Introduction

Medical devices, equipment, sensors and applications that use wireless networks and the Internet to connect are referred to as the Internet of medical things (IoMT),1 formerly also referred to as the medical Internet of things.2 Their rapid spread in recent years has enabled the collection of patient health data, patient monitoring, automation of certain processes and subsequent analysis of the data collected. Examples include smart watches and wristbands, sensor-equipped medical devices such as glucose meters, electrocardiogram devices, blood pressure monitors, as well as sensors that monitor patients remotely, enabling monitoring of the patient’s vital signs, and possibly also detecting falls. Healthcare systems face increasing numbers of patients and associated challenges.3 The use of IoMT has the potential to make diagnosis more accurate, enable earlier detection of disease, improve patients’ quality of life and reduce healthcare costs. It also means increasing the ability to incorporate advanced technologies, such as artificial intelligence, to support correct diagnosis.4

The IoMT is a subset of devices connected to the environment via the Internet, the so-called Internet of things (IoT). Typically, these devices have sensors, low power consumption, small memory capacity and data processing capability. Data and services are provided to users remotely.5 This is a diverse technology found in healthcare facilities that share a common way of connecting to the outside world via the Internet. This poses an increased security risk. At the same time, their use and operation involve collecting and sharing sensitive data about individual patients. A potential cyberattack threatens not only the specific device and its functioning but also, due to the connection to other hospital systems, endangering the health and life of patients.

Karie et al6 provide an overview of discussed security and privacy concerns.

Security concerns:

data and information leakage, eavesdropping, hacking, software exploitation, IoT device security, IoT device hijacking and ransomware, technology-minded and security-aware users, insufficient IoT device testing and updates, lack of active device monitoring, shortage of efficient and robust security protocols, impersonation, health and safety of users, denial of service (DoS/DDoS), other security threats (eg, password theft, corruption, weak passwords, etc.).

Privacy concerns:

data storage and usage, tracking and location privacy, context-aware or situational privacy, sensed, generated or collected data privacy, user privacy information mining, other privacy concerns (eg, dependency on device manufacturers, transparency, data collection without user consent, etc.).

Mentioned security and privacy concerns include all stakeholders (patients, medical staff, information managers, management of health facilities, equipment manufacturers) who are related to the operation of IoMT. Unfortunately, as is stated in subsections Contemporary review articles and Rationale, no review article was found addressing progress in security frameworks for assessing and managing risks for the IoMT and security frameworks for assessing the information system security level using IoMT in healthcare. Therefore, it is appropriate to carry out a scoping review first, which focuses mainly on identifying knowledge gaps, the scope and the body of articles.7 A scoping review should be a precursor to a detailed and deeper review.

From the point of view of the scoping review focus, it is necessary to address solutions (eg, frameworks, models) designed specifically for the IoMT or more general IoT solutions designed for healthcare, among others, in the context of security risk assessment and management, and assessing the information system security level. This article goes in this direction.

The expected main contributions of this scoping review are two. The first is a scientific contribution to building a theoretical base in the area of IoMT with an emphasis on the sociotechnical perspective, which deals in particular with security risk assessment and management, and assessing the information system security level in healthcare facilities. This area is currently not well theoretically mapped. The second is a practical benefit for professionals, offering a synthesized overview of the various solutions that have been developed in the last 5 years.

In the remainder of the section, to better understand the research activities in the field, a search of contemporary review articles was performed in subsection Contemporary review articles. Subsequently, the need to carry out this scoping review can be justified in detail in the context of what is already known from existing review articles, see subsection Rationale. At the end of this section, it can be the objectives set, see subsection Objectives.

Contemporary Review Articles

In the Web of Science (WoS) and Scopus databases, the authors searched for review articles dealing with Io(M)T security [keywords: review and security and framework and (IoT or “Internet of Things”); review and security and framework and IoMT]. None of the reviews deals with issues connected with IoMT security frameworks for risk assessment and management. In the following three subsections, the most relevant review articles focusing on the security and privacy of the Io(M)T published between 2018 and 2023 are selected from the authors’ perspective. Thematically, review articles can be divided into three areas, each area being structured from general IoT basics to specific IoMT approaches:

The first area deals with the identification of security issues and risks associated with the Io(M)T environment and proposals for addressing them. The second area assesses the applicability of current conventional security standards and assessment frameworks to Io(M)T environments. The third area includes other reviews that focus on a specific domain, eg, a review of publications on the use of a particular technology or an assessment of the architectures in use.Identification of Security Issues and Risks Associated with the Io(M)T Environment

A review5 focused on IoT security in general categorises security risks and state-of-the-art solutions. Blockchain as the only solution is given its own chapter. The authors point out the vulnerability of blockchain caused by the limited randomness of private keys of blockchain accounts. A systematic review8 describes current security, privacy and trust trends in IoMT-enabled smart healthcare systems, such as the use of blockchain, authentication and authorization techniques or privacy-preserving approaches. It highlights the need for developing lightweight intrusion detection systems for IoMT. An overview of the current major solutions in the field of security and privacy is also described in the review,9 highlighting circular economy issues in IoMT. After describing security threats, a comprehensive review10 presents a comparative analysis of existing security protocols in IoMT environments. These are the authentication, access control, intrusion detection, and key management protocols.

