A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach

Internet of Things (IoT) applications are among the major trends of nowadays. Billions of connected devices are creating great business profits and performing a multitude of automated tasks in many daily human activities. In healthcare service delivery, IoT capabilities are difficult to overestimate, they are progressively becoming entangled and commonly coined Internet of Medical Things (IoMT). The participating nodes in IoMT networks generate, collect and exchange huge amounts of extremely private and sensitive data. Numerous security vulnerabilities arise due to the complexity and the heterogeneity of the technology. New risks, born out of IoMT systems, cannot easily be supported by existing risk management frameworks. The existing cyber-security risk assessment methods and approaches, deployed in several organizations, will not address the IoMT inherent risks properly. This study includes a comprehensive review of IoMT systems. Popular risk assessment methods are discussed and their suitability to IoMT is dealt with in detail. Based on this study, we propose a framework to enhance trust and help with decision making in e-healthcare environments given its high-risk exposure. The proposal is based on a quantified risk assessment approach. Our aim is to define a novel approach/model for improving trust and risk management in an e-health context.