A Review of IoMT Security and Privacy related Frameworks





Internet of Things (IoT), Internet of Medical Things (IoMT), Frameworks, Interoperability, European Union Medical Device Regulation (EU MDR), Data Privacy, Compliance, Standards, Health Level 7 (HL7), Fast Healthcare Interoperability Resources (FHIR)


The Internet of Medical Things (IoMT) integrates smart connectivity with healthcare, improving services but imposing cybersecurity and privacy concerns. Frameworks (such as EMRI, SaYo-Pillow, HL7, FHIR, HIMSS) and regulations (such as EU MDR) are in existence but need regular reviewing for enhancement. A crucial requirement to ensure assuring the security and privacy of the IoMT ecosystem is acceptable, standardized frameworks with effective mechanisms, regulations, and policies. The paper reviews recent IoMT frameworks, architectures, standards, and regulations, analysing deployed and proposed systems with the aim of identifying research areas to improve the realm of IoMT security and privacy.  The paper assesses security and data privacy in healthcare through case studies by comparing attributes and discussing benefits and limitations. The analysis extends to geographic scopes that adopt these frameworks. Furthermore, it explores emerging technologies (such as using blockchain) in securing IoMT within specific frameworks. IoMT ecosystems faces significant security and privacy challenges due to inherent complexities, leading to evolving cyber threats. The vulnerabilities expose medical devices and patient data, risking patient safety and scrutinizing reputations of healthcare institutions. Despite promising technologies, the lack of tailored security measures, guidelines, and policies, coupled with adoption barriers, contributes to these concerns. There is a crucial need to develop specific research, standards, and policies for ensuring cybersecurity and data privacy in the IoMT. Collaboration among healthcare, government, and technology stakeholders is essential to establish effective regulations and best practices. The vulnerability of the healthcare sector, attributed to legacy devices and disjointed data systems, emphasizes the necessity for robust security risk assessment models to address challenges imposed within the rapidly evolving IoMT. 

Author Biography

Mr. Ramadhan Mohamed Rajab, University of South Wales

Ramadhan Mohamed Rajab is a PhD research student in Cybersecurity at the University of South Wales, UK. He graduated his MSc in Computer Systems Security from the University of South Wales in 2019, and also graduated his BSc in Computer Science from the Catholic University of Eastern Africa (CUEA), in Nairobi, Kenya in 2014. His current research area of focus is on the security and privacy of the Internet of Medical Things (IoMT).