Elsevier

Internet of Things

Volume 8, December 2019, 100123
Internet of Things

Research article
IoMT-SAF: Internet of Medical Things Security Assessment Framework

https://doi.org/10.1016/j.iot.2019.100123Get rights and content

Abstract

The emergence of the Internet of Medical Things (IoMT) has introduced a monumental change in facilitating the management of diseases, improving diseases diagnosis and treatment methods, and reducing healthcare cost and errors. This change has greatly impacted the quality of healthcare for both patients and all frontline healthcare workers. However, the IoMT is far from being immune to security and privacy breaches due to the wide variety IoMT vendors and products available on the market as well as the massive number of devices transmitting sensitive medical data wirelessly to the cloud. The lack of security awareness among healthcare users (e.g., patients, medical staff) aggravates the deficiencies and can facilitate attacks that jeopardize the patients’ lives. Therefore, ensuring the security and privacy of the IoMT becomes an urgent issue worthy of further investigation and resolution. Security cannot be planned for, managed, monitored, or controlled if it cannot be measured. However, security assessment poses problems for novice IoMT adopters when choosing security measures that are both sufficient and robust. Accordingly, we developed a web-based IoMT Security Assessment Framework (IoMT-SAF) based on a novel ontological scenario-based approach to recommend security features in IoMT and assess protection and deterrence in IoMT solutions. IoMT-SAF supports the selection of a solution that matches the stakeholder's security objectives and supports the decision-making process. The novelty of IoMT-SAF lies in its granularity, extensibility, as well as its ability to adapt to new stakeholders, and conformance to technology and medical standards.

Introduction

The Internet of Medical Things (IoMT) is an amalgamation of medical devices and applications that are connected through networks. For patients, medical professionals, researchers, and insurers, the IoMT is a vibrant force that enables a myriad of use cases such as remote medical assistance, data insights, drugs management, operations augmentation, tracking patients, staff, and inventory, and many others. Currently, one-third of IoT devices are found in health care; this number is expected to increase by 2025, with health care accounting for approximately 40% of the total global worth of IoT technology (i.e., $6.2 trillion) [1]. In addition, about 60% of healthcare organizations have already embraced IoT solutions, and that percentage is likely to increase to around 87% by the end of 2019 [2].

One of the most prevalent problems currently facing IoMT solutions is security and privacy fragility. The Federal Bureau of Investigation (FBI) warned that current IoMT devices are severely vulnerable to exploitation of weak authentication, outdated technologies, among others [3]. The IoMT has been at the forefront of cyber-attacks in recent years. Recent studies have shown that nearly 90% of healthcare organizations utilizing the IoT have reported at least one security breach [2]. Another study showed that out of more than 370 organizations using the IoMT, about 35% of them have suffered at least one cybersecurity breach in 2016 [4]. MEDJACK 2, an analysis report of malware used to attack IoMT systems, showed how attacks can be successfully implemented in IoMT environments to steal medical data and instantiate ransomware attacks [5]. In fact, about 45% of all ransomware attacks in 2017 were in the healthcare sector [6]. For example, in 2018, attackers encrypted medical records in a hospital in Indiana, causing the hospital to pay $50,000 to restore the data [7]. Another form of ransomware attack is the disruption of medical services, which can lead to costly restorations as happened with a hospital in California in 2016 [8]. The largest ransomware attack on medical systems was reported in 2017 with more than 200,000 devices worldwide [9].

There are many reasons behind the lack of robust security in the IoMT, which cause such attacks. The complexity and incompatibility issues resulting from the wide variety of IoMT technologies, which are inherently insecure such as wireless sensor network and cloud, has led to many security issues [10]. Moreover, healthcare manufacturers have rushed to embrace IoT without a profound understanding of its security risks. According to a recent survey, only 17% of device makers and 15% of medical staff are aware of the IoMT security issues and take serious measures to prevent them [11]. In addition, a study from Zingbox, a popular IoMT solution provider, revealed that the most common types of security alerts in IoMT devices originate from user practice issues such as accessing malicious contents through the embedded browsers [12]. This lack of security awareness explains why the U.S. alone has more than 36,000 medical devices that are easily discoverable on Shodan, a search engine for IoT devices [13]. Moreover, physical security of medical devices is often overlooked because it is commonly thought that if an attacker has physical access to the device, there is nothing more that can be done to protect it [14]. Furthermore, while the IoT, in general, is lacking security standards, the IoMT requires extra efforts to regulate and ensure its security due to the sensitivity of the data and critical nature of the operations involved. Despite the U.S. Food and Drug Administration (FDA) efforts to secure medical devices, only 10% of these devices require a rigorous review to be approved under FDA Class III, which includes the devices with high risk (e.g., pacemakers) [15]. All these factors make the IoMT vulnerable to severe cyber-attacks [16]. Such attacks do not only affect the financial stability, brand reputation, and business continuity but more importantly, can put the entire medical infrastructure and millions of patients’ lives at risk.

