike Surridge; Xavier Vilalta

doi:10.5220/0013166900003899

Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts

Samuel Senior, Laura Carmichael, Steve Taylor, Mike Surridge, Xavier Vilalta

2025

Abstract

The use of connected medical and in vitro diagnostic devices (CMD&IVD) as part of individual care and self-care practices is growing. Significant attention is needed to ensure that CMD&IVD remain safe and secure throughout their lifecycles — as if a cybersecurity incident were to occur involving these devices, it is possible that in some cases harm may be brought to the person using them. For the effective safety management of these devices, risk assessment is needed that covers both the cybersecurity and patient safety domains. To this end, we present knowledge modelling of indirect patient harms (e.g., misdiagnosis, delayed treatment etc.) resulting from cybersecurity compromises, along with a methodology for encoding these into a previously developed automated cybersecurity risk assessment tool, to begin to bridge the gap between automated risk assessment related to cybersecurity and patient safety.

Download

Paper Citation

in Harvard Style

Senior S., Carmichael L., Taylor S., Surridge M. and Vilalta X. (2025). Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 263-274. DOI: 10.5220/0013166900003899

in Bibtex Style

@conference{icissp25,
author={Samuel Senior and Laura Carmichael and Steve Taylor and Mike Surridge and Xavier Vilalta},
title={Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={263-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013166900003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts
SN - 978-989-758-735-1
AU - Senior S.
AU - Carmichael L.
AU - Taylor S.
AU - Surridge M.
AU - Vilalta X.
PY - 2025
SP - 263
EP - 274
DO - 10.5220/0013166900003899
PB - SciTePress