Individuals experiencing interpersonal violence (IPV), who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech cybersecurity and technology-facilitated abuse remains critically under-examined. IPV survivors who rely on therapeutic devices encounter a qualitatively different threat environment from the external, technically sophisticated adversaries typically modeled in MedTech cybersecurity research. We address this gap through two complementary methods: (1) the development of hazard-integrated threat models that fuse Cyber physical system security modeling with tech-abuse frameworks, and (2) an immersive simulation with practitioners, deploying a live version of our model, identifying gaps in digital forensic practice. Our hazard-integrated CIA threat models map exploits to acute and chronic biological effects, uncovering (i) Integrity attack pathways that facilitate "Medical gaslighting" and "Munchausen-by-IoMT", (ii) Availability attacks that create life-critical and sub-acute harms (glycaemic emergencies, blindness, mood destabilization), and (iii) Confidentiality threats arising from MedTech advertisements (geolocation tracking from BLE broadcasts). Our simulation demonstrates that these attack surfaces are unlikely to be detected in practice: participants overlooked MedTech, misclassified reproductive and assistive technologies, and lacked awareness of BLE broadcast artifacts. Our findings show that MedTech cybersecurity in IPV contexts requires integrated threat modeling and improved forensic capabilities for detecting, preserving and interpreting harms arising from compromised patient-technology ecosystems.

翻译：随着医疗技术日益互联，依赖医疗设备的人际暴力受害者构成了一个尤为脆弱的群体。尽管医疗技术创新与"居家健康"生态系统快速发展，但医疗技术网络安全与技术助长虐待之间的交叉领域仍严重缺乏研究。依赖治疗设备的IPV幸存者面临的威胁环境，与医疗技术网络安全研究中通常建模的外部技术型攻击者存在本质差异。我们通过两种互补方法填补这一空白：(1) 开发融合信息物理系统安全建模与技术滥用框架的危害集成威胁模型；(2) 与从业者开展沉浸式模拟，部署实时模型，识别数字取证实践中的缺陷。我们的危害集成CIA威胁模型将漏洞利用映射至急慢性生物效应，揭示了：(i) 促成"医疗煤气灯效应"与"医疗物联网代理性佯病症"的完整性攻击路径；(ii) 造成生命危急与亚急性伤害的可用性攻击（血糖危象、失明、情绪失稳）；(iii) 源于医疗技术广告的机密性威胁（通过BLE广播进行地理位置追踪）。模拟实验表明这些攻击面在实践中难以检测：参与者忽视了医疗技术设备，误判了生殖与辅助技术，且对BLE广播痕迹缺乏认知。我们的研究表明，IPV情境下的医疗技术网络安全需要集成威胁建模，并提升检测、保存和解读受损患者-技术生态系统所造成危害的取证能力。