Hence, IoMT stakeholders are obligated to ensure robust security measures in the IoMT that consider the sensitivity of medical data and the criticality of procedures in the medical domain. However, the stakeholders struggle to choose secure IoMT solutions because adopters are still confused by the constant and rapid evolution in IoT technologies [17,18]. This confusion leaves adopters uncertain about which security measures are appropriate to their solutions [19]. IoMT stakeholders often have no option but to trust the offered security of solutions. To make informed decisions, adopters should instead be enabled to measure and verify security themselves. It is also important to enable adopters to select security measures based on their requirements because security goals depend not only on the scenario but also on the adopter's tolerance to risks and assets. Hence, there is an urgent need for an assessment model that is structured to allow security expandability as IoMT technologies evolve, and quantitative to allow for an objective ranking of solutions in terms of their security.

To address this need, in this paper we present IoMT Security Assessment Framework (IoMT-SAF) to enable IoMT stakeholders to assess the degree of security provided in IoMT solutions. IoMT-SAF is based on a stakeholder-oriented, scenario-based, and ontological approach that identifies potential security issues and recommends countermeasures for specific IoMT consumption scenarios. Based on the recommended security measures, IoMT-SAF also recommends thorough security assessment attributes. These attributes are used in the flexible assessment method utilized in IoMT-SAF to enable users to choose their security requirements and to rank IoMT solutions in terms of degree of security. The following sections describe: background on the IoMT in Section 2, summary of related work in Section 3, our IoMT Security Assessment Framework (IoMT-SAF) in Section 4, a case study in Section 5, evaluation of the framework in Section 6, and limitations and concluding remarks including the future work, are discussed in Sections 7 and 8, respectively.

Section snippets

Background

As shown in Fig. 1, the typical components in IoMT solutions are defined by the Open Web Application Security Project (OWASP) as follows [20]. (1) Endpoints: The FDA defines connected medical devices (i.e., IoMT endpoints) as medical devices that are connected to hospital networks, the Internet, or to other medical devices [21]. For the purposes of comprehensiveness, the present work also considers nonmedical devices which can be used in IoMT environments, such as ambient sensors. (2) Gateways:

Related work

Related research on measuring and comparing security has quite a long history. However, because of the newness of IoMT, very little research is currently available on recommending and evaluating security for IoMT solutions. The following paragraph summarizes the previous efforts in this area and highlights their limitations and challenges.

Some of these efforts focused on patient monitoring and do not fit other use cases [25,26]. Other researchers went into developing tools to assess and compare

Internet of Medical Things Security Assessment Framework (IoMT-SAF)

IoMT-SAF (available at flsubaei.pythonanywhere.com) is a python web application that allows users to assess the security of IoMT solutions based on their consumption scenario. As shown in Fig. 2, the presented framework has two main modules. These are the recommendation and assessment modules. Both modules were described in detail in our previous works [46] and [47], respectively. The following subsections briefly describe the modules and explain how users can interact with them to learn about

Case study

To demonstrate how IoMT-SAF can be utilized to analyze and rank IoMT solutions in terms of their degree of security, we show a different scenario y (see Fig. 23). As shown in Fig. 24, this scenario comprises two popular cloud-based IoT platforms that are being used widely in IoMT, namely, Microsoft Azure IoT Hub [52] and KaaIoT KAA [53]. Because these solutions do not have version numbers, IoMT-SAF considers the date of adding the solution profile as the version number. The identified issues

Evaluation

IoMT-SAF enables users to make decisions regarding security in currently available IoMT solutions based on an integrated, quantitative-based assessment method that uses recommended scenario-specific security assessment criteria. The following subsections discuss evaluation criteria for IoMT-SAF modules, as well as three methods of evaluation (i.e., vulnerability-based, expert-based, and survey-based).

