Abstract
Connected Medical Devices (CMDs) play a crucial role in modern healthcare, enabling real-time monitoring, automated decision making, and remote patient care. However, increasing reliance on digital connectivity introduces significant cybersecurity risks. As CMDs are used in increasingly diverse contexts, traditional risk assessment approaches may fail to capture the nuances of each use case. The increased attack surface and additional lack of cybersecurity experience among daily users further highlight the need for accurate and comprehensible risk management information. Cyber-risk indicators are additional pieces of information that can connect the risk assessment to its dynamic context, enabling risk assessors to estimate risk values more precisely and accurately. In this article, we define and present domain-specific cyber-risk indicators to facilitate dynamic risk assessment in the CMD domain and demonstrate how they can be used in the risk assessment process. Preliminary results from four real-world industry case studies are promising and validate the feasibility of our approach.