Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal

Abstract

The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this work we present a survey of risk assessment and mitigation methodologies for IoMT. For conducting the survey, we assess two streams of literature. First, we systematically review and classify the current scientific research in IoMT risk assessment methodologies. Second, we review existing standards/best practices for IoMT security assessment and mitigation in order to i) provide a comparative assessment of these standards/best practices on the basis of predefined criteria (scope and/or coverage, maturity level, and relevant risk methodology applied) and ii) identify common themes for IoMT security controls. Based on the analysis, we provide various IoMT research and implementation gaps along with a road map of fruitful areas for future research. The paper could be of significant value to security assessment researchers and policymakers/stakeholders in the health care industry.