Cyber Security Risk Assessment Methods for Smart Healthcare

Abstract

The perverseness of the Internet of Things (IoT) has reached the healthcare sector, where interconnected medical devices are transforming how we deliver and manage health. These devices, linked wirelessly, create a vast network known as Internet of Medical Things (IoMT), that integrates seamlessly with the broader healthcare system. This interconnected infrastructure facilitates the exchange of massive amounts of patient data, paving the way for a more distributed and data-driven approach to healthcare. In healthcare’s ICT environment rely heavily on electronic health records (EHR), e-prescribing systems and other systems. Protecting this sensitive data necessitates robust cybersecurity measures. Even though data security is an indirect cost, it is crucial for healthcare systems. In general, patient trust in a healthcare system depends on the infrastructure’s ability to protect data from security and privacy threats. A critical component of this strategy is security risk assessment. A risk is an indirect cost borne by those designing these systems. The risk assessment process identifies, evaluates, and prioritizes potential threats to the organization’s assets including hardware and software. By assessing risks before acting, healthcare organizations can effectively allocate resources to mitigate the most critical vulnerabilities. While broadly applicable cyber risk assessment frameworks like NIST, ISO, and OCTAVE exist, they may lack a strong risk between assets, threats and impacts, and controls. Therefore, they do not provide a comprehensive picture for healthcare specifically. A more thorough examination is required to establish a strong association between protected systems, potential threats, and the resulting risks. This paper critically reviews these frameworks and their methodologies and limitations for healthcare cybersecurity. Even though data security is an indirect cost, it is crucial for healthcare systems.