Towards Composable Threat Assessment for Medical IoT (MIoT)

Salaheddin Darwish, Ilia Nouretdinov, Stephen Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

301 Downloads (Pure)


The Medical Internet of Things (MIoT) has applications beyond clinical settings including in outpatient and care environments where monitoring is occurring over public networks and may involve non-dedicated devices. This poses a number of security and privacy challenges exacerbated by a heterogeneous and dynamic environment, but still requires standards for handling personally
identifiable and medical information of patients and in some cases caregivers to be maintained. Whilst risk and threat assessments generally assume a stable and well-defined environment, this cannot be done in MIoT environments where devices may be added, removed, or changed in their configuration including connectivity to server back ends. Conducting a complete threat assessment for each such configuration changes is infeasible. In this paper, we seek to define a mechanism for prioritising MIoT threats and aspects of the analysis that are likely to be aected by composition and related alterations. We propose a mechanism based on the UK HMG IS11 approach and provide a case study in the form of the Technology Integrated Health Management (TIHM)2 test bed.
Original languageEnglish
Title of host publicationThe fourth International Workshop on Privacy and Security in HealthCare 2017 (PSCare17).
PublisherProcedia Computer Sciences
Number of pages6
Publication statusPublished - 2017

Cite this