{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,2]],"date-time":"2025-11-02T16:54:44Z","timestamp":1762102484601,"version":"build-2065373602"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2024,3,29]],"date-time":"2024-03-29T00:00:00Z","timestamp":1711670400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,29]],"date-time":"2024-03-29T00:00:00Z","timestamp":1711670400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,6]]},"DOI":"10.1007\/s10207-024-00826-y","type":"journal-article","created":{"date-parts":[[2024,3,29]],"date-time":"2024-03-29T08:01:41Z","timestamp":1711699301000},"page":"2225-2268","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["MEDICALHARM: A threat modeling designed for modern medical devices and a comprehensive study on effectiveness, user satisfaction, and security perspectives"],"prefix":"10.1007","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4283-9125","authenticated-orcid":false,"given":"Emmanuel","family":"Kwarteng","sequence":"first","affiliation":[]},{"given":"Mumin","family":"Cebe","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,29]]},"reference":[{"issue":"3","key":"826_CR1","doi-asserted-by":"publisher","first-page":"98","DOI":"10.5213\/inj.2013.17.3.98","volume":"17","author":"Y-H Joung","year":"2013","unstructured":"Joung, Y.-H.: Development of implantable medical devices: from an engineering perspective. Int. Neurourol. J. 17(3), 98 (2013)","journal-title":"Int. Neurourol. J."},{"key":"826_CR2","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1109\/ACCESS.2016.2521727","volume":"4","author":"R AlTawy","year":"2016","unstructured":"AlTawy, R., Youssef, A.M.: Security tradeoffs in cyber physical systems: a case study survey on implantable medical devices. IEEE Access 4, 959\u2013979 (2016)","journal-title":"IEEE Access"},{"key":"826_CR3","doi-asserted-by":"crossref","unstructured":"Kwarteng, E., Cebe, M.: A survey on security issues in modern implantable devices: solutions and future issues. Smart Health 100295 (2022)","DOI":"10.1016\/j.smhl.2022.100295"},{"key":"826_CR4","unstructured":"Deloitte: 2022 Global Health Care Outlook. https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/global\/Documents\/Life-Sciences-Health-Care\/gx-health-care-outlook-Final.pdf. Accessed 16 Aug 2022"},{"key":"826_CR5","unstructured":"Vakhter, V., Soysal, B., Schaumont, P., Guler, U.: Security for emerging miniaturized wireless biomedical devices: threat modeling with application to case studies. arXiv preprint arXiv:2105.05937 (2021)"},{"key":"826_CR6","unstructured":"Moe, M.E.G.: Uncovering vulnerabilities in pacemakers. https:\/\/www.mnemonic.io\/resources\/blog\/uncovering-vulnerabilities-in-pacemakers\/. Accessed 23 Oct 2022"},{"key":"826_CR7","unstructured":"FDA: Medtronic recalls remote controllers used with paradigm and 508 MiniMed insulin pumps for potential cybersecurity risks. https:\/\/www.fda.gov\/medical-devices\/medical-device-recalls\/medtronic-recalls-remote-controllers-used-paradigm-and-508-minimed-insulin-pumps-potential. Accessed 23 Oct 2022"},{"key":"826_CR8","unstructured":"FDA: Cybersecurity news. https:\/\/www.fda.gov\/medical-devices\/digital-health-center-excellence\/cybersecurity. Accessed 23 Oct 2022"},{"key":"826_CR9","doi-asserted-by":"crossref","unstructured":"Manikandan, R., Sathyadevan, S.: Medical implant communication systems (MICS) threat modelling. In: 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), pp. 518\u2013523 (2021)","DOI":"10.1109\/ICSCCC51823.2021.9478155"},{"key":"826_CR10","doi-asserted-by":"crossref","unstructured":"Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 129\u2013142 (2008)","DOI":"10.1109\/SP.2008.31"},{"key":"826_CR11","unstructured":"Sayegh, E.: Not an afterthought: security by design. https:\/\/www.forbes.com\/sites\/emilsayegh\/2023\/05\/16\/not-an-afterthought-security-by-design\/?sh=120e2e831271. Accessed 7 Nov 2023"},{"key":"826_CR12","unstructured":"CheckPoint: What is shift left security? https:\/\/www.checkpoint.com\/cyber-hub\/cloud-security\/what-is-shift-left-security\/. Accessed 