Hybrid Cyber Security Framework for the Internet of Medical Things

  • Danisa Nkomo
  • Raymond BrownEmail author
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Despite IoMTs benefits in healthcare, emphasise that attaining robust security and privacy is becoming a huge challenge. The increased flow of information from IoMTs endpoints and applications increases the risk landscape; therefore, their security needs to be addressed. The risk to IoMTs includes potential harm to patient safety, compromise to patient health information and unauthorised access to devices. In 2013, 44% of data breaches occurred in the healthcare and in 2017, the National Health Service (NHS) England reported a ransomware attack which affected an estimated 80 trusts and an additional 603 primary care organisations. It is argued that for a sector (healthcare) under constant attack, the introduction IoMTs may be too big of a security risk. However, when the right security measures are in place, IoMTs can deliver more benefits than risk. With regards to The General Data Protection Regulation (GDPR), IoMTs raises compliance issues in the domain of consent. Cyber security frameworks such as ISO 27000 x series, NIST CSF 2018 or COBIT can be used as a guideline to implement security controls in IoMTs. However, some of them are out of date or lack the required approach to protect IoMTs technology. There is a lack of specific standards tailored to IoMTs security, and the need to safeguard patient safety, maintain the security and privacy of patient information that could all help towards more secure IoMT use cases. What is presented in this Chapter is a method to create a hybrid cyber security framework for IoMT. The framework is an extension of the NIST cyber security framework Version 1.1. This could be very useful to the UK healthcare industry as it is moving towards full adoption of IoMTs for benefits explained earlier.


Internet of medical things IoT BIG data Blockchain Privacy Patient safety IoMT endpoints IoMT applications Hybrid cyber security framework (HCSF) NIST Design science 


