Dynamic risk assessment approach for analysing cyber security events in medical IoT networks

Ricardo M. Czekster*, Thais Webber, Leonardo Bertolin Furstenau, César Marcon

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.
Original languageEnglish
Article number101437
Number of pages17
JournalInternet of Things (Netherlands)
Volume29
Early online date20 Nov 2024
DOIs
Publication statusE-pub ahead of print - 20 Nov 2024

Bibliographical note

Copyright © 2024 The Authors. Published by Elsevier B.V. This is an open access article distributed under the terms of the Creative Commons CC-BY license (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Data Access Statement

Data will be made available on request.

Keywords

  • Medical Internet of Things (MIoT)
  • Cyber security
  • Dynamic risk assessment
  • Simulation models
  • Data integration
  • Threat analysis

Fingerprint

Dive into the research topics of 'Dynamic risk assessment approach for analysing cyber security events in medical IoT networks'. Together they form a unique fingerprint.

Cite this