Svandova Katerina, Smutny Zdenek
Faculty of Informatics and Statistics, Prague University of Economics and Business, Prague, Czech Republic.
J Multidiscip Healthc. 2024 May 13;17:2281-2301. doi: 10.2147/JMDH.S459987. eCollection 2024.
The massive expansion of the Internet of medical things (IoMT) technology brings many opportunities for improving healthcare. At the same time, their use increases security risks, brings security and privacy concerns, and threatens the functioning of healthcare facilities or healthcare provision.
This scoping review aims to identify progress in designing risk assessment and management frameworks for IoMT security. The frameworks found are divided into two groups according to whether frameworks address the technological design of risk management or assess technological measures to ensure the security of the IoMT environment. Furthermore, the article intends to find out whether frameworks also include an assessment of organisational measures related to IoMT security.
This review was prepared using PRISMA ScR guidelines. Relevant studies were searched in the citation databases Web of Science and Scopus. The search was limited to articles published in English between 2018 and 17 September 2023. The initial search yielded 1341 articles, of which 44 (3.3%) were included in the scoping review. A qualitative content analysis focused on selected security perspectives and progress in the given area was carried out.
Thirty-two articles describe the design of risk assessment and management frameworks. Twelve articles describe the design of frameworks for assessing the security of IoMT devices and possibly offer a comparison of different IoMT alternatives. A description of the included articles was prepared from the selected security perspectives.
The review shows the need to create comprehensive or holistic frameworks for operational security and privacy risk management at all layers of the IoMT architecture. It includes the design of specific technological solutions and frameworks for continuously assessing the overall level of information security and privacy of the IoMT environment. Unfortunately, none of the found frameworks offer an assessment of organizational measures even though the importance of the organization measures was highlighted in articles. Another area of interest for researchers could be the design of a general risk management database for IoMT, which would include potential IoMT-related risks connected to a particular device.
医疗物联网(IoMT)技术的大规模扩展为改善医疗保健带来了诸多机遇。与此同时,其使用增加了安全风险,引发了安全和隐私担忧,并威胁到医疗设施的运作或医疗服务的提供。
本范围综述旨在确定IoMT安全风险评估和管理框架设计方面的进展。根据框架是否涉及风险管理的技术设计或评估确保IoMT环境安全的技术措施,将找到的框架分为两组。此外,本文旨在查明框架是否还包括对与IoMT安全相关的组织措施的评估。
本综述依据PRISMA ScR指南编写。在引文数据库Web of Science和Scopus中搜索相关研究。搜索限于2018年至2023年9月17日期间以英文发表的文章。初步搜索产生了1341篇文章,其中44篇(3.3%)被纳入范围综述。对选定的安全视角和该领域的进展进行了定性内容分析。
32篇文章描述了风险评估和管理框架的设计。12篇文章描述了评估IoMT设备安全性的框架设计,并可能对不同的IoMT替代方案进行比较。从选定的安全视角对纳入的文章进行了描述。
该综述表明,需要在IoMT架构的所有层面创建用于操作安全和隐私风险管理的全面或整体框架。这包括设计特定的技术解决方案和框架,以持续评估IoMT环境的信息安全和隐私的整体水平。遗憾的是,尽管文章中强调了组织措施的重要性,但所找到的框架均未对组织措施进行评估。研究人员感兴趣的另一个领域可能是设计一个用于IoMT的通用风险管理数据库,其中应包括与特定设备相关的潜在IoMT风险。