24 Oct 2022"},{"key":"826_CR13","unstructured":"Center, G.C.A.: DevOps tech: shifting left on security. https:\/\/cloud.google.com\/architecture\/devops\/devops-tech-shifting-left-on-security. Accessed 24 Oct 2022"},{"key":"826_CR14","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1016\/j.jbi.2015.04.007","volume":"55","author":"C Camara","year":"2015","unstructured":"Camara, C., Pens-Lopez, P., Tapiador, J.E.: Security and privacy issues in implantable medical devices: a comprehensive survey. J. Biomed. Inform. Rev. 55, 272\u2013289 (2015). https:\/\/doi.org\/10.1016\/j.jbi.2015.04.007. (in English)","journal-title":"J. Biomed. Inform. Rev."},{"key":"826_CR15","unstructured":"NIST: SP 800-30 Rev 1. Guide for Conducting Risk Assessments. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-30\/rev-1\/final. Accessed 23 Aug 2022"},{"key":"826_CR16","unstructured":"Bochniewicz, E., Chase, M., Coley, S.C., Wallace, K., Weir, M., Zuk, M.: Playbook for Threat Modeling Medical Devices. MITRE and the Medical Device Innovation Consortium (MDIC) (2021)"},{"key":"826_CR17","unstructured":"FDA: Content of premarket submissions for management of cybersecurity in medical devices.\" https:\/\/www.fda.gov\/regulatory-information\/search-fda-guidance-documents\/content-premarket-submissions-management-cybersecurity-medical-devices. Accessed 16 Aug 2022"},{"key":"826_CR18","unstructured":"Forbes: How do we close the skills gap in the cybersecurity industry? https:\/\/www.forbes.com\/sites\/forbesbusinesscouncil\/2023\/02\/28\/how-do-we-close-the-skills-gap-in-the-cybersecurity-industry\/?sh=490e5438e178. Accessed 23 June 2023"},{"key":"826_CR19","unstructured":"CISA: Medical devices hard-coded passwords. https:\/\/www.cisa.gov\/news-events\/ics-alerts\/ics-alert-13-164-01. Accessed 23 June 2023"},{"key":"826_CR20","unstructured":"Shostack, A.: Experiences threat modeling at Microsoft. MODSEC@ MoDELS 2008, 35 (2008)"},{"issue":"1","key":"826_CR21","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3\u201332 (2011)","journal-title":"Requir. Eng."},{"issue":"4","key":"826_CR22","first-page":"1607","volume":"26","author":"S Hussain","year":"2014","unstructured":"Hussain, S., Kamal, A., Ahmad, S., Rasool, G., Iqbal, S.: Threat modelling methodologies: a survey. Sci. Int. (Lahore) 26(4), 1607\u20131609 (2014)","journal-title":"Sci. Int. (Lahore)"},{"key":"826_CR23","doi-asserted-by":"crossref","unstructured":"Siddiqi, M.A., Seepers, R.M., Hamad, M., Prevelakis, V., Strydis, C.: Attack-tree-based threat modeling of medical implants. In: PROOFS@ CHES, pp. 32\u201349 (2018)","DOI":"10.29007\/8gxh"},{"key":"826_CR24","volume-title":"Threat Modeling Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling Designing for Security. John Wiley & Sons, Inc, London (2014)"},{"key":"826_CR25","unstructured":"LeBlanc, D.: DREADFUL. In: DREADFUL, (ed.) https:\/\/docs.microsoft.com\/en-us\/archive\/blogs\/david_leblanc\/dreadful: Microsoft, p. Microsoft Documentation (2007)"},{"key":"826_CR26","unstructured":"Peeters, J.: Agile security requirements engineering. In: Symposium on Requirements Engineering for Information Security, vol. 12 (2005)"},{"issue":"12","key":"826_CR27","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"826_CR28","unstructured":"Mitre.: MITRE ATT &CK\u00ae Matrix. https:\/\/attack.mitre.org\/. Accessed 3 Aug 2022"},{"key":"826_CR29","unstructured":"Van Palm, G., Legay, A.: Threat modeling with attack-defense trees"},{"issue":"1","key":"826_CR30","first-page":"53","volume":"4","author":"AS Sodiya","year":"2007","unstructured":"Sodiya, A.S., Onashoga, S.A., Oladunjoye, B.A.: Threat modeling using fuzzy logic paradigm. Inf. Sci. Int. J. Emerg. Transdiscipl. 4(1), 53\u201361 (2007)","journal-title":"Inf. Sci. Int. J. Emerg. Transdiscipl."},{"key":"826_CR31","doi-asserted-by":"crossref","unstructured":"den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stolen, K., Aagedal, J.O.