This study addresses the reliability challenges in medical cyber-physical systems arising from the heterogeneity and behavioral uncertainty of devices, patients, and clinical staff, compounded by the absence of proactive fault-mitigation mechanisms. To tackle this, the authors propose M-GENGAR, a novel approach that integrates digital twins with formal methods within a closed-loop framework. By leveraging stochastic hybrid automata for modeling, data-driven learning of patient dynamics, and statistical model checking, the method identifies offline critical scenarios violating reliability requirements. Runtime mitigation strategies are then automatically synthesized through model-space exploration, diversity analysis, and game-theoretic reasoning. Evaluated in a pulmonary ventilation therapy case study, the generated strategies outperformed or matched human decisions in 87.5% of scenarios, achieving physiological metrics on average 20% closer to healthy baselines than manual control.

Medical Cyber-Physical Systems (CPSs) integrating Patients, Devices, and healthcare personnel (Physicians) form safety-critical PDP triads whose dependability is challenged by system heterogeneity and uncertainty in human and physiological behavior. While existing clinical decision support systems support clinical practice, there remains a need for proactive, reliability-oriented methodologies capable of identifying and mitigating failure scenarios before patient safety is compromised. This paper presents M-GENGAR, a methodology based on a closed-loop Digital Twin (DT) paradigm for dependability assurance of medical CPSs. The approach combines Stochastic Hybrid Automata modeling, data-driven learning of patient dynamics, and Statistical Model Checking with an offline critical scenario detection phase that integrates model-space exploration and diversity analysis to systematically identify and classify scenarios violating expert-defined dependability requirements. M-GENGAR also supports the automated synthesis of mitigation strategies, enabling runtime feedback and control within the DT loop. We evaluate M-GENGAR on a representative use case study involving a pulmonary ventilator. Results show that, in 87.5% of the evaluated scenarios, strategies synthesized through formal game-theoretic analysis stabilize patient vital metrics at least as effectively as human decision-making, while maintaining relevant metrics 20% closer to nominal healthy values on average.