Anti-tampering of hard coded secrets/keys/ data within medical device software

Explanation: Employ appropriate software/ hardware protections against malicious observation/modification of medical device secrets by the device possessor.

Vulnerabilities addressed: Addresses unauthorized access or deliberate modification of application generated and/or managed data by a malicious device owner.

Developer resources required: Requires access to appropriate software/hardware packages and expertise to apply them correctly.

Evaluator resources required: Requires manual review of application of the selected mechanisms; potentially requires red-team testing to evaluate overall effectiveness.


Share this article

Shahid N. Shah is an internationally recognized and influential cybersecurity and risk management expert. He is a technology strategy consultant to many federal agencies and winner of Federal Computer Week’s coveted “Fed 100″ award for his work on the government’s largest secure collaboration space. He’s served as Chief Architect (contractor) for BFELoB and OMB secure collaboration platforms and was responsible for strategy as well as implementation leadership of the government’s largest cross-agency identity management solution focused on multifactor auth/authz and identity assurance. He’s also helped AHIP with cybersecurity strategy development for its member insurers and is the author of the “Cybersecurity Risks” and “Conducting Digital Health Risk Assessments” chapters of the 2015 edition of “Insurance and Risk Management Strategies for Physicians and Advisors” book.