Nowdays most of our devices are connected to other systems or computer net-works, so the security of our private data is very important. For several years the risk management process for medical devices concentrated only on the patient safety and did not contain data privacy. In the healthcare area there is no developed framework for protection of patient data against cyber attacks. However risk assessment process shall contain both safety and security risks and shall focus on the connection between them.
This thesis follows and analyzes the development process and risk management process of medical devices. During my work I was involved in the development of an acute dialysis machine and looked over the risk analysis of medical devices focused on the security part of it. I have tried to find options for mitigating the risks while took into consideration the needs of different markets.
In my thesis I reflect on that the responsibility of device manufacturers is big and it gets bigger, especially if they do not recognize that their poorly secured devices can play a significant role in the success of cyber attacks, like WannaCry in 2017.