In 2019, a paper11 was published describing over a hundred networked medical devices and their vulnerabilities. These are different types of IoMT, such as wearable devices, implantable devices, on-site hospital equipment and apps tracking physiological information. Vulnerabilities from a security perspective are intertwined with privacy concerns, as some security threats can affect safety and patient privacy. The authors analyse current solutions and describe research areas that must be addressed to secure networked medical devices and divide the described areas of future directions into three parts. The first deals with security mechanisms for on-site legacy medical devices, for which the topics include self-authentication, encryption, and access control mechanisms. The next subsection is about security mechanisms for implantable and wearable medical devices, describing trust management, standardized key-management techniques, lightweight cryptographic protocols and authentication mechanisms and firmware modification prevention schemes. The third area is communication technologies, where the authors point out the need to focus research on Bluetooth low energy security mechanisms and radio channel interference. Only the issues of current privacy solutions in the smart healthcare environment are addressed in the systematic review.12 It discusses in detail the differences between the terms “security” and “privacy”. Security refers to the prevention of unauthorised access, breach, modification, destruction or disclosure of data, whereas privacy refers to the storage, use and disclosure of user data according to the preferences of the data owner. Privacy ensures a person’s right to make decisions about information disclosure, retention and deletion. In the case of smart health systems, the data owner is the patient. Techniques that ensure privacy include access control, cryptography, anonymization and blockchain. A review13 presents IoMT applications, standard protocols, security and privacy issues, and market opportunities. The paper’s primary focus is the IoMT environment, emphasising protocols, architectures and platforms. The last review14 discusses the IoMT environment, specifically the security challenges related to IoT cloud, ie, the area of integrating the IoT with cloud computing. It describes both the security issues and their solutions.

Security Standards and Assessment Frameworks for Io(M)T

Khan and Salah5 describe existing security standards and assessment frameworks in relation to IoT-based smart environments. Although conventional security standards and assessment frameworks are not directly targeted in IoT environments, the authors believe they can be adapted for this domain. The findings highlight the lack of security standards and assessment frameworks for the IoT domain. A problematic factor typical of IoT environments is installations and configurations performed by users who are not IT experts.

The study15 provides an overview and analysis of existing risk assessment methods and management standards. It divides the analysed existing standards and frameworks into three categories: trust‑risk awareness methods, models and standards; trust‑risk awareness in IoT, IoMT and e‑health; and trust‑risk awareness in access control. Based on an evaluation of their suitability in relation to the specifics of the IoMT, the authors conclude that their use does not sufficiently cover the risks associated with the IoMT environment. Therefore, the authors present their proposal for a security risk management approach within e-health systems.

Also, another work16 performs an analysis of popular cybersecurity frameworks. Here, too, the authors state that they cannot cover new security risks related to IoT specifics. The authors propose a new method for risk score computing for IoT, enabling the classification and quantification of IoT risks to determine the risk level of individual IoT devices, especially in the IoMT.

Other Overview Articles and Conclusion

The main focus of the review17 is trust-based security frameworks. According to the authors, creating a general trust framework is difficult due to the nature of the concept of trust and the fact that values can vary over a small range of many factors. Sultan et al18 describe the security issues covered by using blockchain based on existing solutions found in the literature: data integrity, data privacy, trusted data origin, removing third-party risks, access control, illegal use of personal data, single points of failure, and scalability. The paper also highlights a risk that is not prevented by the implementation of blockchain, which is user anonymity, where a user can be found using a combination of the public key and IP address used.

Zhou et al19 focused on IoT in general and created seven categories of IoT-specific vulnerabilities, in which the authors included twenty logic bugs and one weakness. The authors also assigned a corresponding common weakness enumeration number to these bugs.

A systematic review20 evaluates each type of architecture, starting from the first published architecture in 2008, in terms of its emphasis on addressing security and data privacy concerns. Security is more concerned with data protection, whereas data privacy focuses on the right of individuals to control their personal data and determine what data can be shared. Among other things, the paper concludes that the included IoT architectures do not consider privacy concerns. This becomes a critical factor for the further diffusion and use of the IoT. Addressing security and privacy must be an integral part of the architectural design.

Rationale

The area of IoMT security and privacy is rapidly developing, mainly due to the significant impact on patients’ health and life and the massive increase in the number of Io(M)T devices. Many published papers on IoMT security, see subsection Contemporary review articles, have previously outlined areas of research to focus on, such as self-authentication mechanisms, encryption techniques, trust management for implantable and wearable medical devices, lightweight cryptographic protocols, authentication mechanisms, and radio channel interference. These articles also marginally mention the specifics of the IoMT field due to the high number of stakeholders with a lack of information security awareness.

Yet, no review article addressing sociotechnical aspects was found to ascertain whether there are frameworks aimed at addressing this issue. The reviews published to date dealing with security assessment frameworks described in subsection Security standards and assessment frameworks for Io(M)T evaluate existing popular approaches (eg, OCTAVE, NIST) for ensuring security and their suitability for the IoMT domain.

However, it is unclear what progress has been made in designing security frameworks for assessing and managing risks for the IoMT and with what proposed technology solutions. Related to this is the progress in the design of security frameworks for assessing the information system security level in healthcare facilities in conjunction with the use of the IoMT. For these reasons, this scoping review was prepared to systematically map the research done in this area and identify existing gaps in knowledge and possible future research directions.

