Skip to main content

Part of Guidance on protecting connected medical devices

Step 2. Create a mitigation plan

Previous Chapter

Step 1. Identify connected medical devices

Current Chapter

Current chapter – Step 2. Create a mitigation plan

View all

Next Chapter

Step 3. Apply mitigations to reduce the likelihood of compromise

Weaknesses that are found in medical devices could potentially remain for the whole time the device is in operation if there are restrictions on patching or the installation of upgrades. These weaknesses or vulnerabilities can be quite significant and expose the device to attacks by relatively low skilled cyber criminals. However, there are two types of mitigations that can be used to reduce the risk:

  • reduce the likelihood of compromise by preventing the devices from accessing untrusted content (effectively making it hard for malicious content to reach the device and exploit it)
  • reduce the impact of compromise by preventing access to sensitive data or services from vulnerable devices (so even if the devices are compromised, the damage will be minimised)

An effective mitigation plan will require a combination of these 2 approaches.

Last edited: 5 October 2022 5:17 pm

Previous Chapter

Step 1. Identify connected medical devices

Next Chapter

Step 3. Apply mitigations to reduce the likelihood of compromise

Chapters

  1. Guidance on protecting connected medical devices
  2. Step 1. Identify connected medical devices
  3. Step 2. Create a mitigation plan
  4. Step 3. Apply mitigations to reduce the likelihood of compromise
  5. Step 4. Apply mitigations to reduce the impact of compromise
  6. Step 5. Understand third party connections
  7. Step 6. Periodically review your estate
  8. Step 7. Have a decommissioning/replacement plan