Abstract
Internet of Medical Things (IoMT) is now growing rapidly, with Internet-enabled devices helping people to track and monitor their health, early diagnosis of their health issues, treat their illness, and administer therapy. Because of its increasing demand and its accessibility to high Internet speed, IoMT has opened doors for security vulnerabilities to healthcare systems. The lack of security awareness among IoMT users can provoke serious and perhaps fatal security issues. The disastrous consequences of these issues will not only disrupt medical services (e.g., ransomware) causing financial losses but will also put the patients’ lives at risk. This paper proposes a framework to compare and rank IoMT solutions based on their protection and defense capability using the Analytic Hierarchy Process. The proposed framework measures the security, including privacy, in the compared IoMT solutions against a set of user requirements and using a detailed set of assessment criteria. This works aims to help in determining and avoiding risks associated with insecure IoMT solutions and reduce the gap between solution providers and consumers by increasing the security awareness and transparency.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A Guide to the Internet of Things Infographic. https://intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot.html
87% of Healthcare Organizations Will Adopt Internet of Things Technology by 2019 (2017). https://www.hipaajournal.com/87pc-healthcare-organizations-adopt-internet-of-things-technology-2019–8712/
Alsubaei, F., Abuhussein, A., Shiva, S.: Security and privacy in the internet of medical things: taxonomy and risk assessment. In: 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pp. 112–120 (2017)
Cyber Risk Services|Deloitte US|Enterprise Risk Services. https://www2.deloitte.com/us/en/pages/risk/solutions/cyber-risk-services.html
Inc, S.: Synopsys and Ponemon study highlights critical security deficiencies in medical devices. https://www.prnewswire.com/news-releases/synopsys-and-ponemon-study-highlights-critical-security-deficiencies-in-medical-devices-300463669.html
Medical Devices are the Next Security Nightmare. https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
Hamlyn-Harris, J.H.: Three Reasons Why Pacemakers are Vulnerable to Hacking. http://theconversation.com/three-reasons-why-pacemakers-are-vulnerable-to-hacking-83362
Jalali, M.S., Kaiser, J.P.: Cybersecurity in hospitals: a systematic, organizational perspective. J. Med. Internet Res. 28, 10059 (2018)
MSV, J.: Security is Fast Becoming the Achilles Heel of Consumer Internet of Things. https://www.forbes.com/sites/janakirammsv/2016/11/05/security-the-fast-turning-to-be-the-achilles-heel-of-consumer-internet-of-things/
Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2012)
Savola, R.M., Savolainen, P., Evesti, A., Abie, H., Sihvonen, M.: Risk-driven security metrics development for an e-health IoT application. In: Information Security for South Africa (ISSA), pp. 1–6. IEEE (2015)
Food and Drug Administration: Postmarket Management of Cybersecurity in Medical Devices (2016). https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf
MDRAP|Home Page. https://mdrap.mdiss.org/
McMahon, E., Williams, R., El, M., Samtani, S., Patton, M., Chen, H.: Assessing medical device vulnerabilities on the Internet of Things. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 176–178. IEEE (2017)
Medical Equipment in General. https://www.iso.org/ics/11.040.01/x/
New Security Guidance for Early Adopters of the IoT. https://cloudsecurityalliance.org/download/new-security-guidance-for-early-adopters-of-the-iot/
OWASP Internet of Things Project-OWASP. https://owasp.org/index.php/OWASP_Internet_of_Things_Project#tab = Medical_Devices
[Press Release WP29] Opinion on the Internet of Things|CNIL. https://www.cnil.fr/en/press-release-wp29-opinion-internet-things
GSMA IoT Security Guidelines-Complete Document Set. https://www.gsma.com/iot/gsma-iot-security-guidelines-complete-document-set/
Laplante, P.A., Kassab, M., Laplante, N.L., Voas, J.M.: Building caring healthcare systems in the internet of things. IEEE Syst. J. 12, 1–8 (2017)
Islam, S.M.R., Kwak, D., Kabir, M.H., Hossain, M., Kwak, K.S.: The internet of things for health care: a comprehensive survey. IEEE Access. 3, 678–708 (2015)
Williams, P.A., Woodward, A.J.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Devices Auckl. NZ. 8, 305–316 (2015)
Leister, W., Hamdi, M., Abie, H., Poslad, S.: An evaluation framework for adaptive security for the iot in ehealth. Int. J. Adv. Secur. 7(3&4), 93–109 (2014)
Wu, T., Zhao, G.: A novel risk assessment model for privacy security in Internet of Things. Wuhan Univ. J. Nat. Sci. 19, 398–404 (2014)
Caldiera, V., Rombach, H.D.: The goal question metric approach. Encycl. Softw. Eng. 2, 528–532 (1994)
Bayuk, J., Mostashari, A.: Measuring systems security. Syst. Eng. 16, 1–14 (2013)
OWASP Internet of Things Project-OWASP. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
Health, C. for D. and R.: Digital Health-Cybersecurity. https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm
Naval Medical Logistics Command (NMLC): Medical Device Risk Assessment Questionnaire Version 3.0. (2016). http://www.med.navy.mil/sites/nmlc/Public_Docs/Solicitations/RFP/MDRA%203.0-20160815RX.PDF
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1, 83–98 (2008)
Cheng, Y., Deng, J., Li, J., DeLoach, S.A., Singhal, A., Ou, X.: Metrics of Security. In: Kott, A., Wang, C., Erbacher, R.F. (eds.) Cyber Defense and Situational Awareness, pp. 263–295. Springer International Publishing, Cham (2014)
Saaty, T.L.: Decision-making with the AHP: why is the principal eigenvector necessary. Eur. J. Oper. Res. 145, 85–91 (2003)
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A)|ICS-CERT. https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Alsubaei, F., Abuhussein, A., Shiva, S.: Quantifying security and privacy in Internet of Things solutions. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–6 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Alsubaei, F., Abuhussein, A., Shiva, S. (2019). A Framework for Ranking IoMT Solutions Based on Measuring Security and Privacy. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 880. Springer, Cham. https://doi.org/10.1007/978-3-030-02686-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-02686-8_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02685-1
Online ISBN: 978-3-030-02686-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)