Introduction
Year | References | Architecture | COVID | Devices | Connectivity technologies | Worldwide market | Security and threats | Applications | Systematic analysis |
---|---|---|---|---|---|---|---|---|---|
2019 | [30] | IOMT Arc. | X | X | X | X | \(\checkmark \) | X | X |
2020 | [29] | IOMT Arc. | X | PD | PD | X | \(\checkmark \) | PD | X |
2020 | [31] | X | X | \(\checkmark \) | \(\checkmark \) | X | \(\checkmark \) | X | \(\checkmark \) |
2021 | [32] | IOMT Arc. | X | X | X | X | \(\checkmark \) | X | PD |
2021 | [33] | IOMT Arc. | \(\checkmark \) | X | X | PD | \(\checkmark \) | \(\checkmark \) | X |
2022 | [34] | X | X | X | X | X | \(\checkmark \) | X | X |
2022 | [35] | PD | X | \(\checkmark \) | PD | X | X | \(\checkmark \) | X |
2022 | This study | IOMT Arc. | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) | Comprehensive systematic review |
-
To our knowledge, this is the first survey that provides a comprehensive comparison of the IoT and healthcare domains based on previously published research.
-
The paper presents an outline of the future smart healthcare system, its tremendous ability to transform people’s lifestyles, and smart solutions to situations, such as COVID-19. Analyzing the current state-of-the-art development of IoMT worldwide also emphasizes the demands to accomplish the suggested theory.
-
The paper discusses the commercially available devices, applications and services, and communication protocols for the Internet of Medical Things.
-
The paper highlights IoMT security and privacy challenges and future research directions for smart healthcare systems.
Notations | Meanings |
---|---|
6LoWPAN | IPv6 over low-power wireless personal area networks |
AAL | Ambient assisted living |
AMPQ | Advanced message queuing protocol |
BLE | Bluetooth low energy |
BP | Blood pressure |
CAGR | Compound annual growth rate |
CoAP | Constrained application protocol |
COVID-19 | Coronavirus Disease of 2019 |
CNN | Convolution neural network |
CT | Computed tomography |
CSMA-(CA) | Carrier sense multiple access with collision avoidance |
CSS | Chirp spread spectrum |
CSRF | Cross-site request forgery |
CRT | Cardiac re-synchronization therapy |
DoS | Denial-of-service |
DSSS | Direct sequence spread spectrum |
EMG | Electromyography |
ECG | Electrocardiography |
ECIEDs | Embedded cardiac implantable electrical devices |
FDA | Federal Drug Administration |
GPRS | General packet radio service |
GTS | Guaranteed time slot |
HTTP | Hypertext transfer protocol |
ICD | Implantable cardioverter defibrillator |
IDS | Intrusion detection systems |
INEs | Implantable nerve electrodes |
IoT | Internet of things |
IoMT | Internet of medical things |
IPs | Internet protocols |
LED | Light-emitting diode |
LVAD | Left ventricular assist device |
LoRaWAN | Low-power wide-area network |
Lora | Long-range |
LVAD | Left ventricular assist device |
M2M | Machine-to-machine |
MAC | Medium access control |
MIMO | Multiple input multiple output |
MQTT | Message queue telemetry transport |
MRI | Magnetic resonance imaging |
NFC | Near-field communication |
NFV | Network functions virtualization |
PAN | Personal area network |
PHI | Protected Health Information |
PHY | Physical |
PRISMA | Preferred reporting items for systematic reviews and meta-analyses |
PPG | Photoplethysmography |
SDN | Software defined networking |
RFID | Radio frequency identification |
SQL | Structured query language |
TCP | Transmission control protocol |
UDP | User datagram protocol |
UHF | Ultra-high frequency |
UWB | Ultra-Wideband |
WSNs | Wireless sensor networks |
XMPP | Extensible messaging presence protocol |
XSS | Cross-site scripting |
Research methodology
Worldwide IoMT implementation and supportive market
COVID-19 impact on IoMT
IoMT market segments
IoMT region
IoMT product
-
Medical devices Medical Devices are classified into three types. Wearable External Medical Devices, Implanted Medical Devices, and Stationary Medical Devices. Wearable external medical devices account for most medical devices and are expected to grow at a CAGR of 18.7% between 2021 and 2027. Wearable external medical devices accounted for approximately 27.5% of total sales in 2019 [38].
-
Systems and software Data analytics, network security, application security, remote device management, and network bandwidth management. The market is segmented into five divisions based on systems and software. The remote device management category captured the largest market share IoMT market in 2019, accounting for around 52.3% of the market share, and it is anticipated to rise by 42.5 billion USD by 2027.