Objectives

This review aims to identify risk assessment and management frameworks for IoMT security published in 2018–2023 and to see what the proposed solutions include. For the frameworks found, it is determined whether frameworks address technology design for risk assessment and management or technology assessment measures to determine the level of security of the IoMT environment, both current and for the purpose of future selection of suitable devices. It is also investigated whether frameworks include an assessment of organisational measures related to IoMT security.

The selected time period is related to the increasing complexity of cyberattacks on hospital facilities and their increasing frequency. One of the most significant events that has affected the threat perception of cyberattacks is the WannaCry ransomware attack that affected many organizations on several continents in May 2017. This attack had a particularly severe impact on the healthcare sector in England, where the healthcare facilities were locked out of their information systems, access to medical records and the use of medical devices. Dozens of National Health Service hospitals were affected, providing acute care, specialist medical services, etc. Within a week of this attack, activity at the affected facilities was reduced. The value of this reduction has been quantified at £5.9m.21 According to a 2017 study,22 64% of all German hospitals were affected by a cyberattack. This trend has triggered a response from researchers who have begun to focus on securing the healthcare sector, including securing vulnerable medical devices.22 In the same year, a hospital in New York23 was attacked, and estimates talk about nearly $10 million for hardware recovery, software, extra staff hours, and economy loss. Subsequent repairs and security upgrades to the hospital’s information system are calculated at $250,000 to $450,000. The study23 highlights equipment such as infusion pumps, ventilators, and others that hackers can use as an entry point into the information system if not sufficiently secured. Due to the sharp increase in attacks on hospital facilities in 2017 and the increasing number of articles in WoS and Scopus in recent years, the authors focused on studies published after 2018.

As pointed out in subsection Contemporary review articles, the specific of IoMT is a high number of stakeholders with a lack of information security awareness. These are, in particular, medical staff whose primary focus is patient care. Authors of the paper24 presented “Education and policies” as one part of security assessment. This includes healthcare professionals and patients who become part of the environment by using IoMT devices and need to be sufficiently trained. The paper23 also cites limited training for staff on safe cyber practices as one of the problems with increasing cyberattacks. These points can be seen as sociotechnical aspects in the context of IoMT security, where interaction between users and the information system directly or through the use of IoMT devices occurs. Activities aimed at educating users in terms of the safe use of technology include raising awareness of security in the Internet environment, in the internal hospital system environment, possibly internal rules for the use of bring your own device (BYOD), the importance of keeping the applications used in an updated form, training on cyberattacks, their types, possible consequences, etc.

Based on the above, the following research questions (RQ) were defined:

RQ 1– What progress has been made in designing security frameworks for assessing and managing risks for the IoMT and with what proposed technology solutions?

This question aims to find security frameworks proposing specific technology solutions to enable security risk assessment and management. The output may be useful for system administrators of healthcare facilities who need to adapt information system security assurance to this trend due to the rapid proliferation of IoMT use.

RQ 2– What progress has been made in developing security frameworks for assessing the level of information system security in healthcare facilities (hospitals) in conjunction with the use of the IoMT? Do these frameworks include an assessment of organisational measures?

The aim of the question is to find out whether healthcare facilities already have a tool to help identify information system vulnerabilities with respect to IoMT specificities, not only technological but also sociotechnical. The output presents the current options for the stakeholders involved in information system security. These are mainly IT specialists, but possibly also health technology specialists, clinical innovation specialists and others.

Methods

This review has been prepared using the PRISMA ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses Extension for Scoping Reviews) checklist;25 see Appendix 1. This scoping review did not require ethics or institutional review board approval, as data were collected by reviewing published peer-reviewed articles.

Literature Search

The search was conducted in the international citation indexes WoS and Scopus between January and September 2023. The last search was conducted on 17 September 2023. To search for articles, combinations of the words IoMT, IoT, healthcare, security, framework, risk, and assessment were used in the article’s title or abstract; see Appendix 2. A filter was used to limit the time period to 2018–2023. Only papers available in English were included.

Selection Process

The retrieved articles were registered in the citation tool Zotero, which was used to remove duplicate records. Screening was conducted in the systematic review software Rayyan26 by examining the abstract in terms of inclusion criteria in Table 1 and defined RQ. Both authors (K.S. and Z.S.) selected articles that met inclusion criteria in mutual cooperation. The full text was used where it was impossible to decide on inclusion or exclusion based on the abstract. Inclusion in the review was verified by examining the full text. Articles were included in this scoping review if the authors stated that their paper assesses and manages the risks arising from the involvement and use of the IoMT in an information system or addresses the security assessment of an information system using the IoMT.

Table 1 Inclusion and Exclusion Criteria

Charting the Data

Data from the included papers were collected based on the examination of the full texts. For this purpose, a content analysis was carried out in accordance with the general focus of scoping reviews.7 An instrument (form) was prepared to collect information about included articles and IoMT security frameworks, see Appendix 3.

