| CPC G06F 21/577 (2013.01) [G06F 8/65 (2013.01); G16H 40/40 (2018.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A system for the management of cybersecurity risks for medical devices, the system comprising:
a processor; and
a non-transitory, processor-readable storage medium, wherein the non-transitory, processor-readable storage medium comprises one or more programming instructions that, when executed, cause the processor to:
receive data associated with a medical device;
evaluate, based on the data, an identity of the medical device;
generate, based on the identification, a cybersecurity bill of materials associated with the medical device, wherein the cybersecurity bill of materials comprises a software bill of materials detailing a software component of the medical device, wherein the software bill of materials comprises a build status comprising a build environment of the software component and a current status comprising applied updates to the software component;
standardize the cybersecurity bill of materials based on a common platform enumeration database;
evaluate, using a vulnerability database, the cybersecurity bill of materials to identify one or more potential vulnerabilities;
provide notification of the one or more potential vulnerabilities to at least one user;
determine, using a manufacturer's database, whether the medical device is up-to-date; and
responsive to determining that the device is not up-to-date, receive a patch from the manufacturer's database to update the medical device.
|