Cybersecurity is a growing concern to patients and manufacturers of medical devices. If you are medical device manufacturer with cybersecurity concerns and want to make your medical device more secure, you should consider cybersecurity as part of your risk management.
If you don’t already have an approach that works for you, consider using the ‘RUBRIC FOR APPLYING CVSS [Common Vulnerability Scoring System] TO MEDICAL DEVICES’ published by the MITRE Corporation. You can use this rubric to identify vulnerabilities and their urgency and use this as input into your risk management.
As an added bonus, this tool has been qualified under the Medical Device Development Tools (MDDT) program. Even though the rubric was qualified for post-market vulnerability disclosures, the tool could still be useful during development to avoid any potential problems in advance.
https://www.mitre.org/publications/technical-papers/rubric-for-applying-cvss-to-medical-devices