-
Services The market comprises three service segments: consulting, support and maintenance, and deployment and integration. Support and maintenance have the largest proportion of all service categories, and they are predicted to grow at an 18% CAGR from 2021 to 2027. In 2019, the revenue share of the support and maintenance sector was 47% [46]
-
Connected technologies The IoMT ecosystem’s frameworks are connection technologies that connect people and things to the Internet. Wireless technologies used in health care include WiFi, BLE, Near-field communication (NFC), Zigbee, cellular, and satellite systems. Continuous wireless communications are made possible by compatibility between wireless technologies, lower power consumption, and spectrum extension. In 2017, the connectivity technology market was worth $9.3 billion, and it is predicted to grow to $28 billion in 2022 and $34 billion in 2027 [46].
IoMT applications
IoMT end-user
Applications on internet of medical things
Rehabilitation system
ECG monitoring system
Temperature monitoring system
Mood monitoring system
Blood pressure monitoring
Glucose level monitoring system
Other notable applications
References | Application/task | IoMTs |
---|---|---|
[80] | Smart rehabilitation system | BCI-actuator, brain EEG cap, motion sensor |
[54] | Disease detector | Sensors and boards |
[81] | Action and activity recognition for health monitoring | Wearable camera, google glass, motion wrist sensor |
[82] | Heart rate estimates | PPG, ECG, wearable sensors |
[83] | Sleep pose recognition | Depth and RGB sensors, Carmine camera |
[84] | CT-scan images similarity measures | SPET-Images, CT-MR, CT-MR t1, CT-MR t2 |
[85] | Autistic patient monitoring | Voice pathology, cloud technology |
[82] | Stress evaluation | PPG, ECG, wearable sensors |
[86] | Cuff less blood pressure monitor | ECG, photo-plethysmo-gram signals |
[87] | Emotion recognition | Respiration, physiological signals, Galvanic skin response, 4-EMG, body temperature |
[88] | Sleep apnea detection | Heart-rate, saturation, abdominal, respiratory belt |
IoMT architecture system
Perception layer
Wearable devices
-
Real time Location sensor (RLTS): It can be deployed to track healthcare personnel in big hospitals when a patient or other member of staff calls for rescue during a life-threatening emergency.RTLS may track patients’ body actions to guarantee their survival, especially critical for Alzheimer’s and dementia patients. An RTLS can be implemented using various technologies, such as camera vision, light, infrared (IR), ultrasound, sound, GPS, and RFID.
-
Body temperature sensors: These sensors are used to determine the temperature of the body. The most commonly used temperature sensors are the LM-35, DS18B20,TMP236, and MAX3020 [35]. The LM-35 is most generally used in wearable sensor networks because of its many uses in remote patient monitoring. It has a higher temperature range than the others, ranging from 55 to 150 \(^{\circ }\)C with an accuracy of 0.5 \(^{\circ }\)C. A thermistor can be used in place of a temperature sensor, since it is inexpensive, dependable, and waterproof, with a precision of up to 0.25 \(^{\circ }\)C.
-
Blood pressure sensors: These devices are used to keep track of a patient’s blood pressure. There has been much research into non-invasive blood pressure monitoring, particularly the oscillometric approach, which uses an air-inflated cuff to pressurize blood vessels and measure systolic and diastolic pressure. In the other approach, biological sensors, such as ECG and PPG sensors are utilized to estimate blood pressure without using a cuff. The traditional method of measuring blood pressure needs many devices and is thus inconvenient. Advances in ECG and PPG signal processing have formed a system for estimating and evaluating patients’ blood pressures.
-
Bio-metric sensors: Wearable biometric sensor devices may collect and analyze personal data in real-time, such as heart rate and sleep habits. Recent biometric sensors are precise, versatile, and scalable to various devices, such as smartwatches, earbuds, and armbands. Due to technological advancements in microcontrollers (MCUs) and system-on-a-chips (SoCs), continuous glucose monitoring, blood oxygen saturation (SpO\(_2\)) monitoring, and mood and stress monitoring are all becoming widely widespread and are expected to be widely accepted by the community.
-
Heart rate sensors: Electrocardiography (ECG) or photoplethysmography (PPG) measures the heart rate. A PPG is a standard method to monitor heart rate, since it is a simple, non-invasive, and inexpensive optical measurement technology. A PPG sensor comprises a photodetector and a light source placed on the skin’s surface to monitor fluctuations in blood flow, and the second derivative wave of a PPG signal offers vital health information. As a result, evaluating this waveform can assist in diagnosing a variety of cardiovascular disorders. The PPG sensor is most commonly placed on the patient’s earlobe, finger, or forehead.