The following information was involved: title of the work, authors, year of publication, country (first author’s country of origin), article assigned to which RQ, details of the focus of the designed solution (determining whether it is framework for risk assessment and management, limitation to a specific threat, privacy concern, determining whether it is framework for assessing the security level, assessment of the current IoMT environment, evaluation of possible IoMT acquisition alternatives, assessment of organisational measures), evaluation of the solution, limitations, future work. The information from the filled out form was used to synthesise information from the included articles qualitatively. The full text of the articles was used if more detailed information was needed. Based on the study of the described frameworks, the works were divided thematically into two groups to answer the RQs.

Results Study Selection

The WoS and Scopus databases search based on the selected word combinations revealed 1341 papers. After removing duplicate records, 759 studies were included in the abstract screening and relevance assessment. A total of 710 papers were excluded for various reasons: 608 papers were not risk assessment papers, 46 papers did not match the required publication type, in 52 cases the abbreviation IoMT did not stand for Internet of medical things, 3 articles were not published in English, 3 frameworks were focused on IoMT developers, and 1 paper presented a method for developing a security framework.

As a result, 49 papers were identified, and then the full text was examined for inclusion in the review. Two papers were excluded due to the unavailability of the full text, and three works were excluded because these works were older versions of the included frameworks. The final number of included studies is 44, as mentioned in Figure 1.

Figure 1 Flow diagram of selection of articles.

Study Characteristics

A total of 44 papers were included in the review. These are articles from scientific journals (n=26) and conference papers (n=18). The frameworks focus either directly on the IoMT and the healthcare sector or propose frameworks for the IoT in general, with an outline of possible applications in healthcare.16 Upon examination of the full text, it was found that two papers by the same collective of authors15,27 describe essentially the same framework. Both papers were included in the review because the authors in15 describe the design of a risk management system falling under RQ 1, whereas paper27 states that it is not only a method to enable operational risk management (falling under RQ 1), but also a risk assessment to help select the most suitable medical device from different alternatives, which falls under RQ 2. The risk calculation is described similarly, but the paper27 additionally presents a method to calculate the risk probability, including examples of weights. The papers do not refer to each other. Both papers refer in the references to different conference papers by authors of the same title from 2020. The frameworks included in the review are presented in Appendix 3.

Description of Included Studies Advances in Security Frameworks for Risk Assessment and Management for IoMT

Thirty-two papers describing proposed frameworks for operational risk management were included in the review in relation to RQ 1. The framework’s focus is limited to a specific threat type, see Appendix 3, column 1.1, or the authors do not specify a limitation to a particular threat type. Most frameworks are focused on Intrusion detection (n=8), False data injection (n=3) and Malware detection (n=3). Eight works do not specify a limitation to a particular threat type; the rest have individual focuses. Seven papers explicitly mention that their solutions also address privacy concerns. Twenty-two works use machine learning (ML), extreme learning machine (ELM) or deep learning. Five frameworks do not indicate whether an evaluation has been carried out. For other frameworks, information on verification is provided in Appendix 3. The distribution by publication time and threat type focus is shown in Figure 2. Most frameworks were published in the last two years. This is likely linked to the increasing use of IoMT in hospitals and the increasing number of cyber attacks. The work27 published in 2021 is not listed in this section addressing RQ 1 because the operational risk management described here is also presented in newer work15 published in 2022; see the justification in Study characteristics.

Figure 2 Publication year and focus of articles according to threat type (n = 32).

Frameworks Without Limitation to a Specific Threat

The study15 discusses popular risk assessment methods and approaches (eg, OCTAVE, TARA, CVSS, Exostar, CMMI, ISO, NIST, FAIR) and their suitability for the IoMT. The authors conclude that their application fails in the case of the IoMT due to IoT specificities. The authors propose a new security risk management approach within e-health systems. It consists of three levels: data acquisition area, data gathering and transmission area and data processing and storage area. Their solution has a layered architecture containing a device risk manager, a network risk manager and a storage and processing risk manager, which are autonomous risk agents. Above these core modules is the core risk manager, which manages the risk database, addresses global risks and supports the individual modules. The risk management database contains information about users, devices, risk thresholds, etc. As possible sources of this information, the authors mention publications from organizations such as the FDA, NIST’s NVD, and technical specifications from product suppliers. This information is used to identify abnormal behaviour.

Authors28 describe a layered architecture using artificial intelligence and security methods (for example, cross-cutting services) for cyber-physical systems (CPS)-IoT enabled healthcare ecosystems. The work offers the conceptualization of the architecture and introduces components, which were implemented in different research projects. The work presents a proposal for simulation of the human cognitive behaviour to respond to new cybersecurity and privacy threats. The proposed architecture has four layers: collaborative, perception and knowledge, data collection and actuation, and infrastructure. In the Perception and knowledge layer, a cognitive cycle security model is described with steps: Observe, Orient, Learn, Plan, Decide and Act. Models such as Bayesian networks or fuzzy logic are mentioned for the decision-making process.

The work29 briefly describes a proposed framework of the layered-security model for IoMT. The model consists of perception, network, processing, analysis, and application layers. For each layer, the authors mention possible tools to secure the layer. Considered attack types are eavesdropping, node capture, fake node, denial of service, man in the middle, storage, malware, and malicious code. However, the paper does not provide a detailed description of the framework.

The paper30 focuses on mitigating risks coming from unknown vulnerabilities of the IoT environment. The proposed method, Embedded policing and policy enforcement approach for future secure IoT technologies, is based on the principle of least privilege through the hardware security policy engine (SPE). SPE monitors the communication of applications. If suspicious access is detected, a predefined reaction is used to limit the attack. The system complements current authentication tools.