Limitations

A key challenge to use IoMT-SAF is the lengthiness and complexity of defining the security profiles. This is due to IoMT-SAF's large pool of assessment attributes (i.e., 260 question). However, as described in Section 4, we added some functionalities that make this task easier without compromising the quality of work (i.e., comprehensiveness). First, the recommendation module effectively filters the list of attributes to only ones that are directly related to the scenario. In addition, common

Conclusion and future work

In this paper, we presented an IoMT Security Assessment Framework (IoMT-SAF), a web application that is based on a novel ontological scenario-based approach to ensure security in IoMT solutions. IoMT-SAF recommends a detailed list of assessment attributes that covers necessary security measures. This enables IoMT adopters to choose and enforce security in IoMT solutions based on their security objectives, which differ depending on the scenario. The novelty of IoMT-SAF lies in its ability to

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationshipsthat could have appeared to influence the work reported in this paper.

References (58)

  • B. Zhang et al.

    Evaluation on security system of internet of things based on fuzzy-AHP method

  • S. Darwish et al.

    Towards composable threat assessment for Medical IoT (MIoT)

    Procedia Comput. Sci.

    (2017)
  • A Guide to the Internet of Things Infographic, Intel.....
  • 87% of healthcare organizations will adopt internet of things technology by 2019

    HIPAA J.

    (2017)
  • Internet Crime Complaint Center (IC3) | Internet of Things Poses Opportunities for Cyber Crime, (2015)....
  • Cyber Risk Services | Deloitte US | Enterprise Risk Services, Deloitte United States. (n.d.)....
  • M. Smith, MEDJACK 2: Old Malware Used in New Medical Device Hijacking Attacks to Breach Hospitals, Network World....
  • N. Weinberg, Securing IoT in Healthcare is Critical, CSO Online. (2018)....
  • Vic Ryckaert, Hackers held patient data ransom, so Indiana hospital system paid $50,000, USA TODAY. (2018)....
  • R. Winton, Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating, Latimes.Com. (2016)....
  • T. Armerding, Medical Devices at Risk: 5 Capabilities That Invite Danger, CSO Online. (2017)....
  • L. Adefala, Healthcare Experiences Twice the Number of Cyber Attacks as Other Industries, CSO Online. (2018)....
  • S. Inc, Synopsys and Ponemon Study Highlights Critical Security Deficiencies in Medical Devices, (2017)....
  • New Threat Report - Connected Medical Devices, (2018). https://www.zingbox.com/resources/threat-report/ (accessed...
  • Medical Devices are the Next Security Nightmare, WIRED. (2017)....
  • The $10 Hardware Hack That Wrecks IoT Security, WIRED. (2017). https://www.wired.com/story/sd-card-hack-iot-zero-days/...
  • J.H. Hamlyn-Harris, Three Reasons Why Pacemakers are Vulnerable to Hacking, The Conversation. (2017)....
  • Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows, (2016)....
  • Study: healthcare staff lacking in basic security awareness, putting medical infrastructure at risk

    Healthcare IT News

    (2016)
  • C. Boulton

    IoT security suffers from a lack of awareness

    CIO

    (2016)
  • J. MSV, Security is fast becoming the achilles heel of consumer Internet of Things, Forbes. (2016)....
  • IoT Framework Assessment – OWASP, (n.d.). https://www.owasp.org/index.php/IoT_Framework_Assessment (accessed July 8,...
  • C. for D. and R. health, Digital Health - Cybersecurity, (n.d.)....
  • What is an IoT Gateway, Intel. (n.d.)....
  • AirStrip ONE | AirStrip, (n.d.). https://www.airstrip.com/airstrip-one (accessed November 6,...
  • BL Healthcare, (n.d.). https://blhealthcare.com/ (accessed November 6,...
  • H. Abie et al.

    Risk-based adaptive security for smart IoT in eHealth

  • R.M. Savola et al.

    Risk-driven security metrics development for an e-health IoT application

  • New security guidance for early adopters of the IoT

    Cloud Secur. Alliance

    (2015)
  • Cited by (112)

    View all citing articles on Scopus
    View full text