Risk Assessment of Heterogeneous IoMT Devices: A Review

The adaptation of the Internet of Medical Things (IoMT) has provided efficient and timely services and has transformed the healthcare industry to a great extent. Monitoring patients remotely and managing hospital records and data have become effortless with the advent of IoMT. However, security and privacy have become a significant concern with the growing number of threats in the cyber world, primarily for personal and sensitive user data. In terms of IoMT devices, risks appearing from them cannot easily fit into an existing risk assessment framework, and while research has been done on this topic, little attention has been paid to the methodologies used for the risk assessment of heterogeneous IoMT devices. This paper elucidates IoT, its applications with reference to in-demand sectors, and risks in terms of their types. By the same token, IoMT and its application area and architecture are explained. We have also discussed the common attacks on IoMT. Existing papers on IoT, IoMT, risk assessment, and frameworks are reviewed. Finally, the paper analyzes the available risk assessment frameworks such as NIST, ISO 27001, TARA, and the IEEE213-2019 (P2413) standard and highlights the need for new approaches to address the heterogeneity of the risks. In our study, we have decided to follow the functions of the NIST and ISO 270001 frameworks. The complete framework is anticipated to deliver a risk-free approach for the risk assessment of heterogeneous IoMT devices benefiting its users.

Automated summary

The adaptation of the Internet of Medical Things (IoMT) has transformed the healthcare industry by providing efficient and timely services. However, the growing number of threats in the cyber world has raised concerns about security and privacy, particularly for personal and sensitive user data. Little attention has been paid to the methodologies used for the risk assessment of heterogeneous IoMT devices. This paper reviews the existing literature on the topic, analyzes available risk assessment frameworks, and highlights the need for new approaches to address the heterogeneity of the risks.