US Patent No. 10,992,698

DEVICE VULNERABILITY MANAGEMENT


Patent No. 10,992,698
Issue Date April 27, 2021
Title Device Vulnerability Management
Inventorship Pranav N. Patel, West Chester, OH (US)
Ramakrishnan Ayyappan Pillai, San Jose, CA (US)
Assignee MEDITECHSAFE, INC., West Chester, OH (US)

Claim of US Patent No. 10,992,698

1. A computer-implemented process of remediating a device vulnerability for a particular special-purpose electronic medical device in a particular healthcare delivery organization (HDO), the process comprising:determining an identification of the particular special-purpose electronic medical device in the particular HDO;
generating a device cyber-vulnerability score based upon known threats and vulnerabilities affecting a type of product to which the special-purpose electronic medical device pertains;
generating a device level cyber-vulnerability score by augmenting the generated device cyber-vulnerability score based upon a device level parameter that is specific to the special-purpose electronic medical device;
generating an environmental cyber-vulnerability score based on a weighted combination of usage of the special-purpose electronic medical device in the particular HDO, including medical condition information of a patient the particular special-purpose electronic medical device may be used on and including determining an indicia of medical impact to the patient based on the medical condition information, criticality of the special-purpose electronic medical device, and network exposure of the special-purpose electronic medical device in the particular HDO;
computing an overall cyber-vulnerability score based upon a combination of the device-level cyber-vulnerability score and the environmental cyber-vulnerability score;
determining whether the special-purpose electronic medical device has a high priority based upon the computed overall cyber-vulnerability score;
identifying whether a patch or other vulnerability remediation is available for the special-purpose electronic medical device; and
initiating, in response to identifying that the patch or other vulnerability remediation is available and in response to determining that the special-purpose, electronic medical device has a high priority, a remediation/mitigation workflow to patch or remediate the special-purpose electronic medical device.