IOT security risk management model for healthcare industry

Abstract

Internet of Things (IoT) is predicted as one of the biggest emerging environments in the future that creates simultaneous smart communication between machines or a variety of digital devices. Besides improving how data can be controlled, monitored and collected, IoT also allows us to generate revenue through the identifying of new business opportunities and deployment of advanced analytics processes for decision-making purposes. IoT enables us to accelerate changes in the healthcare environment in improving patient engagement and outcome, as well as transforming healthcare from reactive to proactive accessibility. Nevertheless, IoT's expansion brings new vulnerabilities, risk and security challenges for healthcare practitioners and their patients. However, there is still a lack of study focusing on IoT risk management in healthcare. Existing researches tend to focus only on the implementation of IoT peripherals in a healthcare environment and tend to embed the secured applications solution with it. Since healthcare information and data are highly confidential, it is important to ensure that a secured health IoT application is in place. Thus, the aim of this study is to investigate the IoT risk management aspects in a healthcare environment with particular attention to proposing a step-by-step process of an IoT risk management model. The proposed IoT risk management model was developed leveraging on DEMATEL IoT Risk Assessment Procedure. This study was conducted based on a case study of one hospital in Sudan which has recently invested in IoT technologies in their operation. Interviews were conducted with selected respondents from the hospital and findings suggested that the selected case study does not have an established IoT risk management mechanism due to the ad-hoc IoT implementation approach. The case study also lacks of protection for health data and information with several unclear work process. As a solution, this study proposes an enhanced IoT risk management model for healthcare with consideration of three risk categories; 1) Secured Technology, 2) Human Privacy and 3) Trustable Process and Data. The proposed model was then evaluated by three IoT experts and two IT healthcare practitioners based on System Usability Score (SUS) and received Good Usability score which means the model is usable as a healthcare IoT risk management model.