Review of Security and Privacy for the Internet of Medical Things (IoMT)

Abstract

Day-by-day modern circular economy (CE) models gain ground and penetrate the traditional business sectors. The Internet of Medical Things (IoMT) is the main enabler for this interplay of CE with healthcare. Novel services, like remote sensing, assisting of elder people, and e-visit, enhance the people's health and convenience, while reducing the per-patient cost for the medical institutions. However, the rise of mobile, wearable, and telemedicine solutions means that security can no longer be examined within the neat, physical walls as it was considered before. The problem for a healthcare system further increases as the Bring Your Own Device (BYOD) reality, affects the way that the health services are accommodated nowadays. Both patients and healthcare staff utilize their personal devices (e.g. smart phones or tablets) in order to access, deliver, and process medical data. As the IoMT is materialized and the underlying devices maintain so valuable data, they become a popular target for ransomware and other attacks. In the CE case, the problem is further emerging as several of these assets can be used over-and-over by many actuators. However, medical users and vendors are less aware of the underlying vulnerabilities and spend less on the IoMT security. Nevertheless, the risk from exploiting vulnerabilities can be drastically reduced when the known and relevant controls are placed. This paper presents an overview of the core security and privacy controls that must be deployed in modern IoMT settings in order to safeguard the involved users and stakeholders. The overall approach can be considered as a best-practices guide towards the safe implementation of IoMT systems, featuring CE.