Skip to content

Commit 90484f9

Browse files
committed
feat(matrix): update 25 IoMT risk scenarios in English
1 parent 78e12eb commit 90484f9

1 file changed

Lines changed: 26 additions & 25 deletions

File tree

02-Matrices/risk_matrix.csv

Lines changed: 26 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,26 @@
1-
ID,Actif,Menace,Vulnerabilite,Probabilite,Impact,Risque,Decision,Recommandation
2-
R001,Pompe insuline Bluetooth,Interception communication,Chiffrement BLE faible,4,5,20,Reduire,Upgrade firmware + segmentation reseau medical
3-
R002,Serveur PACS imagerie,Ransomware,Absence segmentation reseau,3,5,15,Reduire,VLAN medical isole + backup offline 3-2-1
4-
R003,Dossier patient EHR/DPI,Acces non autorise,Gestion IAM insuffisante,4,4,16,Reduire,MFA obligatoire + revue droits trimestrielle
5-
R004,Poste medecin,Phishing cible personnel medical,Formation insuffisante,4,4,16,Reduire,Campagnes sensibilisation + simulation phishing mensuelle
6-
R005,Sauvegarde donnees patients,Destruction donnees (ransomware),Backup non teste,2,5,10,Reduire,Test restoration trimestriel + backup 3-2-1 offline
7-
R006,Connexion VPN telemedecine,Compromission credentials,MFA non deploye,3,4,12,Reduire,Deploiement MFA (TOTP/FIDO2) sur tous acces distants
8-
R007,Pacemaker connecte,Manipulation parametres vitaux,Absence chiffrement communication RF,2,5,10,Reduire,Upgrade firmware + protocole chiffre + monitoring anomalies
9-
R008,Systeme dispensation medicaments,Erreur dosage par modification,Modification base non autorisee,2,5,10,Reduire,Controle integrite + logs audit + double verification
10-
R009,Base donnees laboratoire,Fuite donnees analyses,Patch management defaillant,3,4,12,Reduire,Politique patch <30j critiques + scan vulnerabilites mensuel
11-
R010,Dispositif monitoring patient,Deni de service equipement,Absence haute disponibilite,3,4,12,Reduire,Redondance equipements critiques + failover automatique
12-
R011,Tablette infirmiere mobile,Vol/perte appareil,Absence chiffrement disque,3,3,9,Reduire,Bitlocker/LUKS full disk + MDM + remote wipe
13-
R012,Imprimante etiquettes medicaments,Impression documents sensibles non securisee,Acces reseau ouvert,2,3,6,Accepter,Monitoring logs + reseau isole si budget disponible
14-
R013,Portail patient web,Injection SQL via formulaires,Code non audite + WAF absent,3,4,12,Reduire,Audit code securite + WAF + formation dev secure (OWASP)
15-
R014,API HL7 FHIR echange donnees,Exposition donnees patients,Authentification API faible,3,4,12,Reduire,OAuth 2.0 + rate limiting + logging acces + mTLS
16-
R015,Systeme RDV en ligne,DDoS attaque disponibilite,Absence protection perimetre,2,3,6,Transferer,Cloudflare/AWS Shield + CDN
17-
R016,Capteur glucose connecte CGM,Falsification donnees glycemie,Validation donnees absente,2,4,8,Reduire,Checksum donnees + alertes valeurs anormales + double verification
18-
R017,Archivage long terme patients,Perte conformite RGPD retention,Duree conservation non respectee,3,4,12,Reduire,Politique retention automatisee + purge auto + audit annuel
19-
R018,Fournisseur cloud HDS,Indisponibilite service hebergeur,SLA insuffisant 99.5%,2,4,8,Transferer,Contrat SLA 99.9% + penalites + plan continuite documente
20-
R019,Reseau WiFi medical,Interception trafic patients,WPA2 vulnerabilites KRACK,3,3,9,Reduire,Migration WPA3-Enterprise + certificats 802.1X + segmentation VLAN
21-
R020,Station imagerie IRM/Scanner,Malware via peripheriques USB,Absence controle ports USB,2,4,8,Reduire,Blocage USB par GPO + whitelist periph + antivirus medical certifie
22-
R021,Systeme facturation,Fraude modification tarifs,Absence controle acces admin,2,4,8,Reduire,Separation duties + logs immuables + revue mensuelle
23-
R022,Messagerie securisee medecins,Interception emails patients,SMTP non chiffre TLS,3,3,9,Reduire,Enforce TLS 1.3 + DMARC/SPF/DKIM + sensibilisation PGPR023,Telescope chirurgie connecte,Manipulation flux video operatoire,Reseau non isole,1,5,5,Accepter,Reseau dedie bloc operatoire (si budget) + monitoring
24-
R024,Application mobile patient,Vol credentials compte,Stockage local non securise,3,3,9,Reduire,Keychain/Keystore secure + biometrie + session timeout