The framework31 for reinforcing cybersecurity offers a solution for testing security threats and risks without the need to stop the system by using the Digital twins (DT) tool. DT allows the representation of the physical world, predicts risks, simulates cyber attacks, assesses the impact, and identifies threats and vulnerabilities in the IoT healthcare environment. The proposed framework can solve known vulnerabilities and threats. It consists of the physical world, DT world, and cybersecurity module. The cybersecurity module develops strategies using DT and updates the physical world module. The framework has automated processes: system modelling, testing/simulation and cyber threat prevention.

The aim of this work32 is to integrate SecureIoT services in socially assisted robots usage scenarios for healthcare applications. It involves using two platforms: QTrobot for social interaction and teaching applications and CloudCare2U. SecureIoT platform offers open security services as Security as a service (SECaaS). It is a multi-layered security monitoring and enforcement system with the following layers: IoT systems, data collection and actuation, analytics, IoT security services, and use cases.

The authors33 offer a novel IoMT framework for cyber-attack detection using the hybridization of Bayesian optimization and ELM to identify malicious access. It utilizes cloud architecture to mitigate cyber attacks in a real-time IoMT environment. The framework finds the optimal set of ELM hyperparameters and analyses the big data as a part of sensors and IoT devices.

Authors34 propose an Improved wireless medical cyber-physical system (IWMCPS) framework, which consists of components and subsystems and can take into consideration all relevant security concerns. The system is based on ML techniques using a deep neural network for attack detection and classification. IWMCPS consists of the communication and monitoring core, computation and safety core, and real-time planning and administration of resources. The architecture of IWMCPS has four components: Data Acquisition Level, Data Aggregating Layer, Storing and Cloud Computing Level and Action Level.

Intrusion Detection

The work35 describes a framework for intrusion detection in the IoMT environment regarding the privacy of patient data. Data from IoMT devices are stored in multiple cloud nodes with privacy protection. Sensitive data in nodes are identified, and an anonymization process is performed. Intelligent data fusion module adopts the contractive deep autoencoder with differential privacy. The module combines data from different sources and aggregates them. Quantum deep neural network is used to differentiate between normal and attack data.

The framework36 proposes the IDS solution using deep learning and ML in fog-cloud architecture. A detection classifier is produced with a traffic processing engine and the ensemble learning combining a set of long short-term memory (LSTM) networks and a decision tree to identify normal and attack events. The authors presented a framework for implementing the proposed IDS in a fog-cloud architecture. The IDS is an Infrastructure as a Service (IaaS) in a cloud and Software as a Service (SaaS) in a fog.

The work37 presents an Edge-IoT framework and prototype based on blockchain for smart healthcare applications. An optimized Crow search algorithm from the ML field is used for intrusion detection and tampering of data extraction. Secure application processing via blockchain is proposed. IoMT data are processed in the edge network, where a dataset is generated. The dataset is pre-processed, and the Principal component analysis feature selection algorithm reduces the dimension. A deep neural network is used for the processing of comparative analysis.

The proposed IDS framework38 offers protection against malicious activities in IoT infrastructure. ML algorithms were used for intrusion detection: Logistic regression, Linear discriminant analysis, K-nearest neighbours, Gaussian naive Bayes, Classification and regression tree, Random forest, and AdaBoost. The main stages of the framework are: Data acquisition, Data handling and management, and IoT data classification for intrusion detection.

The proposed framework39 uses blockchain technology to protect IoMT networks. IDS-chain contains distributed fog nodes to detect cyberattacks near the edge. There are three layers: IoMT device layer, IDS-based blockchain layer and cloud-based blockchain layer. The framework uses ML approaches to offer detection as a service (DaaS) in the fog layer and classification as a service (CaaS) in the cloud layer for attack classification and response management. Data exchange between IDS entities is secured by using blockchain.

Trustworthy intrusion detection model in e-healthcare systems40 is a security tool for detecting malicious network traffic and helping to maintain patient health records safely. It uses an adaptive neuro-fuzzy inference system (ANFIS) to detect the unauthorized access of users. ANFIS-based data classification and if-then rule statements provide attack detection. Types of attacks are based on rule viewer, membership function and surface viewer. MATLAB framework is used for the practical implementation of the ANFIS model.

The Deep-learning model for detecting software defined healthcare IoT networks attacks (DeepDDoS)41 focuses on the reflection type of DoS attacks. It is IDS, which uses historical data to train hybrid deep learning models. Vulnerable IoT devices are identified based on real-time generated traffic features. The model is loaded in a flask-script custom code at the gateway and performs prediction. Then, any suspicious traffic is forwarded through the control layer.

The solution presented in42 uses an artificial neural network technique to predict suspicious devices. The mobility pattern is split into six parts and assigned to a specific slice. The solution uses a security module which monitors all clients connected to slices. MATLAB´s neural network was used to train data and detect and disable the problematic device. The application can handle the four most applicable use cases: Life-critical services, Non-critical services, Suspicious devices, and Base station.

