Systems-Theoretic and Data-Driven Security Analysis in ML-enabled Medical Devices
Journal:
arXiv
Published Date:
Jun 18, 2025
Abstract
The integration of AI/ML into medical devices is rapidly transforming
healthcare by enhancing diagnostic and treatment facilities. However, this
advancement also introduces serious cybersecurity risks due to the use of
complex and often opaque models, extensive interconnectivity, interoperability
with third-party peripheral devices, Internet connectivity, and vulnerabilities
in the underlying technologies. These factors contribute to a broad attack
surface and make threat prevention, detection, and mitigation challenging.
Given the highly safety-critical nature of these devices, a cyberattack on
these devices can cause the ML models to mispredict, thereby posing significant
safety risks to patients. Therefore, ensuring the security of these devices
from the time of design is essential. This paper underscores the urgency of
addressing the cybersecurity challenges in ML-enabled medical devices at the
pre-market phase. We begin by analyzing publicly available data on device
recalls and adverse events, and known vulnerabilities, to understand the threat
landscape of AI/ML-enabled medical devices and their repercussions on patient
safety. Building on this analysis, we introduce a suite of tools and techniques
designed by us to assist security analysts in conducting comprehensive
premarket risk assessments. Our work aims to empower manufacturers to embed
cybersecurity as a core design principle in AI/ML-enabled medical devices,
thereby making them safe for patients.
