Threat Modelling & STRIDE: Your First Step to MDR/IVDR Cybersecurity Compliance
In today’s hyperconnected healthcare environment, cybersecurity isn’t just about protecting data—it’s about protecting lives. If you’re developing medical devices for the European market, complying with MDR (EU 2017/745) and IVDR (EU 2017/746) means cybersecurity must be built in from day one. That starts with effective threat modelling, and the STRIDE framework is your best weapon.
Why Cybersecurity is a Regulatory Imperative
Under MDR and IVDR, cybersecurity is part of General Safety and Performance Requirements (Annex I). It affects everything from device design to postmarket surveillance. Failing to address threats can compromise not only compliance—but patient safety and clinical effectiveness.
This is where Security Risk Management (SRM) comes in, and it all starts with identifying threats.
What is Threat Modelling?
Threat modelling is a structured approach to identifying vulnerabilities in your medical device before attackers do. It’s required under EU regulations and endorsed by the FDA and MDCG guidance.
At its core, threat modelling helps you answer:
- What can go wrong?
- How could it happen?
- What would the impact be?
- What can we do to prevent it?
STRIDE: A Proven Threat Modelling Framework
The STRIDE model, developed by Microsoft and now widely used in healthcare cybersecurity, categorizes threats into six types:
- Spoofing: Fake identities, like forged logins
- Tampering: Altering device firmware or settings
- Repudiation: Denying actions without audit trails
- Information Disclosure: Unauthorized data access
- Denial of Service (DoS): Making the device unusable
- Elevation of Privilege: Gaining unauthorized admin access
Regulators and standards bodies recommend STRIDE because it helps uncover threats across both hardware and software layers—before you even write a line of code.
STRIDE in Action: Medical Device Use Case
Imagine a connected insulin pump. Using STRIDE, your threat model might look like this:
| STRIDE Category | Example Threat |
|---|---|
|
Spoofing |
Fake doctor credentials change dose |
|
Tampering |
Patient modifies firmware remotely |
|
Information Disclosure |
Bluetooth leak of patient glucose data |
|
Denial of Service |
Denial of Service Flood attack disables insulin delivery |
With each threat, you identify a corresponding control: encryption, authentication, firmware validation, etc.
Vulnerability Identification: Don’t Skip the Details
A good threat model goes beyond STRIDE. It includes:
- Data Flow Diagrams (DFDs)
- Asset classification
- Attack surface mapping
- Vulnerability scanning (e.g., CVEs via SBOM tools)
Combined, this gives you a full view of your device’s security posture—before submission to a notified body or regulator.
Stay Compliant with MDR/IVDR and Beyond
MDCG 2019-16 and international standards like IEC 81001-5-1 call for:
- Secure-by-design principles
- Threat modelling from early development
- Ongoing vulnerability monitoring
- Risk prioritisation and mitigation strategies
Most importantly, they emphasize lifecycle management: cybersecurity doesn’t end at launch.
Need Help?
Whether you’re building a threat model from scratch or validating an existing SRM framework, our team of regulatory and security experts can help.
Download our full whitepaper: “Security Risk Management for Medical Devices” for a detailed breakdown of STRIDE, SBOM, MDR Annex I compliance, and post market risk strategies.
Cybersecurity is now a shared responsibility—and your competitive edge. Start modelling threats before they become real-world incidents.
Security Risk Management for Medical Devices: MDR & IVDR Compliance Whitepaper
In a regulatory environment where cybersecurity is directly linked to patient safety, medical device manufacturers must go beyond checklists and adopt a structured, lifecycle-focused approach to Security Risk Management (SRM). This whitepaper breaks down the practical steps needed to meet MDR and IVDR requirements—covering threat modelling (STRIDE and more), SBOM implementation, vulnerability assessment, and postmarket surveillance.
What you’ll learn:
✅ How MDR/IVDR mandate cybersecurity across the product lifecycle
✅ Real-world use of STRIDE, OWASP, CAPEC, and attack trees
✅ Risk control strategies and security-by-design practices
✅ Postmarket obligations under Articles 83–89
📄 Download the full whitepaper to gain a practical, standards-based roadmap to SRM compliance—built for today’s connected medical devices.
Silvia Vilches
Medical Device
Consulting Line Director
Final Thoughts
As someone who works closely with both regulatory frameworks and technical teams, I’ve seen first-hand how early threat modelling can make or break a device’s cybersecurity posture—and its regulatory journey. STRIDE and other frameworks aren’t just theoretical tools; they’re essential for designing safe, compliant, and resilient medical devices.
Cybersecurity isn’t something you can bolt on later. It needs to be part of the conversation from the very first architecture draft, and it must evolve throughout the device’s lifecycle. Doing this well isn’t just about ticking regulatory boxes—it’s about protecting patients, preserving trust, and ensuring devices perform reliably in the real world.
If you haven’t already embedded structured threat modelling into your development process, now is the time to start.