False Data Injection

The paper43 states that conventional centralized threat detection systems (TDS) exhibit privacy issues because the central part of the TDS gains access to patients’ physiological data. The online learning and attacking model using a recurrent deterministic policy gradient acquires patient data and generates FDI threat as an evaluation indicator to assess the system’s vulnerability. The recommended method for deploying a decentralized threat detector to deter an attack is deep optimized attentive federated aggregation (DpOptFedAA), where the TDS is trained on patient controller modules. The controllers do not share the physiological data, and the hospital server cannot access them. It performs the aggregation and returns the updated parameters. A gated recurrent unit model is used for threat detection.

The introduction to the article44 discusses related works focusing on measurement manipulation attacks, excluding machine learning-based models. However, none of the reported works can identify real-time vulnerable measurements. Based on this finding, the authors propose a personalized health analyser for security enhancement (PHASE), which can perform real-time security analysis of a personalized smart healthcare system (SHS). It consists of three components. The essential part is a knowledge base with patient status inference rules and time-series verification rules. The optimizer component (based on the satisfiability modulo theorem) generates optimal attack vectors. These are passed to the checker component to assess the vulnerability of the measurements. A PHASE-generated vulnerability report output reports the results to the healthcare provider and data analysts.

The authors45 present a new resilient security framework based on the ML approach combined with blockchain technology. A tri-layered neural network (TNN) is used to detect malicious data from medical sensors. In case of detection of cyberattacks, such data are not processed at the fog layer. Data after confirmation are transmitted into the fog layer with blockchain technology to ensure data integrity.

Malware Detection

The proposed TSDroid framework46 is focused on Android malware detection. The majority of healthcare devices use the Android operating system. A novel Android malware detection framework is presented in the article. The method proposes clustering based on temporal and spatial metrics. The life cycle of API is used as a temporal metric, and the size of API is used as the spatial metric. Four algorithms are used to determine the optimal algorithm and optimal cluster number. A time series-based clustering algorithm is used to create subsets and improve detection capability.

The aim of the work47 is to propose a method for identifying files containing malware and pirated software using integrated deep logic. A hybrid dual-channel convolution neural network with spider monkey optimization is a combination of optimization-based deep learning techniques for detecting software piracy. It uses software plagiarism to detect the features of original software. The raw data files are first pre-processed. Frequency and inverse document frequency and logarithm-term frequency are weighting algorithms used to find similarities in source codes. Then, the detecting module checks the pre-processing data. The method can identify ransomware and counterfeit threats by studying the signatures in datasets. The system administrator receives a notification. Malicious file formats are highlighted in a colour to demonstrate the malware’s characteristics.

The paper48 proposes a Many-objective optimization-driven data balancing strategy for cross-architectural malware classification (MODSC). MODSC offers the optimization problem model for data balancing strategy search based on dataset information. The model rebalances the data space in different dimensions to solve multidimensional data imbalance with category and architectural distribution. The model is solved by a many-objective evolutionary algorithm.

Anomaly Detection

The work49 proposes a smart digital healthcare system using supervised ML models called Bio-inspired optimization for classification and anomaly detection (BIOCAD). Supervised ML models are used for disease classification, and unsupervised ML is used for anomaly detection to prevent manipulation with sensor measurements. BIOCAD optimization framework is proposed for data classification and anomaly detection. Historical patient vital signs data are used to train learning models. It consists of two parts: classifier and anomaly detector, and bio-inspired optimization module.

Deep neural network-based classification and anomaly detection (DeepCAD) is a framework50 that uses a deep neural network (DNN) model integrated with anomaly detection in SHS. The model performs two feature classification and anomaly detection. Into the DNN model are added anomaly detection rules. The framework consists of two steps: data processing and model training.

Botnet Attacks

The authors51 offer a methodology that helps secure IoT devices thanks to the early detection of IoT Botnet attacks. ML models are used for detecting botnet attacks. Small chips are integrated into IoT devices to secure the healthcare processes. The chips contain a training model and receive data packets, and if a malicious packet is detected, the originator is blocked from the healthcare system and alerts are sent to a security administrator. As part of the solution, a random forest classifier is proposed.

Keylogger Detection

The methodology52 presented in the paper focuses on keylogger attacks that can compromise private information and cause operational problems in the IoT environment. A nano-integrated circuit (NIC) is used for IoT devices. It recognises malicious packets with keylogger attack detection trained ML models. NIC acts as the data packet receiver with the identical hardware configuration of an actual IoT device. Then, it decides if a packet can be allowed for communication.

Man-In-The-Middle Attacks

The paper53 proposes a framework for detecting and mitigating Man-in-the-middle attacks. The system detects data modification which is caused by this type of attack. It consists of entities: client, server and intermediate servers. The attack modifies the data from the client. Detection is based on checksum. Each record is connected to a unique checksum calculated using the SHA256 function. The correctness of the data is validated using checksum. For mitigation, alternate routing is used. Only correct data is accepted at the server end.

Poisoning Attacks

The proposed framework54 is based on blockchain-based federated learning and secure multi-party computation model verification against poisoning attacks. System architecture contains hospitals, cloud, and private blockchain network. ML local models of hospitals are checked and verified. Then, models are aggregated to the blockchain node. The global model is distributed to hospitals that are joined in federated learning.