-
Electronic cardiogram sensors: Data from an electrocardiogram (ECG) is needed to keep track of a healthy heartbeat and strength. It evaluates the heart’s muscular and electrical performance. It is crucial for predicting and preventing cardiovascular disease. The ECG monitoring device AD8232 is frequently used. It can function as a heartbeat sensor and an ECG graph sensor.Table 4Wearable sensor in the healthcare sector
-
Respiratory rate sensors: Measuring respiratory rates is crucial in healthcare systems for identifying a variety of ailments, including pneumonia and asthma. Considering IoT devices must be power efficient, continuously monitoring a patient’s respiration rate is difficult. These sensors keep track of how well patients are breathing. A thermistor is the most common hardware device for monitoring the rate of breathing. A thermistor is less expensive, uses less power, and has a longer lifetime, which is ideal for medical applications.
-
Activity sensors: Activity trackers record patient movement throughout the day and also at night. For example, Gyroscope sensors track behaviors such as sleeping and jogging. The tracker records the number of steps a patient takes during the day, activity duration, the distance covered, whether they reach their daily target, calorie consumption, and fat burn. At night, the patient’s sleep duration is recorded, and the quality of his or her sleep is evaluated.
-
Muscle activity sensors: The electromyographic (EMG) sensor is a sensor that detects electrical muscle activity. It is frequently used as a command signal for various prosthetic systems. This sensor allows doctors and medical workers to keep track of a patient’s nerve and muscle issues. These sensors are also deployed in wearable technology to track patients’ behavior. In addition, Advancer Technologies is working on an Arduino-based EMG sensor. The impacted condition of the patient’s health can be determined using this sensor.
-
Fitness trackers: A wearable fitness tracker uses special gizmos to keep track of various parameters of the individual wearing the tracker. Many different sensors can be added to a fitness tracker, such as a three-axis accelerometer, gyroscope, altimeter, temperature sensor, bioimpedance sensor, optical sensor, etc. These sensors measure several parameters, such as acceleration, frequency, duration, intensity, and patterns in individuals’ movements.
-
Glucose sensors: Diabetic people need blood glucose monitors to keep their blood sugar levels stable. Blood glucose monitors occur in many forms. On the other hand, non-invasive and smart glucose monitors are preferable in an IoT context to prevent the challenges of invasive blood glucose monitoring and the potential for infection from injections. The Company “DIAMONTECH” has designed an intelligent, non-invasive glucose meter with this in mind. It processes and detects any irregularity in the obtained patient data using near-infrared spectroscopy and machine learning techniques. The information is transferred to the cloud for analysis and reporting. These characteristics enable endocrinologists to take care of their patients from afar.
-
Pulse oximeters: This is a non-invasive device that measures the oxygen saturation of a person’s blood. This data can help track and diagnose any changes in a patient’s health. Asthma, pneumonia, anemia, lung illnesses, and other health problems can all be detected with a blood oximeter. The MAX30102 is the most widely popular and effective pulse oximeter sensor in smart healthcare. The sensor is a low-power device (1.8 V). Its compact size allows it to be readily fitted into smart wearables or smartphones.
-
Accelerating sensors: The use of an accelerating sensor to track physical activities helps detect postural orientation and motions in the real world. It is used to keep track of an elderly patient’s recovery.
-
Biochemical sensors: Wearable biochemical sensors provide much potential for personal medication and continuous health monitoring. This sensor detects and quantifies numerous chemical elements in the human body, such as perspiration, saliva, and tears, to track alcohol and drug consumption. It is also used to identify harmful chemicals in the atmosphere and monitor biochemistry.
-
Drug pumps: A drug pump is a medical device that controls the delivery of fluids into a patient’s body. It provides predetermined doses of medicine to the patient. Drug pumps can supply large or moderate doses of fluids, and they can be used to deliver nutrition or pharmaceuticals, such as insulin or other hormones, antibiotics, chemotherapeutic drugs, and pain relievers. A “smart drug pump” has safety measures, including user alerts that trigger when a potentially harmful drug interaction appears or when the user adjusts the pump’s settings outside of predefined normal ranges.
Implantable devices
-
Swallowable camera capsule: It is difficult to detect a range of problems in the gastrointestinal system, especially in the small intestine. In the field of diagnosis, medical technology has made significant advances. The capsule endoscopy alters the diagnosis of the gastrointestinal tract dramatically. A camera, light bulb, battery, and radio transmitter are commonly included in the capsule used in capsule endoscopy. Peristalsis causes the capsule to move around in the body. The method is straightforward and does not necessitate any prior knowledge. When it comes to diagnosing lesions, Crohn’s disease, ulcerative colitis, and ulcers, capsule endoscopy has proven to be the best and most sensitive method for diagnosing lymphoma, carcinoid tumors, etc. [92]. The swallowable camera capsule provides at least two photos per second. The camera capsule is taken orally and expelled after 36–72 h. The battery in the swallowable camera capsule is charged and ready to use after excretion. Capsule endoscopy is a painless procedure that provides more convenient data than endoscopy. It visualizes the patient’s gastrointestinal tract from within.
