Threat Modeling for Enhanced Security in the Healthcare Industry with a Focus on Mobile Health and IoT

The advancement of mobile health and the Internet of Things (IoT) promises to enhance healthcare quality while reducing costs, particularly with the transition from inpatient to home and ambulatory care. This shift, driven by an aging population, financial pressures, and a shortage of skilled healthcare professionals, presents significant opportunities and challenges. While mobile health improves access and encourages self-management, it also raises serious concerns regarding security and interoperability, especially with wearable devices equipped with sensors in a patient's Body Area Network (BAN). This paper critically analyzes the security and interoperability risks associated with these technologies, emphasizing the need for robust measures such as configuration and asset management. Utilizing recommendations from ENISA (2016) and conducting a risk and vulnerability assessment, this study develops a comprehensive security model tailored for healthcare architectures. Additionally, it applies the STRIDE threat modeling approach to identify and mitigate potential threats, providing valuable insights for securing healthcare systems and prioritizing critical assets vital to organizational operations.