Abstract
As the number of devices (things) connected to the Internet (Internet of things: IoT) is growing, achieving robust security and privacy (S&P) is becoming increasingly challenging. With the heavy use of medical things (MT), the S&P in the medical domain poses a serious issue that continues to grow. Due to the criticality and sensitivity of the data in the healthcare domain, ensuring the S&P of the Internet of medical things (IoMT) makes matters even more problematic. Lack of proper S&P in IoMT will not only leave patients' privacy at risk but may also put patients' lives at risk. In this paper, we provide a taxonomy of the S&P issues of IoMT. We also provide an approach to quantify IoMT risks and demonstrate how to assess risks in two IoMT devices. This work aims to increase the S&P awareness among IoMT stakeholders by enabling them to identify and quantify potential IoMT S&P risks.