Towards Composable Threat Assessment for Medical IoT (MIoT)

The Medical Internet of Things (MIoT) has applications beyond clinical settings including in outpatient and care environments where monitoring is occurring over public networks and may involve non-dedicated devices. This poses a number of security and privacy challenges exacerbated by a heterogeneous and dynamic environment, but still requires standards for handling personally identifiable and medical information of patients and in some cases caregivers to be maintained. Whilst risk and threat assessments generally assume a stable and well-defined environment, this cannot be done in MIoT environments where devices may be added, removed, or changed in their configuration including connectivity to server back ends. Conducting a complete threat assessment for each such configuration changes is infeasible. In this paper, we seek to define a mechanism for prioritising MIoT threats and aspects of the analysis that are likely to be affected by composition and related alterations. We propose a mechanism based on the UK HMG IS11 approach and provide a case study in the form of the Technology Integrated Health Management (TIHM)2 test bed.