Abstract
Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.
Original language | English |
---|---|
Article number | 101437 |
Number of pages | 17 |
Journal | Internet of Things (Netherlands) |
Volume | 29 |
Early online date | 20 Nov 2024 |
DOIs | |
Publication status | E-pub ahead of print - 20 Nov 2024 |
Bibliographical note
Copyright © 2024 The Authors. Published by Elsevier B.V. This is an open access article distributed under the terms of the Creative Commons CC-BY license (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.Data Access Statement
Data will be made available on request.Keywords
- Medical Internet of Things (MIoT)
- Cyber security
- Dynamic risk assessment
- Simulation models
- Data integration
- Threat analysis