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the Unified Process: IGI Global, pp. 332\u2013357 (2003)","DOI":"10.4018\/978-1-93177-744-5.ch017"},{"key":"826_CR32","unstructured":"Conklin, L.: Threat modeling process. https:\/\/owasp.org\/www-community\/Threat_Modeling_Process#determine-and-rank-threats. Accessed 23 Jan 2023"},{"key":"826_CR33","doi-asserted-by":"crossref","unstructured":"Crotty, J., Daniel, E.: Cyber threat: its origins and consequence and the use of qualitative and quantitative methods in cyber risk assessment. Appl. Comput. Inform. Ahead-of-print (2022)","DOI":"10.1108\/ACI-07-2022-0178"},{"key":"826_CR34","unstructured":"FIRST: Common vulnerability scoring system version 4.0: specification document. https:\/\/www.first.org\/cvss\/v4.0\/specification-document. Accessed 14 June 2023"},{"key":"826_CR35","unstructured":"FIRST: Common vulnerability scoring system v3.1 specification document. https:\/\/www.first.org\/cvss\/v3.1\/specification-document. Accessed 16 June 2023"},{"key":"826_CR36","unstructured":"FIRST: Common vulnerability scoring system (CVSS-SIG)\u2014CVSS v4.0 calculator\u2014public preview. https:\/\/www.first.org\/cvss\/calculator\/4.0. Accessed 16 June 2023"},{"key":"826_CR37","unstructured":"FIRST: Common vulnerability scoring system version 3.1 calculator. https:\/\/www.first.org\/cvss\/calculator\/3.1. Accessed 16 June 2023"},{"key":"826_CR38","doi-asserted-by":"crossref","unstructured":"Kwarteng, E., Cebe, M.: \"MEDICALHARM\u2014a threat modeling designed for modern medical devices. In: 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Exeter UK (2023)","DOI":"10.1109\/TrustCom60117.2023.00157"},{"key":"826_CR39","doi-asserted-by":"crossref","unstructured":"Nishihara, S., Shinmen, N., Ebihara, T., Mizutani, K., Wakatsuki, N.: Design of secure near-field communication for smartphones using sound and vibration. In: 2017 IEEE 6th Global Conference on Consumer Electronics (GCCE), pp. 1\u20134 (2017)","DOI":"10.1109\/GCCE.2017.8229356"},{"issue":"6","key":"826_CR40","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1007\/s00604-022-05317-2","volume":"189","author":"SU Singh","year":"2022","unstructured":"Singh, S.U., et al.: Advanced wearable biosensors for the detection of body fluids and exhaled breath by graphene. Microchim. Acta 189(6), 236 (2022)","journal-title":"Microchim. Acta"},{"key":"826_CR41","unstructured":"Microsoft: What are the Microsoft SDL practices? https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/practices. Accessed 24 Oct 2022"},{"key":"826_CR42","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong, W., Lagerstr\u00f6m, R.: Threat modeling\u2014a systematic literature review. Comput. Secur. 84, 53\u201369 (2019)","journal-title":"Comput. Secur."},{"issue":"4","key":"826_CR43","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MSP.2011.47","volume":"9","author":"D Dhillon","year":"2011","unstructured":"Dhillon, D.: Developer-driven threat modeling: lessons learned in the trenches. IEEE Secur. Privacy 9(4), 41\u201347 (2011)","journal-title":"IEEE Secur. Privacy"},{"key":"826_CR44","doi-asserted-by":"crossref","unstructured":"Frydman, M., Ruiz, G., Heymann, E., C\u00e9sar, E., Miller, B.P.: Automating risk analysis of software design models. Sci. World J. 2014 (2014)","DOI":"10.1155\/2014\/805856"},{"issue":"1","key":"826_CR45","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/801\/1\/012057","volume":"801","author":"RN Dahbul","year":"2017","unstructured":"Dahbul, R.N., Lim, C., Purnama, J.: Enhancing honeypot deception capability through network service fingerprinting. J. Phys. Conf. Ser. 801(1), 012057 (2017)","journal-title":"J. Phys. Conf. Ser."},{"issue":"6","key":"826_CR46","first-page":"21","volume":"28","author":"AO Baquero","year":"2015","unstructured":"Baquero, A.O., Kornecki, A.J., Zalewski, J.: Threat modeling for aviation computer security. Crosstalk 28(6), 21\u201327 (2015)","journal-title":"Crosstalk"},{"issue":"2","key":"826_CR47","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1002\/spe.2111","volume":"43","author":"A Marback","year":"2013","unstructured":"Marback, A., Do, H., He, K., Kondamarri, S., Xu, D.: A threat model-based approach to security testing. Softw. Pract. Exp. 43(2), 241\u2013258 (2013)","journal-title":"Softw. Pract. Exp."