Modern medical devices connected to public and private networks require additional layers of communication and management to effectively and securely treat remote patients. Wearable medical devices, for example, can detect position, movement, and vital signs; such data help improve the quality of care for patients, even when they are not close to a medical doctor or caregiver. In healthcare environments, these devices are called Medical Internet-of-Things (MIoT), which have security as a critical requirement. To protect users, traditional risk assessment (RA) methods can be periodically carried out to identify potential security risks. However, such methods are not suitable to manage sophisticated cyber-attacks happening in near real-time. That is the reason why dynamic RA (DRA) approaches are emerging to tackle the inherent risks to patients employing MIoT as wearable devices. This paper presents a systematic literature review of RA in MIoT that analyses the current trends and existing approaches in this field. From our review, we first observe the significant ways to mitigate the impact of unauthorised intrusions and protect end-users from the leakage of personal data and ensure uninterrupted device usage. Second, we identify the important research directions for DRA that must address the challenges posed by dynamic infrastructures and uncertain attack surfaces in order to better protect users and thwart cyber-attacks before they harm personal (e.g., patients’ home) and institutional (e.g., hospital or health clinic) networks.
Bibliographical noteCopyright © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
This research was funded by FAPERGS/RS/Brazil under call CONFAP—UK ACADEMIES, grant reference: 22/2551-0001368-6.
- cyber security
- dynamic risk assessment
- medical IoT
- systematic literature review