The National Medical Risks & Vulnerabilities (NMRV) Database will be the UK's first dedicated, centralised platform for tracking cybersecurity vulnerabilities in medical devices. Updated every six hours, it will deliver validated, medically relevant intelligence by filtering global CVE data to include only vulnerabilities that directly affect medical technologies.
Currently, CVE records are scattered across general-purpose security databases with no dedicated, medically oriented repository for researchers, regulators, or healthcare providers. This fragmentation makes it difficult to identify, analyse, and act on threats specific to medical devices in a timely manner. The NMRV directly addresses this gap, offering a single trusted source for medical technology vulnerability data.
Each year, the NMRV will publish detailed reports identifying the most frequently reported vulnerabilities in medical devices, providing healthcare providers, regulators, and researchers with vital insights into emerging threats. It will also introduce a refined classification system for medical equipment, enhancing the precision of vulnerability mapping and analysis.
The platform will address cybersecurity risks arising from (but not limited to) the following domains:
Example of a vulnerability in the NMRV:
| CVE Number | Equipment Type | Attack Vector | Layer | NHS Usage | MHRA Status | Affected Components | Severity | Release Date | Action |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2023-1234 | Insulin Pump | Bluetooth Protocol | Network | ✓ | Approved | Firmware, Software | Critical | 2023-01-15 | View Details |
| CVE-2023-5678 | MRI Scanner | Remote Code Execution | Cloud | ✓ | Approved | Software | High | 2023-03-22 | View Details |
| CVE-2023-9012 | Patient Monitor | Buffer Overflow | Physical | - | Unapproved | Hardware, Firmware | Medium | 2023-06-30 | View Details |
A key innovation of the NMRV will be its medical risk scoring model, developed with leading domain experts. This model will quantify the potential impact of vulnerabilities in patient care environments (unlike current CVSS), enabling informed decisions around device procurement, deployment, and risk mitigation.
Medical Risk and Vulnerability Score (MRVS) Equation:
Where:
MI = Medical Impact (scale 1-10)
AI = Attack Impact (scale 1-10)
II = Infrastructure Impact (scale 1-10)
MRVS = Medical Risk and Vulnerability Score
* The weighted coefficients (0.4, 0.3, 0.3) reflect the relative importance of each factor in healthcare environments
We welcome collaboration from partners in Academia, Industry, and Government (AIG).
Please note that API is provided exclusively for academic research purposes.
For inquiries, contact us at [email protected].