-
Embedded cardiac implantable electrical devices (ECIEDs): these are highly complex modern gadgets that offer patients a variety of benefits, including improved survival and quality of life. It collects data and delivers it through a radio connection to a nearby ubiquitous network. As listed below, three types of embedded cardiac implanted electrical devices (ECIEDs) are widely used.
-
Implantable cardioverter defibrillator (ICD): This battery-powered gadget is implanted beneath the skin and monitors the heart rate. An ICD device contains wires implanted into cardiac tissue that can provide electrical stimulation, monitor heart rhythm, and sometimes “rate” the heart’s beats as necessary.
-
Pacemaker: It is a little battery-operated gadget that improves with the regular beating of the heart. A transitory pacemaker may be required during hospitalization following a heart attack due to a slow heart rhythm; however, a pacemaker may not be required long term unless damage to the heart’s conduction system from the heart attack affects the ability to maintain a normal heart rhythm and rate.
-
Cardiac re-synchronization therapy (CRT:) This system comprises two parts: the pulse generator, or device, and thin, insulated wires known as leads. A CRT device sends minute quantities of electrical energy to the heart through these leads. This helps to reestablish regular heartbeat timing, causing both ventricles to pump together more efficiently, such as a fist closing normally again.
-
-
Left ventricular assist device (LVAD): This is a surgically implanted, battery-powered mechanical pump-type device. It aids in the maintenance of a heart’s pumping ability when it is unable to perform correctly on its own.
-
Implantable Nerve Electrodes (INEs): These are essential treatments for neurological diseases, such as epilepsy, Alzheimer’s disease, Parkinson’s disease, and others, particularly in the absence of specific medications [93]. INEs can investigate and regulate the nervous system by recording electrical nerve impulses or stimulating nerve tissue.
Ambient devices
-
Motion sensors: A motion sensor is an electrical device that detects ambient motion using a sensor. A sensor is frequently used as part of a system that automates an activity or notifies a user of motion in a specific area. The two most popular motion sensor technologies are active ultrasonic and passive infrared (PIR) sensors, known for their accuracy and reliability.
-
Room temperature sensors: Temperature sensors monitor the degree of heat energy or even coldness produced by an object, permitting one to “sense” or detect any physical change in that temperature, generating an analog or digital output. Temperature sensors come in various shapes and sizes, each with its features based on the application. A smart thermostat sensor, for example, is a wireless remote sensor that can monitor the temperature in multiple rooms and send the data to the central thermostat. A smart thermostat sensor offers homeowners more control over the heating and cooling of under-served areas of their homes.
-
Pressure sensors: Pressure sensors are equipment or devices that convert the intensity of the physical pressure imposed on the sensor into an output signal that can be used to calculate the pressure’s quantitative value. Many distinct pressure sensor devices perform the same functions but use various underlying techniques to convert pressure to an output signal. These sensors measure the pressures of solids, liquids, and gases and water levels, fluid movement, speed, and height. Examples are compressors, pumps, mechanical ventilators, blood-pressure transducers, and other sensors.
-
Vibration sensors: A vibration detector is a sensor that detects the frequency and magnitude of vibration in a system, machine, or system component. These metrics can identify equipment imbalances or other flaws and predict future failures. Vibration sensors are based on various operating principles, the most popular accelerometer-based. Vibration-based sensing systems for human and infrastructure safety and health monitoring are now available. These technologies use structural and body vibration as a data source and can be used in wearable and non-wearable devices. Moreover, the vibration detection technique uses low-cost, low-power sensors, making them suitable for outdoor and indoor monitoring. For example, it is used to monitor the movement of patients in their beds.
-
Daylight sensors: These sensors detect natural light and alter the lighting zones in the space automatically.
-
Door sensors: To prevent infection, monitor the status of the door (open or closed).
Stationary devices
-
Imaging equipment: This is a process and technique of imaging the inside of a body for clinical examination and surgical intervention, as well as visualization of the function of particular anatomical structures (physiology). Medical imaging aims to expose hidden interior structures beneath the skin and bones and detect and cure disease. Medical imaging also creates a normal anatomy and physiology database, allowing anomalies to be detected. Although medical imaging of damaged organs and tissues is possible, such operations are normally classified as pathology rather than medical imaging. The following are imaging equipment examples that provide visualizations of the inside of a body for clinical research and medical treatment.