Ransomware Prevention

The proposed framework architecture55 allows ransomware analysis with detection and validation. It uses capabilities such as identification, monitoring and alerting of abnormal sourcing patterns for incident response. A detection filter can recognize ransomware attacks (static and dynamic) and measure damage to IoMT devices. The validity and accuracy of attacks are performed by a comprehensive verification process. This defence solution was developed to block attacks and notify the base station.

Replay Attacks

The authors56 suggest a framework for detecting replay attacks on battery depended IoT devices. The framework combines a universally unique identifier, timestamp and a self-learning battery depletion monitor. Data collected from IoT devices are sent from the microcontroller to the IoT cloud platform as well as the battery level. A replay attack detection framework provides decisions about unusual behaviour. In case of an attack detection, the system based on the framework sends a warning message to the healthcare staff.

Sybil Attacks

Blockchain-based fuzzy trust (BFT-IoMT) management framework57 is proposed for the detection of Sybil nodes in the IoMT environment. The architecture consists of an IoMT/infrastructure layer and a fog layer. The fog layer works with details from the IoMT layer and uses modules to detect nodes, cluster, and calculate trust. For trust assessment of nodes, fuzzy logic is used. Node services are stopped if the trust value is below the threshold and a node asks for communication. Malicious nodes are isolated.

IoT Routing Attacks with Impact on Energy Consumption

To prevent destroying the entire network, this framework58 helps detect, predict and mitigate the impact of IoT routing attacks on power consumption in real-time. The model architecture is proposed for healthcare for the elderly at home. Three phases are provided: medical data collection, routing, network, and medical application layers. The model uses deep learning to create a robust model and high-performance metrics. The used deep learning tool is a convolution neural network to predict and detect IoT routing attacks that impact energy consumption and can destroy the network.

Advances in the design of security frameworks for evaluating the security level of information systems using IoMT in healthcare

To answer RQ 2, the review included twelve papers describing frameworks for risk assessment in the context of IoMT use. Ten frameworks offer an assessment of the current IoMT environment, and two of the ten also allow a comparison of possible IoMT acquisition alternatives. One paper focuses on the evaluation of possible IoMT acquisition alternatives only,59 and one framework proposes testing of security IoMT devices that can be used by manufacturers.60 Eight of the twelve papers explicitly mention that their solutions address privacy concerns. None of the frameworks offer an assessment of organisational measures.

The paper27 proposes dynamic agent-based risk management. This context-aware agent-based risk management model for IoMT environments relies on a hybrid (qualified and quantified) risk assessment. The model is applicable to operational risk management or analytical risk management. The framework divides the system into zones of common risk factors. Cyber risk management consists of a device risk management agent, a network risk management agent, and a storage and processing risk management agent. Each agent estimates and shares the risk rating with the central part of the cyber risk management. The system administrator defines the initial risk threshold for anomalies and suspicious scenarios. The user, architect or administrator defines threat impacts. The likelihood of anomalies is evaluated at each level separately using parameters such as the readiness of the medical device to detect and respond to an attack, lack of security awareness in the user, device criticality, openness to the internet, protocols security and others. The authors state that this method can be used to evaluate both attacks on one and many devices. Thus, it is possible to compare medical devices from different manufacturers using this method.

The authors of59 present a multicriteria decision-making method for IoMT device assessment and selection, which is a framework of identified security attributes. Related works mainly working with analytical hierarchical processes and techniques for order preference by similarity to ideal solution (TOPSIS) methods are mentioned. For each, a list of security requirements – attributes used are collected. Based on ISO standards, 13 criteria (attributes) are defined. The framework assesses each alternative in terms of the security attributes. The process continues with the TOPSIS method, which determines the ranking of the alternatives according to their suitability.

In the paper,61 the authors conclude from a study of related works that no tool is available that covers all IoMT-related security scenarios and does not require technical expertise on the user’s part. Such a tool would allow stakeholders to identify potential security issues and recommend countermeasures, assess the suitability of different IoMT solutions and select the most suitable one from a security perspective. The authors propose a Python web application consisting of recommendation and evaluation modules. The recommendation module works based on inputs that include information about the stakeholder type, IoMT solution, device type and architecture. It then runs a process identifying security issues and recommending actions for each component related to the embedded IoMT solution. Then, the output step categorizes the potential problems and recommends a set of attributes (in the form of yes/no questions) for their countermeasures. The evaluation module assesses the security level of different solutions and compares them. A quantitative assessment method based on the analytic hierarchy process is used to assess the security level of each solution.

The paper16 first critically analyses existing popular cybersecurity frameworks (OCTAVE, TARA, NIST, ISO). According to the authors, their extension to IoT environments cannot cover new security risks related to IoT specifics. A new method for risk score computing for the IoT is presented to enable the classification and quantification of IoT risks. The aim is to enable the determination of the risk level of individual IoMT devices. The risk is calculated for each device as the product of the risk impact and the likelihood of the risk. The following parameters are considered to calculate the risk impact: network type, protocol type, number of heterogeneous systems involved, device security, confidentiality, integrity and availability type. The weights for each parameter and the impact calculation are presented. The following parameters are considered to calculate the probability of risk: the number of past attacks for the device, the IoT layer that undergoes lots of attacks, the type of sector using the IoT, and the device risk factor (for the IoMT only). The calculation for the probability is also presented, and the weights for each parameter are introduced. Based on the risk rank range, the resulting value shows whether the risk is very low, low, medium, high or very high.

