Semi-Automated Threat Vulnerability & Risk Assessment (TVRA) for Medical Devices
Authors: 
Nabil Moukafih, Hongsen Zhang, Gregory Epiphaniou, Carsten Maple, Steve Taylor, Laura CarmichaelAuthors Info & Claims
Pages 687 - 693
Abstract
This paper presents a novel Threat, Vulnerability, and Risk Assessment (TVRA) methodology specifically designed for the Internet of Medical Things (IoMT) to address the unique cybersecurity challenges in the healthcare sector. Given the critical nature of healthcare services and the sensitivity of patient data, there is an urgent need for a robust, IoMT-specific TVRA approach. This work integrates the proposed TVRA methodology with SPYDERISK, an advanced risk management tool, showcasing its application through a Remote Patient Monitoring Systems scenario. The combination aims to enhance the security and reliability of healthcare services, ensuring the protection of sensitive health information and maintaining the trust of patients and providers.
References
[1]
2022. ISO/IEC 27001:2022 Information technology — Security techniques — Information security management systems — Requirements. International Organization for Standardization. https://www.iso.org/standard/iso-iec-27001-2022-v1
[2]
F. A. C. de Farias, C. M. Dagostini, Y. de A. Bicca, V. F. Falavigna, and A. Falavigna. 2020. Remote patient monitoring: a systematic review. Telemedicine and e-Health 26, 5 (2020), 576–583.
[3]
M. Howard and S. Lipner. 2006. The security development lifecycle. Microsoft Press Redmond.
[4]
X. Lyu, Y. Ding, and S. H. Yang. 2019. Safety and security risk assessment in cyber-physical systems. IET Cyber-Physical Systems: Theory & Applications 4, 3 (2019), 221–232.
[5]
Vangelis Malamas, Fotis Chantzis, Thomas K Dasaklis, George Stergiopoulos, Panayiotis Kotzanikolaou, and Christos Douligeris. 2021. Risk assessment methodologies for the internet of medical things: A survey and comparative appraisal. IEEE Access 9 (2021), 40049–40075.
[6]
L. P. Malasinghe, N. Ramzan, and K. Dahal. 2019. Remote patient monitoring: a comprehensive study. Journal of Ambient Intelligence and Humanized Computing 10 (2019), 57–76.
[7]
Carsten Maple. 2017. Security and privacy in the internet of things. Journal of Cyber Policy 2, 2 (2017), 155–184.
[8]
RJ McFarland and SBO Olatunbosun. 2019. An exploratory study on the use of internet of medical things (iomt) in the healthcare industry and their associated cybersecurity risks. The Steering Committee of The World Congress in Computer Science. Computer Engineering and Applied Computing (WorldComp). https://csce. ucmss. com/cr/books/2019/LFS/CSREA2019/ICM2519. pdf (2019).
[9]
Stephen Phillips, Steve Taylor, Michael Boniface, and Mike Surridge. 2023. Automated knowledge-based cybersecurity risk assessment of cyber-physical systems. (Sept. 2023).
[10]
Paul Rohmeyer and Jennifer L Bayuk. 2019. Financial cybersecurity risk management. Apress, Berkeley, CA.
[11]
S. Samonas and D. Coss. 2014. The CIA strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security 10, 3 (2014).
[12]
Sriram Tarikere, Ian Donner, and Daniel Woods. 2021. Diagnosing a healthcare cybersecurity crisis: The impact of IoMT advancements and 5G. Bus. Horiz. 64, 6 (Nov. 2021), 799–807.
[13]
H. T. Yew, M. F. Ng, S. Z. Ping, S. K. Chung, A. Chekima, and J. A. Dargham. 2020. Iot based real-time remote patient monitoring system. In 2020 16th IEEE international colloquium on signal processing & its applications (CSPA). IEEE, 176–179.
Recommendations
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Information Security Risk Assessment Methodology Research: Group Decision Making and Analytic Hierarchy Process
WCSE '10: Proceedings of the 2010 Second World Congress on Software Engineering - Volume 01Information security risk can be measured by probability of the potential risk incident and its impact. Various quantitative methodologies are given to compute information security risks, but among the existed research, seldom of them considered the ...
Cyber-Risk Management within IoMT: a Context-aware Agent-based Framework for a Reliable e-Health System
iiWAS2021: The 23rd International Conference on Information Integration and Web IntelligenceThe Internet of Medical Things (IoMT) is creating all sorts of new applications and capabilities for healthcare services and transforming medical care in lasting and impactful ways. Jointly, new security and cyber-security risks are arisen. ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
708 pages
ISBN:9798400717604
DOI:10.1145/3652037
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 June 2024
Check for updates
Author Tags
Qualifiers
- Demonstration
- Research
- Refereed limited
Funding Sources
- European Union's Horizon Europe Research and Innovation Programme
Conference
PETRA '24
PETRA '24: The PErvasive Technologies Related to Assistive Environments Conference
June 26 - 28, 2024
Crete, Greece
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 55Total Downloads
- Downloads (Last 12 months)55
- Downloads (Last 6 weeks)15
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format