Case Study: Baxter Connex Spot Monitor Shared Key
A secure-by-design case study showing how a default cryptographic key created a shared failure domain across connected patient monitors.
A secure-by-design case study showing how a default cryptographic key created a shared failure domain across connected patient monitors.
A secure-by-design case study showing how hard-coded credentials, weak firmware integrity, exposed interfaces, and insufficient logging affected a portable ventilator.
A secure-by-design case study showing how hidden firmware functionality, insecure update behavior, and patient-data exposure affected a connected patient monitor.
A secure-by-design case study showing how service credential exposure in a networked medical imaging ecosystem can affect patient-data integrity and availability.
A secure-by-design case study showing how local access, hard-coded credentials, kiosk escape, and command injection can affect clinical devices.
This document provides a second, more advanced example of a threat model for a connected medical device: a Bluetooth-enabled Continuous Glucose Monitor (CGM) system. It follows the four-step process outlined in the main Threat Modeling Guide and highlights risks directly related to patient safety.
1. Why FDA Cybersecurity Requirements Matter
1. Why the IVDR matters for connected devices
1. Why the MDR matters for connected devices