  1. Adefala L (2018) Healthcare experiences twice the number of cyber attacks as other industries. Retrieved from
  2. Ahmed E, Yaqoob I, Hashem I, Khan I, Ahmed A, Imran M, Vasilakos A (2017) The role of big data analytics in internet of things. Comput Netw 129:459–471. CrossRefGoogle Scholar
  3. Ahson S, Ilyas M (2017) RFID handbook. CRC PressGoogle Scholar
  4. Alharbi R, Aspinall D (2018) An IoT analysis framework: an investigation of IoT smart cameras’ vulnerabilities. Living in the internet of things: cybersecurity of the Iot – 2018.
  5. Ali B, Awad A (2018) Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18(3):817. CrossRefGoogle Scholar
  6. Alsubaei F, Abuhussein A, Shiva S (2017) Security and privacy in the internet of medical things: taxonomy and risk assessment. 2017 IEEE 42Nd conference on local computer networks workshops (LCN Workshops).
  7. Anandarajan M, Malik S (2018) Protecting the Internet of medical things: a situational crime-prevention approach. Cogent Med 5(1):1–23. CrossRefGoogle Scholar
  8. Antonucci D (2017) The cyber risk handbook, 1st edn. WileyGoogle Scholar
  9. Biener C, Eling M, Wirfs J (2015) Insurability of cyber risk: an empirical analysis. SSRN Electron J.
  10. Cafasso M, Tarral M (2018) Designing flexible sandboxing solutions to adapt to new malware trends. Comput Fraud Secur 2018(2):5–9. CrossRefGoogle Scholar
  11. Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Sys Secur 2(2):97–110. CrossRefGoogle Scholar
  12. Coventry L, Branley D (2018) Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113:48–52. CrossRefGoogle Scholar
  13. Department of Homeland Security (2016) Strategic principles for securing the internet of things (IoT). Retrieved from
  14. Gupta M (2014) Handbook of research on emerging developments in data privacy advances in information security, privacy, and ethics (1st edn.). IGI GlobalGoogle Scholar
  15. Harbers M, Bargh M, Pool R, Van Berkel J, Van den Braak S, Choenni S (2018) A conceptual framework for addressing IoT threats: challenges in meeting challenges. In: Proceedings of the 51St Hawaii international conference on system sciences.
  16. Hevner A, Chatterjee S (2010) Design research in information systems. Springer, New YorkCrossRefGoogle Scholar
  17. Information Security Forum (2016) The standard of good practice for information security 2016. Retrieved from
  18. International Standards Organisation (2018) ISO/IEC 27030 — Information technology — Security techniques — Guidelines for security and privacy in Internet of Things (IoT) [DRAFT. Retrieved from
  19. Jadhav R, Vatsala V (2017) Security issues and solutions in wireless sensor networks. Int J Comput Appl 162(2):14–19. CrossRefGoogle Scholar
  20. Jesus, E., Chicarino, V., de Albuquerque, C., & Rocha, A. (2018). A survey of how to use blockchain to secure internet of things and the Stalker attack. Secur Commun Netw, 2018, 1–27. doi: CrossRefGoogle Scholar
  21. Jones A, Ashenden D (2005) Risk management for computer security. Elsevier Butterworth-Heinemann, AmsterdamGoogle Scholar
  22. Katsikas S (2013) Risk management. Comput Inf Secur Handb:507–527. CrossRefGoogle Scholar
  23. Kurtz J (2017) Hacking wireless access points. Syngress, AmsterdamCrossRefGoogle Scholar
  24. Marr B (2018) Why the internet of medical things (IoMT) will start to transform healthcare in 2018. Retrieved from
  25. Marriott N (2017) Why the internet of medical things is the future of healthcare [Infographic, Video]. Retrieved from
  26. Mishra D, kumar S, Ashu A (2018) Internet of things: a survey on enabling technologies, application and standardization. SSRN Electron J.
  27. National Cyber Security Centre (2018a) Homepage. Retrieved from
  28. National Cyber Security Centre (2018b) Risk management and risk analysis in practice – NCSC Site. Retrieved from
  29. National Cyber Security Centre (2018c) 10 steps to cyber security – NCSC Site. Retrieved from
  30. NIST (2018) NIST releases version 1.1 of its popular cybersecurity framework. Retrieved from
  31. Paul N, Kohno T, Klonoff D (2011) A review of the security of insulin pump infusion systems. J Diabetes Sci Technol 5(6):1557–1562. CrossRefGoogle Scholar
  32. Ray P (2016) A survey on internet of things architectures. J King Saud Univ Comput Inf Sci 30(3):291–319. CrossRefGoogle Scholar
  33. Riahi Sfar A, Natalizio E, Challal Y, Chtourou Z (2018) A roadmap for security challenges in the internet of things. Digit Commun Netw 4(2):118–137. CrossRefGoogle Scholar
  34. Rivas H, Wac K (2018) Digital health: scaling healthcare to the world health informatics, 1st edn. Springer, ChamCrossRefGoogle Scholar
  35. Suo H, Wan J, Zou C, Liu J (2012) Security in the internet of things: a review. 2012 International conference on computer science and electronics engineering.
  36. The Chartered Society of Physiotherapy (2018) Big data is key to the future of the NHS, conference hears. Retrieved from
  37. Trend Micro (2018) Blockchain: the missing link between security and the IoT? – Security news – Trend micro PH. Retrieved from
  38. Ulsch N (2014) Cyber threat!: how to manage the growing risk of cyber attacks, 1st edn. Wiley, HobokenGoogle Scholar
  39. Van Haren (2014) Global standards and publications. Van Haren Pub, [Place of publication not identified]Google Scholar
  40. Yessad N, Bouchelaghem S, Ouada F, Omar M (2017) Secure and reliable patient body motion based authentication approach for medical body area networks. Pervasive Mob Comput 42:351–370. CrossRefGoogle Scholar
  41. Zafari F, Papapanagiotou I, Christidis K (2016) Microlocation for internet-of-things-equipped smart buildings. IEEE Internet Things J 3(1):96–112. CrossRefGoogle Scholar
  42. Zhang M, Raghunathan A, Jha N (2014) Trustworthiness of medical devices and body area networks. Proc IEEE 102(8):1174–1188. CrossRefGoogle Scholar
  43. Zhou J, Cao Z, Dong X, Vasilakos A (2017) Security and privacy for cloud-based IoT: challenges. IEEE Commun Mag 55(1):26–33. CrossRefGoogle Scholar
  44. Zhou W, Jia Y, Peng A, Zhang Y, Liu P (2018) The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet Things J:1–1.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Barnsley Local AuthorityUniversity of NorthumbriaNewcastle upon TyneUK
  2. 2.Northumbria University London with QA Higher EducationNewcastle upon TyneUK

Personalised recommendations