Model for Implementing a IoMT Architecture with ISO/IEC 27001 Security Controls for Remote Patient Monitoring

Due to the recent pandemic, the healthcare sector has been forced to incorporate new technologies into its systems, such as IoT and Fog Computing. However, being new technologies, they are prone to security breaches. From this context, it is identified that medical systems do not have a sufficient level of security, due to the use of new technologies such as IoT and the lack of controls to protect these new technologies. Therefore, a model for implementing an Internet of Medical Things (IoMT) Architecture with ISO/IEC 27001 security controls for remote patient monitoring is proposed. This model has 4 stages: Stage 1 selects an information security standard for the healthcare sector. Stage 2 selects the information security controls of the selected standard. Stage 3 selects and evaluates an IoMT architecture applicable to the healthcare sector. And Stage 4 designs the information security controls for each layer of the IoMT architecture. The IoMT architecture and information security controls are simulated and experimented with physicians (the productivity of the system) and with information security expert (the quality of the implemented controls). The results of the first experiment show that “effectiveness”, “productivity”, and “satisfaction” regarding the use of the IoMT architecture have an average rating of 4.05 (high level). The results of the second experiment show that “Information Security”, “Awareness” and “Security Incident Management” regarding the quality of the security controls implemented have an average rating of 3.65 (high level).