-
Computed tomography (CT): This scan is an effective tool for detecting diseases and injuries [95]. It creates a 3D image of soft tissues and bones using a sequence of X-rays and a computer. A healthcare professional can diagnose diseases using CT scans, which are painless and noninvasive. A CT scan can be done in a hospital or imaging center.
-
Magnetic resonance imaging (MRI): A high magnetic field, radio waves, and a computer are used to produce comprehensive images of the inside of your body in magnetic resonance imaging (MRI). MRI is a non-invasive imaging technique that creates comprehensive three-dimensional anatomical images. It works by stimulating and detecting changes in the direction of the rotating axis of protons in the water that makes up living tissues. It is frequently employed in detecting, diagnosing, and monitoring diseases. It can diagnose or track treatment progress for several disorders affecting the chest, abdomen, and pelvis.
-
X-ray: It is a painless, rapid test that generates images of the inside components of the body, especially bones. X-rays use small amounts of radiation to create images of the body. X-ray beams penetrate through the body, and depending on the density of the material, they pass through and are absorbed in varying amounts. On X-rays, dense materials, such as bone and metal appear white. The lungs’ air appears to be black. Fat and muscle appear as grayscale images.
-
Ultrasound: This is an imaging technique that employs sound waves to create a picture of organs, tissues, and other structures inside the body. An ultrasound can also reveal moving components of the body, such as a beating heart or blood flowing through blood arteries. Ultrasounds, unlike X-rays, do not employ radiation.
-
Overview of IoMT communication protocols
IoMT protocols | Layer | Standard | Data-rate | Transmission range | Frequency | Cost | Power consumption | Topology |
---|---|---|---|---|---|---|---|---|
Infrared | Perception-network | Not standardized | 14.4 Kbps | 1 m | 850–900 nm | LoW | Low | LAN |
RFID | Perception | ISO, IEC | 106–424 Kbps | 20 cm | 13.56 MHz | Low | Very low | Ring |
Bluetooth | Perception-network | 802.15.1 | 1–24 Mbps | 8–10 m | 2.4 GHz | Low | Medium | Star |
Ultra-Wideband | Perception | 802.15.4 | 53–480 Mbps | 10 m | 3.1–10.6 GHz | Low | Low | Radio technology |
Wi-Fi | Network | 802.11a, b, g, n | 2–54 Mbps | 20–100 m | 2.4 GHz | Low | High | Star |
ZegBee | Perception-network | 802.15.4 | 20–250 Kbps | 10–20 m | 868/915 MHz, 2.4 GHz | Low | Low | Star, Tree, mash |
LoRaWAN | Network | 802.15.4g | 0.3–50 Kbps | 3–4 km | 133/868/915 MHz | Low | Very low | Star |
6LoWPAN | Network | 802.15.4 | 250 kbit/s | 10–100 m | 2.4 GHz | Low | Low | Star |
Perception layer protocols
-
Bluetooth: This is a wireless communication system that employs ultra-high frequency (UHF) radio waves to communicate across short distances. This technology provides wireless communication between multiple parts of medical equipment. Bluetooth operates on the 2.4 GHz radio band. Bluetooth can communicate up to 100 m apart. Bluetooth secures data using encryption and authentication. The primary advantages of Bluetooth are low cost and power efficiency. It also ensures less interference between connected devices during data transfer. However, when it comes to long-distance communication in a healthcare application, this technology falls short [101].
-
RFID: It comprises a system of assigning a unique identifier to each object uniquely in record data. RFID comprises readers, hosts, and tags, each absorbing and emitting radio waves, offering the term responder. In various sizes and forms, active and passive RFID tags are marketed. Compared to active tags, passive tags are more valuable, because they are less expensive. Tags contain a unique ID number and climate data, such as moisture content, temperature, and humidity, among other things. To recognize an object, these tags are integrated and connected to it. The mentioned frequency ranges are generally used in RF communications: low frequency—125 kHz, high frequency—13.56 MHz, ultrahigh frequency—433 MHz, and 860–960 MHz and microwave—2.45 GHz, 5.8 GHz. Intelligent RFID tags deployed inside or near a patient’s body are essential supporting technologies for establishing smart medical systems that are entirely transparent to the patient. Furthermore, passive RFID tags can be used to monitor the environment of patients, and healthcare organizations can deploy RFID cards to secure physical entrances.
