Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ML

Abstract

Internet of Medical Things (IoMT) supports traditional healthcare systems by providing enhanced scalability, efficiency, reliability, and accuracy of healthcare services. It enables the development of smart hardware as well as software platforms that operate on the basis of communication systems and the algorithms that process the data collected by the sensors to support decision-making. Although IoMT is involved in large-scale services provisioning in the medical paradigm; however, the resource-constrained nature of these devices makes them vulnerable to immense security and privacy issues. These vulnerabilities are not only disastrous for IoMT but threaten the whole healthcare ecosystem, which can in turn bring human lives in danger. During the past few years, threat vectors against IoMT have been evolved in terms of scalability, complexity, and diversity, which makes it challenging to detect and provide stringent defense solutions against these attacks. In this paper, we classify security and privacy challenges against different IoMT variants based on their actual usage in the healthcare domain. We provide a comprehensive attack taxonomy on the overall IoMT infrastructure comprising different device variants as well as elaborate taxonomies of security protocols to mitigate attacks against different devices, algorithms and describe their strengths and weaknesses. We also outline the security and privacy requirements for the development of novel security solutions for all the attack types against IoMT. Finally, we provide a comprehensive list of current challenges and future research directions that must be considered while developing sustainable security solutions for the IoMT infrastructure.