Dynamic risk assessment approach for analysing cyber security events in medical IoT networks

Abstract

Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.