Risk Assessment Method for Balancing Safety, Security, and Privacy in Medical IoT Systems with Remote Maintenance Function

It is necessary to evaluate the risk of Internet of Things (IoT) systems not only in terms of security and privacy but also in terms of safety. In addition, because IoT systems are distributed over a wide area, the risk evaluation should consider remote maintenance. Therefore, it is necessary to conduct risk assessment based on the maintainability, safety, security, and privacy (MSSP) concept to realize these four indices in a well-balanced manner. To this end, we proposed an enhanced method that has the function not only to clarify the magnitude of the risk before the measure but also to find an optimal combination of measure plan. As a result of applying this method and the support program named PMSSP to an under-the-sheet type medical IoT monitoring system for multiple vital signs, and we were able to specifically determine the optimal combination of measures.