# References

## **Awareness**

* iamthecavalry gathers information related to the threats encountered in the [healthcare sector](https://iamthecavalry.org/issues/medical/) and has even [simulated](https://www.youtube.com/watch?v=fihc7XgOebo) what an attack could mean

## References 

* Related to healthcare in general

  * the [nodirt threat model](https://www.omadahealth.com/hubfs/nodirt.pdf) is well adapted to the healthcare domain 
  * kantara initiative, and in particular identity management is a topic that has received specific attention in the heathcare sector, with standards such as [UMA2](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html) (which solves the patient-doctor access problem)
  * ENISA has published several papers related to [cybersecurity in healthcare](https://www.enisa.europa.eu/publications/healthcare-certification/at_download/fullReport) 
  * [safecare](https://www.safecare-project.eu/) : an example of EU project that studies how to mitigating cyber-physical threats in the healthcare sector

* Standards related to connected devices 
  * IEC 62443 provides guidance useful to secure industrial IoT, which could be applied to healthcare as well
  * [ETSI EN 303 645](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf) provides guidance on IoT security
  * [IEC JWG7](https://www.iec.ch/dyn/www/f?p=103:23:7062240100866::::FSP_ORG_ID,FSP_LANG_ID:1359,25) : "safe, effective and secure health software and health IT systems, including those incorporating medical devices"
  * [Trusted computing group ](https://trustedcomputinggroup.org/)has published several standards to better secure IoT devices