"MedCrypt Funds Medical Device Usable Security Research at the School of Engineering at Tufts University"
MedCrypt, a provider of proactive cybersecurity solutions for medical device manufacturers, has announced its financial support for a fellowship program at Tufts University's School of Engineering that will fund research into medical device security and threat modeling. Fifty-three percent of connected medical devices and other Internet of Things (IoT) devices in hospitals contain a critical vulnerability. Although the Food and Drug Administration (FDA) and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) recognize the importance of threat modeling as a process resulting in more secure devices, a Ponemon Institute study found that about 49 percent of device manufacturers do not follow FDA guidance to mitigate or reduce inherent security risks. To address this issue, Ronald Thompson and Daniel Votipka will conduct research in the Tufts Security and Privacy Lab at the School of Engineering on the effectiveness and applicability of threat modeling and other security measures that organizations can use as a guide to establishing more efficient and repeatable security processes for medical devices. This article continues to discuss the new research initiative aimed at investigating the challenges of effective threat modeling for medical devices and making cybersecurity evidence more reproducible.