A hybrid fuzzy rule-based multi-criteria framework for security assessment of medical device software

The third party software components for medical devices are a critical issue because the hackers can send the updates for medical device software which may contain malware that can affect the medical devices. To quote an instance in this regard is the report generated by Zoll, a supplier of medical devices, which states that several patients' data was exposed in 2019 due to an error which occurred at the time of software updating. In this paper we have attempted the assessment the security of medical devices software from different suppliers. We applied the Fuzzy Analytic Network Process (ANP) and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) methodology for the assessment of third party software component of medical imaging devices. We have listed the criteria and alternatives for the assessment of the software security. The tabulated results that have been presented in the study are evidently showing the satisfaction degree and the ranking of the software security in the obtained order of A6, A1, A2, A5, A4, and A3. Furthermore, the ranking of the software shows that Rank 1 obtained A6 alternatives, which implies that it is absolutely important. Likewise, Rank 2 implies strongly important, 3rd Rank shows fairly important, 4th shows weakly, 5th shows equally and the 6th Rank equates with bad. Use of our framework would be an apt guideline for the manufacturers and users in developing software that is efficacious while being secure for all the stakeholders associated with the use of medical devices. Should the developers adhere to the suggested framework in this study, they can be assured of developing secure medical device software at the initial level of development of the software.