},{"key":"826_CR48","unstructured":"Shevchenko, N., Chick, T.A., O\u2019Riordan, P., Scanlon, T.P., Woody, C.: Threat modeling: a summary of available methods (2018)"},{"issue":"1","key":"826_CR49","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warf. Secur. Res. 1(1), 80 (2011)","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"key":"826_CR50","doi-asserted-by":"crossref","unstructured":"Kim, D.-W., Choi, J.-Y., Han, K.-H.: Medical device safety management using cybersecurity risk analysis. IEEE Access, 8","DOI":"10.1109\/ACCESS.2020.3003032"},{"key":"826_CR51","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1007\/s10207-020-00522-7","volume":"20","author":"M Ngambo\u00e9","year":"2021","unstructured":"Ngambo\u00e9, M., Berthier, P., Ammari, N., Dyrda, K., Fernandez, J.M.: Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED). Int. J. Inf. Secur. 20, 621\u2013645 (2021)","journal-title":"Int. J. Inf. Secur."},{"key":"826_CR52","doi-asserted-by":"crossref","unstructured":"Kopell, B.H., Greenberg, B., Rezai, A.R.: Deep brain stimulation for psychiatric disorders. J. Clin. Neurophysiol. 21(1), 51\u201367 (2004)","DOI":"10.1097\/00004691-200401000-00007"},{"key":"826_CR53","unstructured":"UcedaV\u00e9lez, T.: Threat modeling w\/pasta: risk centric threat modeling case studies (2017)"},{"issue":"1","key":"826_CR54","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MS.2008.25","volume":"25","author":"JA Ingalsbe","year":"2008","unstructured":"Ingalsbe, J.A., Kunimatsu, L., Baeten, T., Mead, N.R.: Threat modeling: diving into the deep end. IEEE Softw. 25(1), 28\u201334 (2008)","journal-title":"IEEE Softw."},{"key":"826_CR55","unstructured":"H-ISAC: About health information sharing and analysis center. https:\/\/h-isac.org\/about-h-isac\/. Accessed 5 July 2023"},{"key":"826_CR56","unstructured":"LinkedIn: Welcome to your Professional community. https:\/\/www.linkedin.com\/. Accessed 5 July 2023"},{"key":"826_CR57","unstructured":"Qualtrics: Build technology that closes experience gaps. https:\/\/www.qualtrics.com\/about\/. Accessed 5 July 2023"},{"key":"826_CR58","unstructured":"Advisories, O.S.: OpenStack security advisories calibration. https:\/\/wiki.openstack.org\/wiki\/Security\/OSSA-Metrics#Calibration. Accessed 19 June 2023"},{"key":"826_CR59","unstructured":"MSDN, M.: Do you use DREAD as it is? http:\/\/social.msdn.microsoft.com\/Forums\/en-US\/c601e0ca-5f38-4a07-8a46-40e4adcbc293\/do-you-use-dread-as-it-is?forum=sdlprocess. Accessed 19 June 2023"},{"key":"826_CR60","unstructured":"Wikipedia: DREAD (risk assessment model). https:\/\/en.wikipedia.org\/wiki\/DREAD_(risk_assessment_model)#cite_note-2. Accessed 19 June 2023"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00826-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00826-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00826-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,15]],"date-time":"2024-11-15T07:20:16Z","timestamp":1731655216000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00826-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,29]]},"references-count":60,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6]]}},"alternative-id":["826"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00826-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2024,3,29]]},"assertion":[{"value":"29 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"The study was approved by the Marquette University Institutional Review Board (IRB). All respondents who participated in the evaluation of the methodology and responded to the survey were at least 18 years old. Potential participants were provided with written information on the first page and gave their consent to participate in the evaluation and the survey by clicking on the next button before proceeding.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}