-
Infrared: This communication is one of the most basic wireless communication technologies, and it is a cost-effective way of conveying a few bits of data remotely. It is safe to assume that anybody reading this has used a variety of remote controls at home or work, and the majority of those simple gadgets interact with the receiver via infrared pulses. The NEC protocol uses pulse distance encoding to distinguish between logic states in transmitted messages. A synchronization sequence, an eight-bit address, and a command comprise the message itself. The RC5 protocol uses Manchester encoding to distinguish between logic states. The message consists of two start bits, a toggle bit, five address bits, and six data bits. Both systems support repeat sequences that prompt the user to execute the previous command again. Infrared is employed in thermometers and cameras in the medical domain. Thermal imaging technology based on infrared light is also used to analyze and measure the temperature of a body.
-
Ultra-wideband (UWB): This is also known as an ultra-wideband, or ultra band, and is a wireless communication protocol for short ranges. It employs radio waves to allow devices to communicate with one another. It also employs a higher frequency. Ultra-wideband has a frequency range of 3.1–10.6 GHz. One disadvantage is its small range, but this is not a big deal when one has two devices in the same room. A UWB transmitter sends billions of radio pulses across a broad spectrum of frequencies, subsequently translated into data by a UWB receiver. In the same way that bats use auditory signals to perceive their environment, UWB pulses may be used to measure distances between two transmitters. The more accurate the distance measurement, the shorter the impulse period. Since it sends up to 1 billion pulses per second, UWB achieves real-time precision (about 1 per nanosecond). Ultra-Wideband is a radio protocol that is rapid, reliable, and low-power, and it is used to detect locations with greater accuracy than any other wireless technology. For example, the ECG method needs short-distance communication technology, and UWB, such as other protocols, has been used for this function.
Network layer protocols
-
WiFi: IEEE 802.11 is a group of wireless local area network communication standards, including 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac. These standards all work at different bandwidths of 5 GHz, 2.2 GHz, 2.4/5 GHz, 60 GHz, and 5 GHz. These standards’ data transfer rates range from 1 Mb/s to 7 Gb/s. It has a communication range of 20 to 100 meters. Many researchers have suggested using WiFi to communicate between remote monitoring and control devices in an IoMT system. For example, WiFi networks have been deployed on medical equipment, including defibrillators, infusion pumps, anesthetic machines, and lung ventilators. It is proven that WiFi can be used efficiently and securely for device communication.
-
LoRaWAN: This is an abbreviation for long-range chirp spread spectrum (CSS)-based spread spectrum modulation. Lora is a low-power, long-range wireless network that has emerged as the unofficial wireless platform for the IoT. LoRaWAN devices and networks enable smart IoT applications that address some of the world’s most important concerns, such as infrastructure efficiency, energy management, pollution control, natural resource conservation, and disaster avoidance. LoRa devices are used in smart cities, houses and buildings, communities, metering, supply chain, logistics, agriculture, and other applications [29, 102].
-
Zigbee: This is a popular protocol for connecting medical devices and transferring data. Zigbee has a comparable frequency band to Bluetooth (2.4 GHz). However, compared to Bluetooth devices, it has a greater communication range. A mesh network topology is implemented in this technology. End devices, routers, and a processing center are the components of the system. The processing center handles the data analysis and aggregation. The mesh network keeps the rest of the devices connected even if one or two of them fail. Power dissipation, rapid transmission rates, and massive network throughput are just a few of the advantages of Zigbee [103].
-
6LoWPAN: Its abbreviation is IPv6 over Low-Power Wireless Personal Area Networks. It is a low-power wireless mesh network with individual IPv6 addresses for each node. This enables the node to connect to the Internet directly using open standards. The idea behind 6LoWPAN was that the Internet Protocol should be applied to even the tiniest devices and that low-power devices with limited compute capability should be permitted to participate in the IoT. The 6LoWPAN has specified encapsulate and header compressing techniques that help standard IPv6 packets be transmitted across IEEE 802.15.4-based networks. Furthermore, the 6LoWPAN IETF team has created a protocol called 6LoWPAN over Bluetooth Low Energy (RFC 7668).In the medical field, IoMT sensors and remote devices can be communicated to IP networks using 6LoWPAN, enabling sensor connectivity. In addition, it enables sensor interaction with middleware systems or network routers.
