CYBERSECURITY RISK ASSESSMENT MODEL FOR INTERNET OF MEDICAL THINGS (IOMT) DEVICES IN HEALTHCARE SYSTEMS
Keywords:
Internet of Medical Things (IoMT), Healthcare Cybersecurity, Cybersecurity Risk Assessment, Medical Device Security, Hospital Network Security, Cyber Threat Detection, Healthcare Data Protection.Abstract
The rapid adoption of the Internet of Medical Things (IoMT) in modern healthcare systems has significantly improved patient monitoring, diagnostics, and hospital management. However, the increasing number of interconnected medical devices has also expanded the cybersecurity attack surface in hospital networks. IoMT devices such as infusion pumps, patient monitors, wearable sensors, and imaging systems often operate with limited security mechanisms, outdated software, and weak authentication protocols, making them attractive targets for cybercriminals. Cyberattacks on healthcare infrastructure can compromise patient data, disrupt medical services, and threaten patient safety. Therefore, effective cybersecurity risk assessment mechanisms are essential for protecting hospital networks and connected medical devices. This study proposes a cybersecurity risk assessment model designed specifically for IoMT devices deployed in American hospitals. The proposed framework evaluates cybersecurity threats by integrating vulnerability severity, threat probability, and operational impact to calculate an overall risk score for connected medical devices. A quantitative research approach was used to analyze a dataset consisting of multiple categories of IoMT devices commonly used in hospital environments. Statistical analysis was performed to identify vulnerability patterns and evaluate cybersecurity risk levels across different device types. The results indicate that a significant proportion of IoMT devices exhibit moderate to high cybersecurity risk levels due to software vulnerabilities, weak authentication mechanisms, and legacy system dependencies. Devices such as infusion pumps and hospital information systems were identified as the most vulnerable components within hospital networks. The proposed risk assessment model provides a systematic approach for identifying high-risk devices and prioritizing cybersecurity mitigation strategies. The findings highlight the importance of implementing proactive cybersecurity frameworks in healthcare environments to enhance network security and protect sensitive patient information. The proposed model can assist healthcare institutions in strengthening IoMT security, improving risk management, and supporting the development of resilient hospital cybersecurity infrastructures.
