Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published May 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · May 1, 2025 In this episode of The Med Device Cyber Podcast, hosts Christian Espinosa and Trevor discuss the critical practice of threat modeling for medical devices. They emphasize the importance of adopting an attacker's mindset to identify potential entry points and vulnerabilities early in the development lifecycle, moving beyond traditional security approaches that often 'bolt on' security at the end. The conversation covers various entry points, including physical ports, wireless connections, sloppy coding, and supply chain vulnerabilities, highlighting the necessity of considering the device's operational environment, such as hostile hospital networks versus more secure home networks. The hosts delve into prominent threat modeling frameworks like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), explaining how each element is crucial for identifying different categories of threats, particularly information disclosure, tampering, and denial of service in medical contexts. They differentiate threat modeling from penetration testing, advocating for a white box comprehensive approach over a black box 'realistic' one, especially in medical devices where patient lives are at stake. The episode concludes by stressing the importance of continuous, iterative threat modeling throughout the product lifecycle to build inherently secure medical devices, drawing parallels to real-world security assessments.
Key Takeaways
- Threat modeling should be initiated early and conducted often in the medical device development lifecycle, ideally during the requirements phase, rather than attempting to add security as an afterthought.
- Adopting an attacker's perspective to identify all potential entry points, including physical interfaces, wireless connections, coding practices, and supply chain components, is crucial for comprehensive threat modeling.
- The operational environment of a medical device, such as a hospital network versus a home network, significantly influences the threat landscape and must be a key consideration in threat modeling.
- Frameworks like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) provide a structured approach to categorize and address potential threats, helping to identify remediation paths and build more secure products.
- In medical devices, information disclosure, tampering, and denial of service are often the most impactful threat categories due to their direct implications for patient safety and data privacy.
- A comprehensive, white box approach to penetration testing, informed by thorough threat modeling, is generally preferred for medical devices over a black box approach due to the high stakes involved with patient well-being.
- Vulnerability scans are valuable for identifying missing patches and configuration issues across a broad scope, while penetration tests offer a deeper, more accurate depiction of risk by chaining vulnerabilities to assess holistic impact.
- Security is not a one-time achievement but an ongoing process that requires continuous assessment and adaptation to evolving threats and device applications.
- Threat modeling should consider the entire 'attack tree,' identifying not just initial vulnerabilities but also subsequent actions an adversary could take and implementing layered defenses at each stage.
- Analyses of threat modeling with real-world scenarios, such as the risks in one's home environment or encounters with sharks while free diving, can help illustrate the constant need for risk assessment and preparedness.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.