25-
R025,Serveur Active Directory,Compromission domaine (Golden Ticket),Absence tiering admin,2,5,10,Reduire,Tiering AD (Tier 0/1/2) + PAW + Credential Guard
1+
ID,Asset,Threat,Vulnerability,Probability,Impact,Risk,Decision,Recommendation
2+
R001,Bluetooth Insulin Pump,Communication Interception,Weak BLE encryption,4,5,20,Reduce,Firmware upgrade + medical network segmentation
3+
R002,PACS Imaging Server,Ransomware,Lack of network segmentation,3,5,15,Reduce,Isolated medical VLAN + 3-2-1 offline backup
4+
R003,Patient EHR/DPI Record,Unauthorized Access,Insufficient IAM management,4,4,16,Reduce,Mandatory MFA + quarterly rights review
5+
R004,Physician Workstation,Targeted Medical Staff Phishing,Insufficient training,4,4,16,Reduce,Awareness campaigns + monthly phishing simulation
6+
R005,Patient Data Backup,Data Destruction (Ransomware),Untested backup,2,5,10,Reduce,Quarterly restoration test + 3-2-1 offline backup
7+
R006,Telemedicine VPN Connection,Credential Compromise,MFA not deployed,3,4,12,Reduce,MFA deployment (TOTP/FIDO2) on all remote access
8+
R007,Connected Pacemaker,Vital Parameter Manipulation,Lack of RF communication encryption,2,5,10,Reduce,Firmware upgrade + encrypted protocol + anomaly monitoring
9+
R008,Medication Dispensing System,Dosing Error by Modification,Unauthorized database modification,2,5,10,Reduce,Integrity control + audit logs + double verification
10+
R009,Laboratory Database,Analysis Data Leak,Failing patch management,3,4,12,Reduce,Patch policy <30d critical + monthly vulnerability scan
11+
R010,Patient Monitoring Device,Equipment Denial of Service,Lack of high availability,3,4,12,Reduce,Critical equipment redundancy + automatic failover
12+
R011,Mobile Nurse Tablet,Device Theft/Loss,Lack of disk encryption,3,3,9,Reduce,Bitlocker/LUKS full disk + MDM + remote wipe
13+
R012,Medication Label Printer,Insecure Sensitive Document Printing,Open network access,2,3,6,Accept,Logs monitoring + isolated network if budget available
14+
R013,Patient Web Portal,SQL Injection via forms,Unaudited code + missing WAF,3,4,12,Reduce,Security code audit + WAF + secure dev training (OWASP)
15+
R014,HL7 FHIR Data Exchange API,Patient Data Exposure,Weak API authentication,3,4,12,Reduce,OAuth 2.0 + rate limiting + access logging + mTLS
16+
R015,Online Appointment System,DDoS Availability Attack,Lack of perimeter protection,2,3,6,Transfer,Cloudflare/AWS Shield + CDN
17+
R016,Connected CGM Glucose Sensor,Glycemia Data Falsification,Missing data validation,2,4,8,Reduce,Data checksum + abnormal value alerts + double verification
18+
R017,Long-term Patient Archiving,GDPR Retention Non-compliance,Conservation period not respected,3,4,12,Reduce,Automated retention policy + auto purge + annual audit
19+
R018,HDS Cloud Provider,Host Service Unavailability,Insufficient SLA 99.5%,2,4,8,Transfer,SLA 99.9% contract + penalties + documented continuity plan
20+
R019,Medical WiFi Network,Patient Traffic Interception,WPA2 KRACK vulnerabilities,3,3,9,Reduce,WPA3-Enterprise migration + 802.1X certificates + VLAN segmentation
21+
R020,MRI/Scanner Imaging Station,Malware via USB Peripherals,Lack of USB port control,2,4,8,Reduce,USB blocking via GPO + peripheral whitelist + certified medical antivirus
22+
R021,Billing System,Fraudulent Rate Modification,Lack of admin access control,2,4,8,Reduce,Separation of duties + immutable logs + monthly review
23+
R022,Secured Physician Messaging,Patient Email Interception,Non-encrypted SMTP TLS,3,3,9,Reduce,Enforce TLS 1.3 + DMARC/SPF/DKIM + PGP awareness
24+
R023,Connected Surgery Telescope,Operative Video Stream Manipulation,Non-isolated network,1,5,5,Accept,Dedicated operating room network (if budget) + monitoring
25+
R024,Patient Mobile Application,Account Credential Theft,Insecure local storage,3,3,9,Reduce,Keychain/Keystore secure + biometrics + session timeout
26+
R025,Active Directory Server,Domain Compromise (Golden Ticket),Lack of admin tiering,2,5,10,Reduce,AD Tiering (Tier 0/1/2) + PAW + Credential Guard

0 commit comments

Comments
 (0)