Dies ist eine Übersichtsseite mit Metadaten zu dieser wissenschaftlichen Arbeit. Der vollständige Artikel ist beim Verlag verfügbar.
Systematic Evaluation of Manufacturer Disclosure Statements for Medical Device Security (MDS2) to Strengthen Hospital OT Security Measures – Lessons Learned
0
Zitationen
3
Autoren
2025
Jahr
Abstract
INTRODUCTION: The growing number of connected medical devices in hospitals poses serious operational technology (OT) security challenges. Effective countermeasures require a structured analysis of the communication interfaces and security configurations of individual devices. STATE OF THE ART: Although Manufacturer Disclosure Statements for Medical Device Security (MDS2, Version 2019) offer relevant information, they are rarely integrated into cybersecurity workflows. Existing studies are limited in scope and lack scalable methodologies for systematic evaluation. CONCEPT: This study analyzed 209 MDS2 documents and 161 security white papers to extract structured information on ports, protocols, and protective measures. Over 52,000 question-answer pairs were converted into a machine-readable format using customized parsing and validation routines. The aim was to establish whether this dataset could inform risk assessments and future applications involving Large Language Models (LLMs). IMPLEMENTATION: The analysis revealed 367 distinct ports, including common protocols such as HTTPS (443), DICOM (104), and RDP (3389), as well as vendor-specific proprietary ports. Approximately 40% of the devices used over 20 ports, indicating a broad attack surface. OCR errors and inconsistent formatting required manual corrections. A consolidated dataset was developed to support clustering, comparison across vendors and versions, and preparation for downstream LLM use, particularly via structured SBOM and configuration data. LESSONS LEARNED: Although no model training was conducted, the structured dataset can support AI-based OT security workflows. The findings highlight the critical need for up-to-date, machine-readable manufacturer data in standardized formats and schemas. Such information could greatly enhance the automation, comparability, and scalability of hospital cybersecurity measures.
Ähnliche Arbeiten
2022 · 19.569 Zit.
MIMIC-III, a freely accessible critical care database
2016 · 8.029 Zit.
Clarifying Confusion: The Confusion Assessment Method
1990 · 5.253 Zit.
The impact of the MIT-BIH Arrhythmia Database
2001 · 4.573 Zit.
A model for types and levels of human interaction with automation
2000 · 3.740 Zit.