Application layer protocols
IoMT application protocols | Standards | Architecture | Encoding format | Header/message |
---|---|---|---|---|
MQTT | IETF, Eclipse foundations | Client–server, Broker | Binary | 4 Byte/small |
COAP | OASIS, Eclipse foundations | Client–broker | Binary | 2 Byte/small |
AMQP | OASIS AMQP TC | Publishers-subscribers, Broker | Primitive, or a described format code | Undefined, large |
XMPP | IETF, open standard | Client–server | Binary | 1023 bytes |
-
CoAP: This protocol is implemented in the IoT communication loads that are sensitive to traffic congestion-induced performance degradation. It is a web transport protocol with a low bit rate designed for devices with limited processing power and memory [104]. HTTP is a hypertext transfer protocol that allows the RST architecture to be extended to Low-Power Wireless Personal Area Networks (LoWPANs) [105]. Moreover, The Medium Access Control (MAC) mechanism is also provided by the Low-Power Wide-Area Network (LoRaWAN) protocol, facilitating communication among different devices and networks. This protocol is designed with a star topology and offers numerous benefits in IoT applications, including low cost, power consumption, security, and easy implementation. The User Datagram Protocol (UDP) is the primary transport layer protocol. It is based on the RST architecture and has a 4-byte header-only format [106]. The re-transmission timeout method [107] also provides dependability. Because it is built on top of UDP, CoAP assumes end-to-end trustworthiness and main congestion control. At the application layer, this protocol is responsible for arranging the data formatting handshaking communication [108]. The acknowledgment message, the confirmable message, the non-confirmable message, and the reset message are all used by CoAP to send data. The request/response paradigm is the foundation of CoAP [109].
-
MQTT: This is an asynchronous protocol that is used for light machine-to-machine communications and leverages the publish/subscribe principle. This protocol’s primary function is to connect embedded network systems to middleware and applications. MQTT benefits include the guarantee route in small places and low memory, low cost, and low-power equipment for susceptible and low-bandwidth networks. Because this protocol is lightweight, it is better suited for WSN, M2M, and IoT applications [110]. It allows high-latency or limited networks for data transmission from devices to the server in the style of telemetry [111].
-
XMPP: This protocol is mainly used for sending and receiving messages. In contrast to the CoAP Request/response approach, it employs the publish/subscribe mechanism, which is better suited for the IoT. Furthermore, despite the availability of newer protocols, such as MQTT [112], it is an early internet protocol that has been supported. It is based on the Internet Engineering Task Force (IETF) standards for cross messaging, telepresence, and video and audio calling [113]. The key advantages of XMPP are that it is a reliable protocol and that it enables the development of additional applications [114].
-
AMQP: was designed with the business industry in mind. Its capabilities include message orientation, switching, queuing, security, privacy, and reliability [115]. The AMQP protocol, such as XMPP, is built on a publish-subscribe model. This protocol ensures that messages are sent successfully and that delivery primitives, such as at-most-once, at-least-once, and precisely once are employed. The main advantage of using AMQP is the store-and-forward feature, which assures dependability and trustworthiness. However, it may create network interruptions [116]. It requires a reliable transport protocol that specifies how it uses the Transmission Control Protocol (TCP) to deliver and receive messages [117].
References | Protocol | Applications |
---|---|---|
[104] | COAP | Traffic congestion increases IoT communication load |
[105] | RST should be expanded to include LoWPANsg | |
[106] | Reliability is achieved by the use of re-transmission mechanism | |
[107] | Application layer | |
[108] | Formatting handshaking connection | |
[118] | MQTT | WSN,M2M, and IoT |
[110] | Lightweight M2M communication | |
[111] | Telemetry-style data transmission | |
[112] | XMPP | Security |
[113] | Exchange of messages | |
[114] | Reliable and trustworthy network | |
[115] | Multi-party chatting, telepresence,and voice & video calling | |
[116] | Financial industry | |
[117] | TCP for exchanging messages | |
[119] | LoRa | Collecting human body data, “MySignals” developed a healthcare management solution based on the LoRa wireless network |
IoMT security and privacy
Attacks on IoMT middleware
-
Cross-site request forgery: This form of attack is becoming more frequent on RESTful API-enabled IoT devices. The CSRF approach deceives the end-user into responding to a susceptible application without awareness. If not set appropriately [124], the IoT layer’s web interface becomes vulnerable to CSRF attacks.
-
Session hijacking: This type of attack is popular in RESTful-based IoT devices. Sessions could be hijacked due to numerous IoT devices maintaining session connectivity at the web application interface, allowing an attacker to access session data.
-
Cross-site scripting: XSS also takes advantage of RESTful IoT apps by injecting side scripts onto web pages to evade access restrictions. Such attacks are enabled via the websites of cloud-connected IoT applications [125].
Application layer attacks
-
SQL injection: A SQL injection vulnerability in a cardiac management system has been discovered. This attack occurs when an attacker injects an incorrect SQL query into the application’s backend database. A powerful SQL injection attack might breach or change confidential patient records, posing a significant threat to IoT devices, particularly in the health industry [121].
-
Account hijacking: Several IoT devices use insecure encryption or communicate in text format over the Internet. Intercepting the packet when an end-user has been authenticated allows an attacker to undertake account hijacking. As documented in several situations [126], the primary source of the creation of this attack is ancient operating systems with unpatched vulnerabilities.