The paper62 presents iCerberus, the framework for representing IoT security and privacy policies and detecting policy issues. It consists of an ontology for modelling IoT security and privacy policies iCerberus, policy editor iCerberux, policy notation iCerbac, guidelines and rules for detecting IoT policy errors. It is a web-based administration tool to specify, analyze, modify and test policies to detect errors. Reviewing and validation are performed against pre-defined policies.

The author63 presents the Refinement Risk Loop method, which combines secure system design with risk assessment. It uses the Isabelle infrastructure framework with attack trees to improve the system’s security. Isabelle infrastructure framework, a generic higher-order logic proof assistant, allows modelling of physical and logical elements and provides attack trees. The process is iterative and refines a system specification. Existing risk assessment loops use generating attacks to plan incident responses. The proposed method uses risk assessment to refine the design of a secure system.

The proposed model64 used the Control objectives for information and related technology (COBIT 5). It consists of three parts: Healthcare IoT risk management, Hospital performance indicator for accountability (HPIA) alignment and COBIT 5 implementation phases. Hospital Kuala Lumpur was chosen as a case study. The first part of the model is COBIT IoT risk management, which incorporates HPIA categories (for example, customer focus, employee satisfaction, financial and office management). Finally, seven phases of implementation from COBIT 5 are used.

The proposed65 model is based on The Decision-making trial and evaluation laboratory (DEMATEL) procedure of IoT risk assessment. As a case study, the RC Hospital in Sudan was chosen. The aim is to help IT security improve IoT architecture and mitigate technology risks to ensure patient safety considering risk categories: secured technology, human privacy and trustable processes and data. There are five steps: setting goals, technology risk evaluation, reassure improvement and innovation, facilitating transformation, and common process. The authors mention the importance of continuous improvement and updating IoT infrastructures. The transformation step also mentions the importance of hospital staff training in ICT technology.

The authors66 propose a novel multi-security and privacy benchmarking framework for blockchain-based IoT healthcare industry 4.0 Systems. The proposed multi-criteria decision-making benchmarking framework introduces the combination of the GRA-TOPSIS and the BEZ optimization method for benchmarking of systems and a new extended fuzzy weighted with zero inconsistency (FWZIC) method, which is spherical FWZIC (S-FWZIC) for weighting the involved criteria. The first phase formulates a decision matrix (ie access control, integrity availability). In the second phase, S-FWZIC method calculates the weights of each from security and privacy properties and the system solutions are ordered by similarity to the ideal solution.

The paper24 introduced the IoT Security Risk Model for Healthcare based on the ISO/IEC 27005:2018 standard establishing the context of IoT risk in healthcare. The model is used for an iterative IoT risk management process, and at each iteration, it increases the depth and detail of the assessment until it reaches the acceptance level. IoT is described in five layers with technology assessment: authentication, encryption, secured boot, intrusion prevention system and firewall, education and policies. The authors mention all IoT users (also patients) in the education layer. As a case study, Hospital Kuala Lumpur was used.

Threat and risk management (TMR) framework for eHealth IoT systems67 is based on STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) and LINDDUN methodologies. These are used for the assessment of a single configuration of an architecture. The TMR will help manage the security and privacy of systems with many feature combinations in the IoT healthcare environment. Compared to the two mentioned methodologies, TMR includes components on feature space modelling, threat assessment of consequent risks, risk-driven scoring, support of configuration decision and regulatory compliance. The article describes the current status of proposed framework development. The author expects to present further progress in future publications.

The authors60 offer a new framework for testing the security of IoT devices. The framework is based on the Open web application security project (OWASP) IoT framework, which is extended with three additional parts: IoT security considerations, which include mapping of vulnerabilities to a set of security tests (selection of tests), Methodologies and tools with mapping of tests to useful tools to perform tests, and Threat models describes detailed threat modelling. It is mentioned that security frameworks for IoT should be continuously updated; nevertheless, the OWASP attack surface mapping has not been updated since 2015. IoT producers should test their products to decrease security vulnerabilities.

Discussion Principal Findings

This scoping review aimed to present what progress has been made in recent years in the area of risk management research and security assessment for information systems incorporating IoMT devices. Based on the identified studies, it can be concluded that there are only a limited number of proposed solutions for evaluation of possible IoMT acquisition alternatives and none of the studies found looked at the assessment of organisational measures. Since it concerns the use of information technology in healthcare, which is one of the key sectors, further research is needed to cover this area. Most of the studies mentioned above point out the specificities of the IoMT, such as the heterogeneity of devices,16,28,35,37,57 the rapid development and proliferation of new devices,28,35,36,45,56 the large amount of sensitive data exchanged wirelessly,34–36,56 the layered architecture15,28,29,31,32,45,56,57 and the multitude of users who often lack security awareness.23,24,27

It is important to note that this review focused only on finding and describing thematically relevant work and then answering the research questions. It did not engage in a formal evaluation of the research methods used, nor did it focus on the deeper comparison of the solutions presented by the authors.

RQ 1 aimed to identify progress in designing security frameworks for IoMT risk assessment and management and their proposed technology solutions. Limitation to a specific threat is not mentioned in the eight works. Eight frameworks are focused on intrusion detection. Three papers are related to false data injection, three to malware detection an