|
1 | | -ID,Actif,Menace,Vulnerabilite,Probabilite,Impact,Risque,Decision,Recommandation |
2 | | -R001,Pompe insuline Bluetooth,Interception communication,Chiffrement BLE faible,4,5,20,Reduire,Upgrade firmware + segmentation reseau medical |
3 | | -R002,Serveur PACS imagerie,Ransomware,Absence segmentation reseau,3,5,15,Reduire,VLAN medical isole + backup offline 3-2-1 |
4 | | -R003,Dossier patient EHR/DPI,Acces non autorise,Gestion IAM insuffisante,4,4,16,Reduire,MFA obligatoire + revue droits trimestrielle |
5 | | -R004,Poste medecin,Phishing cible personnel medical,Formation insuffisante,4,4,16,Reduire,Campagnes sensibilisation + simulation phishing mensuelle |
6 | | -R005,Sauvegarde donnees patients,Destruction donnees (ransomware),Backup non teste,2,5,10,Reduire,Test restoration trimestriel + backup 3-2-1 offline |
7 | | -R006,Connexion VPN telemedecine,Compromission credentials,MFA non deploye,3,4,12,Reduire,Deploiement MFA (TOTP/FIDO2) sur tous acces distants |
8 | | -R007,Pacemaker connecte,Manipulation parametres vitaux,Absence chiffrement communication RF,2,5,10,Reduire,Upgrade firmware + protocole chiffre + monitoring anomalies |
9 | | -R008,Systeme dispensation medicaments,Erreur dosage par modification,Modification base non autorisee,2,5,10,Reduire,Controle integrite + logs audit + double verification |
10 | | -R009,Base donnees laboratoire,Fuite donnees analyses,Patch management defaillant,3,4,12,Reduire,Politique patch <30j critiques + scan vulnerabilites mensuel |
11 | | -R010,Dispositif monitoring patient,Deni de service equipement,Absence haute disponibilite,3,4,12,Reduire,Redondance equipements critiques + failover automatique |
12 | | -R011,Tablette infirmiere mobile,Vol/perte appareil,Absence chiffrement disque,3,3,9,Reduire,Bitlocker/LUKS full disk + MDM + remote wipe |
13 | | -R012,Imprimante etiquettes medicaments,Impression documents sensibles non securisee,Acces reseau ouvert,2,3,6,Accepter,Monitoring logs + reseau isole si budget disponible |
14 | | -R013,Portail patient web,Injection SQL via formulaires,Code non audite + WAF absent,3,4,12,Reduire,Audit code securite + WAF + formation dev secure (OWASP) |
15 | | -R014,API HL7 FHIR echange donnees,Exposition donnees patients,Authentification API faible,3,4,12,Reduire,OAuth 2.0 + rate limiting + logging acces + mTLS |
16 | | -R015,Systeme RDV en ligne,DDoS attaque disponibilite,Absence protection perimetre,2,3,6,Transferer,Cloudflare/AWS Shield + CDN |
17 | | -R016,Capteur glucose connecte CGM,Falsification donnees glycemie,Validation donnees absente,2,4,8,Reduire,Checksum donnees + alertes valeurs anormales + double verification |
18 | | -R017,Archivage long terme patients,Perte conformite RGPD retention,Duree conservation non respectee,3,4,12,Reduire,Politique retention automatisee + purge auto + audit annuel |
19 | | -R018,Fournisseur cloud HDS,Indisponibilite service hebergeur,SLA insuffisant 99.5%,2,4,8,Transferer,Contrat SLA 99.9% + penalites + plan continuite documente |
20 | | -R019,Reseau WiFi medical,Interception trafic patients,WPA2 vulnerabilites KRACK,3,3,9,Reduire,Migration WPA3-Enterprise + certificats 802.1X + segmentation VLAN |
21 | | -R020,Station imagerie IRM/Scanner,Malware via peripheriques USB,Absence controle ports USB,2,4,8,Reduire,Blocage USB par GPO + whitelist periph + antivirus medical certifie |
22 | | -R021,Systeme facturation,Fraude modification tarifs,Absence controle acces admin,2,4,8,Reduire,Separation duties + logs immuables + revue mensuelle |
23 | | -R022,Messagerie securisee medecins,Interception emails patients,SMTP non chiffre TLS,3,3,9,Reduire,Enforce TLS 1.3 + DMARC/SPF/DKIM + sensibilisation PGPR023,Telescope chirurgie connecte,Manipulation flux video operatoire,Reseau non isole,1,5,5,Accepter,Reseau dedie bloc operatoire (si budget) + monitoring |
24 | | -R024,Application mobile patient,Vol credentials compte,Stockage local non securise,3,3,9,Reduire,Keychain/Keystore secure + biometrie + session timeout |
25 | | -R025,Serveur Active Directory,Compromission domaine (Golden Ticket),Absence tiering admin,2,5,10,Reduire,Tiering AD (Tier 0/1/2) + PAW + Credential Guard |