-
Brute-force: this comprises exploring every possible option to guess inputs, such as passwords. IoMT apps are vulnerable to brute-force attacks, because there is inadequate security to prevent such attacks on IoT devices. This is due to the simulated computing capacity of the sensors. Pacemakers are particularly sensitive to this type of attack [127].
-
Ransomware: encrypts crucial data and demands much cash to restore it. This threat could start on a single machine and propagate throughout the network. Attackers can encrypt confidential information, such as patient information, and keep the decryption code in exchange for cash [128].
Cyber-attacks
Business layer threats
-
Information disclosure: The security of the IoMT system is threatened by unauthorized access to sensitive data, such as medical records. To gain unauthorized access to sensitive information, an attacker could employ previously outlined techniques, such as session hijacking and CSRF. In 2021, this type of breach accounted for almost 38% of all healthcare breaches [134].
-
Deception: Data integrity is harmed by corrupted data, which can have negative impacts. Information deception may be caused via attacks, such as sinkholes and man-in-the-middle. Approximately 58% of institutions lack a mechanism for correcting incorrect information [135].
-
Disruption: The availability of the system is harmed when correct operations or access to medical information are interrupted, which might have life-threatening implications. A DoS attack is an example of a cyber-attack that tries to disrupt information [136].
-
Usurpation: The integrity of medical equipment is affected by unauthorized access to specific areas of the system by attacks, such as sinkhole, replay, and code injection [126].
Threats to IoMT communication layer
-
Wearable device attacks: Wearable devices typically interface with other devices, such as smartphones, via a communication protocol (such as Bluetooth Low Energy) or an accumulator, for example, to gather medical information from a variety of sensors. In this case, a smartwatch serves as a pulse oximeter, and it is connected to a smartphone through Bluetooth Low Energy (BLE). The attacker may be close enough to connect with the wearable device via force. The information captured by a person’s phone can be retrieved by the attacker’s phone [137]. This attack relies on the fact that the wearable device and the smartphone need not verify each other at each connection point. As a result, the wearable device cannot distinguish between the smartphone of the genuine user and that of the attacker. To avoid such threats, keep your authentication credentials up to date, avoid auto-pairing, and only pair with authorized devices [138].
-
Infusion Pump Attacks: The infusion pump is a type of therapeutic equipment. It may be controlled remotely or with direct access by the patient, so a doctor or nurse can use it in either mode. Below are several real-life examples of proven susceptible infusion pumps used in healthcare settings and potential concerns. The US Federal Drug Administration (FDA) prohibited the sale of a certain infusion pump in 2015 to prevent accidents. Researchers uncovered many flaws in a certain model of Hospira infusion pumps [139]. Because of these flaws, a hacker was able to gain access to the pumps and change the amounts of drugs that were supposed to be dispensed. The FDA advised all hospitals in California and around the country to stop using potentially dangerous medical equipment [139]. Because infusion pumps may be accessed physically, human error and physical manipulation are potential concerns. Strong identification and authentication are necessary to prevent an attacker from gaining access to the device.
-
Surgical robotics assaults: Direct attacks on interconnected surgical robots or external attacks on ambient equipment such as gyroscope sensors that could impact a surgical process are real attack possibilities. Micrometer precision is required due to the nature of the technique. It is possible to attack the surgical robot directly or indirectly through the sensors. Perception layer attacks are the most common attack on gyroscope sensors. By sending out signals, an attacker can use replay attacks to mislead the actual gyroscope signals. As a result of this attack, the mapping of the human body may be harmed. It has the capability of changing coordinates or generating error messages [140]. To successfully undertake such an attack, the attacker must be in close proximity to the sensor. As a result, the doctor must work outside the operating room, free of tracking and identification technology. Attacks such as the ones listed below are possible in the event of a direct attack on the surgical robot.
-
Changes to the robot’s intent: The attacker can alter packets, while they are being transported. This activity may result in small device problems, such as odd robot motions or delays.
-
Controlling the robot’s intent: In this scenario, the intruder is unable to manipulate the medical equipment, but he or she may have an impact on the device’s feedback, such as pictures and coordinates.
-
Hijacking: The invader manages to seize control of the surgical robot.
-
-
Monitoring device attacks: A suspicious user might try to hijack a camera or disable an alarm system in this situation. If anybody tries to interfere with a treatment device’s alarm system and the alert is turned off for a few minutes (or even seconds), a patient may receive a pharmaceutical overdose with catastrophic consequences. Attack patterns include denial-of-service attacks and SQL injections. Strong authentication systems and advanced intrusion detection systems (IDS) may be required to protect against such attacks [141]. The importance of early identification is well-acknowledged [142]. Indeed, it is mainly concerned with application layer protocols, such as MQTT and COAP.