Blue Goat CyberSMMedical Device Cybersecurity
    K
    All infographics
    Threat modeling

    STRIDE Applied to a Connected Medical Device

    Six STRIDE threat categories mapped onto the real attack surfaces of a connected device — firmware, BLE, mobile app, cloud, and clinician console.

    Last reviewed 2026-06-10

    What the diagram shows

    S — Spoofing

    Identity attacks: BLE pairing without authentication, cloned mobile app sessions, spoofed clinician console logins. Mitigations: mutual TLS, hardware-rooted device identity, MFA.

    T — Tampering

    Firmware modification, MITM on the radio link, mobile binary patching, database manipulation in the cloud. Mitigations: secure boot, signed updates, code signing, integrity checks.

    R — Repudiation

    Actions performed without audit trail — dose changes, configuration edits, clinician overrides. Mitigations: append-only audit log, non-repudiable signing, time-synced events.

    I — Information disclosure

    PHI leakage from BLE advertisements, mobile log files, cloud backups, or clinician UI. Mitigations: encryption at rest and in transit, minimal data on device, redacted logs.

    D — Denial of service

    RF jamming, battery-drain attacks, cloud API flood, clinician console lockout. Mitigations: graceful degradation, rate-limiting, offline-safe device behavior, redundancy.

    E — Elevation of privilege

    Unprivileged process gaining root on firmware, mobile app gaining device-admin scope, cloud user escalating to clinician role. Mitigations: least privilege, role separation, sandboxing.

    Embed this diagram

    Use this on your blog, internal wiki, or training deck. We only ask that the credit line and link back stay intact.

    <!-- STRIDE Applied to a Connected Medical Device — Blue Goat Cyber -->
<figure>
  <a href="https://bluegoatcyber.com/resources/infographics/stride-connected-device">
    <img src="https://bluegoatcyber.com/resources/infographics/stride-connected-device.svg" alt="Schematic of a connected medical device showing where each STRIDE threat category (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) applies across firmware, radio, mobile, cloud, and clinician console layers." loading="lazy" />
  </a>
  <figcaption>
    <a href="https://bluegoatcyber.com/resources/infographics/stride-connected-device">STRIDE Applied to a Connected Medical Device</a> by
    <a href="https://bluegoatcyber.com">Blue Goat Cyber</a>
  </figcaption>
</figure>

    Related reading

    tagged · Threat Modeling · Risk · FDA

    In-depth guides

    STRIDE Threat Modeling for Medical Devices: Definitive Guide

    Apply STRIDE to medical devices: per-category threat tables, FDA-grade DFD process, mapping to AAMI TIR57 and ISO 14971, and STRIDE vs PASTA/LINDDUN.

    Patient-Safety-First Threat Modeling Guide

    Patient-Safety Threat Modeling Worksheet A right-sized STRIDE pass that maps cybersecurity threats to ISO 14971 hazards.

    12 Critical Threat Modeling Gaps in Medical Device Submissions

    A practical, ungated guide to the threat modeling gaps that trigger FDA cybersecurity questions in 510(k), De Novo, and PMA submissions - and exactly how to close them before reviewers find them.

    Right-Sized Threat Modeling for MedTech

    250+ 0 6–10 wk FDA submissions supported Cybersecurity rejections Class II eSTAR cyber pack SINCE 2014 TRACK RECORD TYPICAL TIMELINE

    From the blog

    Where this fits

    Threat Modeling hubThreat modeling serviceSTRIDE vs DREAD vs PASTA

    More infographics

    See all

    FDA Premarket Cybersecurity Submission Flow

    Anatomy of an FDA-Ready SBOM

    FDA Deficiency Letter Response Decision Tree

    The SPDF Lifecycle: Premarket to Postmarket

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.