Challenges and Opportunities for Conducting Dynamic Risk Assessments in Medical IoT


Modern medical devices connected to public and private networks require additional layers of communication and management to effectively and securely treat remote patients. Wearable medical devices, for example, can detect position, movement, and vital signs; such data help improve the quality of care for patients, even when they are not close to a medical doctor or caregiver. In healthcare environments, these devices are called Medical Internet-of-Things (MIoT), which have security as a critical requirement. To protect users, traditional risk assessment (RA) methods can be periodically carried out to identify potential security risks. However, such methods are not suitable to manage sophisticated cyber-attacks happening in near real-time. That is the reason why dynamic RA (DRA) approaches are emerging to tackle the inherent risks to patients employing MIoT as wearable devices. This paper presents a systematic literature review of RA in MIoT that analyses the current trends and existing approaches in this field. From our review, we first observe the significant ways to mitigate the impact of unauthorised intrusions and protect end-users from the leakage of personal data and ensure uninterrupted device usage. Second, we identify the important research directions for DRA that must address the challenges posed by dynamic infrastructures and uncertain attack surfaces in order to better protect users and thwart cyber-attacks before they harm personal (e.g., patients’ home) and institutional (e.g., hospital or health clinic) networks.

Publication DOI:
Divisions: College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre
College of Engineering & Physical Sciences
College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies > Software Engineering & Cybersecurity
College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies
Additional Information: Copyright © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( This research was funded by FAPERGS/RS/Brazil under call CONFAP—UK ACADEMIES, grant reference: 22/2551-0001368-6.
Uncontrolled Keywords: cyber security,dynamic risk assessment,medical IoT,systematic literature review,Engineering(all),Instrumentation,Materials Science(all),Fluid Flow and Transfer Processes,Process Chemistry and Technology,Computer Science Applications
Publication ISSN: 2076-3417
Last Modified: 13 Jun 2024 07:35
Date Deposited: 23 Jun 2023 13:12
Full Text Link:
Related URLs: https://www.mdp ... 3417/13/13/7406 (Publisher URL)
PURE Output Type: Article
Published Date: 2023-06-22
Accepted Date: 2023-06-20
Authors: M. Czekster, Ricardo (ORCID Profile 0000-0002-6636-4398)
Grace, Paul (ORCID Profile 0000-0003-2363-0630)
Marcon, Cesar
Hessel, Fabiano
Cazella, Silvio C.



Version: Published Version

License: Creative Commons Attribution

| Preview

Export / Share Citation


Additional statistics for this record