A Cybersecurity Vulnerability Management System for Medical Devices


  • Simran Sappal University of Manitoba
  • Paul Prowse Winnipeg Regional Health Authority


Cybersecurity, Medical Device, Patching, IOMT, Lifecycle management


Interconnectivity of medical devices on a converged network with other Information and Communications Technologies (ICT) is rapidly expanding as is the threat of cyber attacks on hospitals including their medical equipment.  A clear structure and approach to the management of cybersecurity vulnerabilities for medical devices must be developed to reduce the risk of compromise and subsequently patient care.  Through the use of existing Preventive and Corrective Maintenance processes within the Winnipeg Regional Health Authority, a familiar process for resolving and reporting on resolution status is established.  Accordingly, the necessary networking, software, and operating system fields are identified for addition to the Computerized Maintenance Management System (CMMS) to track and associate vulnerabilities with affected medical devices.  Incorporation of these factors into the CMMS enables asset-specific risk management and regular reporting on vulnerability resolution.  Improved tracking and reporting of the organization's medical device cybersecurity risk posture enables improved governance for cybsecurity resoluton and provides additional information for the purposes of lifecycle management.




How to Cite

S. Sappal and P. Prowse, “A Cybersecurity Vulnerability Management System for Medical Devices”, CMBES Proc., vol. 44, May 2021.



Clinical Engineering