| 1 | +ID,Asset,Threat,Vulnerability,Probability,Impact,Risk,Decision,Recommendation |
| 2 | +R001,Bluetooth Insulin Pump,Communication Interception,Weak BLE encryption,4,5,20,Reduce,Firmware upgrade + medical network segmentation |
| 3 | +R002,PACS Imaging Server,Ransomware,Lack of network segmentation,3,5,15,Reduce,Isolated medical VLAN + 3-2-1 offline backup |
| 4 | +R003,Patient EHR/DPI Record,Unauthorized Access,Insufficient IAM management,4,4,16,Reduce,Mandatory MFA + quarterly rights review |
| 5 | +R004,Physician Workstation,Targeted Medical Staff Phishing,Insufficient training,4,4,16,Reduce,Awareness campaigns + monthly phishing simulation |
| 6 | +R005,Patient Data Backup,Data Destruction (Ransomware),Untested backup,2,5,10,Reduce,Quarterly restoration test + 3-2-1 offline backup |
| 7 | +R006,Telemedicine VPN Connection,Credential Compromise,MFA not deployed,3,4,12,Reduce,MFA deployment (TOTP/FIDO2) on all remote access |
| 8 | +R007,Connected Pacemaker,Vital Parameter Manipulation,Lack of RF communication encryption,2,5,10,Reduce,Firmware upgrade + encrypted protocol + anomaly monitoring |
| 9 | +R008,Medication Dispensing System,Dosing Error by Modification,Unauthorized database modification,2,5,10,Reduce,Integrity control + audit logs + double verification |
| 10 | +R009,Laboratory Database,Analysis Data Leak,Failing patch management,3,4,12,Reduce,Patch policy <30d critical + monthly vulnerability scan |
| 11 | +R010,Patient Monitoring Device,Equipment Denial of Service,Lack of high availability,3,4,12,Reduce,Critical equipment redundancy + automatic failover |
| 12 | +R011,Mobile Nurse Tablet,Device Theft/Loss,Lack of disk encryption,3,3,9,Reduce,Bitlocker/LUKS full disk + MDM + remote wipe |
| 13 | +R012,Medication Label Printer,Insecure Sensitive Document Printing,Open network access,2,3,6,Accept,Logs monitoring + isolated network if budget available |
| 14 | +R013,Patient Web Portal,SQL Injection via forms,Unaudited code + missing WAF,3,4,12,Reduce,Security code audit + WAF + secure dev training (OWASP) |
| 15 | +R014,HL7 FHIR Data Exchange API,Patient Data Exposure,Weak API authentication,3,4,12,Reduce,OAuth 2.0 + rate limiting + access logging + mTLS |
| 16 | +R015,Online Appointment System,DDoS Availability Attack,Lack of perimeter protection,2,3,6,Transfer,Cloudflare/AWS Shield + CDN |
| 17 | +R016,Connected CGM Glucose Sensor,Glycemia Data Falsification,Missing data validation,2,4,8,Reduce,Data checksum + abnormal value alerts + double verification |
| 18 | +R017,Long-term Patient Archiving,GDPR Retention Non-compliance,Conservation period not respected,3,4,12,Reduce,Automated retention policy + auto purge + annual audit |
| 19 | +R018,HDS Cloud Provider,Host Service Unavailability,Insufficient SLA 99.5%,2,4,8,Transfer,SLA 99.9% contract + penalties + documented continuity plan |
| 20 | +R019,Medical WiFi Network,Patient Traffic Interception,WPA2 KRACK vulnerabilities,3,3,9,Reduce,WPA3-Enterprise migration + 802.1X certificates + VLAN segmentation |
| 21 | +R020,MRI/Scanner Imaging Station,Malware via USB Peripherals,Lack of USB port control,2,4,8,Reduce,USB blocking via GPO + peripheral whitelist + certified medical antivirus |
| 22 | +R021,Billing System,Fraudulent Rate Modification,Lack of admin access control,2,4,8,Reduce,Separation of duties + immutable logs + monthly review |
| 23 | +R022,Secured Physician Messaging,Patient Email Interception,Non-encrypted SMTP TLS,3,3,9,Reduce,Enforce TLS 1.3 + DMARC/SPF/DKIM + PGP awareness |
| 24 | +R023,Connected Surgery Telescope,Operative Video Stream Manipulation,Non-isolated network,1,5,5,Accept,Dedicated operating room network (if budget) + monitoring |
| 25 | +R024,Patient Mobile Application,Account Credential Theft,Insecure local storage,3,3,9,Reduce,Keychain/Keystore secure + biometrics + session timeout |
| 26 | +R025,Active Directory Server,Domain Compromise (Golden Ticket),Lack of admin tiering,2,5,10,Reduce,AD Tiering (Tier 0/1/2) + PAW + Credential Guard |
0 commit comments