It is intended to serve as a resource for developing or evolving a threat modeling practice. The “Playbook for Threat Modeling Medical Devices” provides a foundation that can inform an organization’s threat modeling practices. To increase knowledge and understanding of threat modeling throughout the medical device ecosystem, FDA engaged with MITRE, the Medical Device Innovation Consortium (MDIC), and Adam Shostack to conduct a series of threat modeling bootcamps and develop a playbook based on the learnings from those bootcamps. Instead, for several years, the Food and Drug Administration (FDA) has recognized the value of threat modeling as an approach to strengthen the cybersecurity and safety of medical devices.
Standard security controls can ensure some baseline security capabilities, but they fail to address the myriad of ways that medical devices are used, interface with the healthcare ecosystem, and most important, how security risks could result in unacceptable safety issues. Medical devices are increasingly complex and connected systems existing in complex connected ecosystems of healthcare delivery.
