Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. Any malfunction could not only remove the health benefits the CMDs provide, they could also cause further harm to the patient. Due to this, there are many safety regulations which must be adhered to prior to a CMD entering the market. However, while many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. While there are recent regulations which aim to enforce cybersecurity practices, they are vague and do not contain the concrete steps necessary to implement cybersecurity. This paper aims to fill that gap by describing a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack. The CyMed framework is subsequently evaluated based on practical tests as well as expert interviews.

翻译：互联医疗设备（CMD）对患者具有重要影响，因其能帮助患者更正常地生活。任何故障不仅会抵消CMD带来的健康益处，还可能对患者造成进一步伤害。为此，CMD进入市场前必须符合多项安全法规。然而，尽管存在诸多详细的安全规范，针对CMD的网络安全框架却严重缺失。虽然近年来出台了旨在强化网络安全实践的规定，但这些规定较为模糊，缺乏落实网络安全所需的具体步骤。本文旨在填补这一空白，提出名为CyMed的框架，可供供应商和终端用户使用，其中包含提升CMD抵御网络攻击能力的具体措施。随后，该框架将通过实践测试和专家访谈进行评估。