{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T03:00:42Z","timestamp":1775617242398,"version":"3.50.1"},"reference-count":99,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2023,9,21]],"date-time":"2023-09-21T00:00:00Z","timestamp":1695254400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,9,21]],"date-time":"2023-09-21T00:00:00Z","timestamp":1695254400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"DOI":"10.1007\/s42979-023-02221-1","type":"journal-article","created":{"date-parts":[[2023,9,21]],"date-time":"2023-09-21T08:02:48Z","timestamp":1695283368000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Threat Modeling and Assessment Methods in the Healthcare-IT System: A Critical Review and Systematic Evaluation"],"prefix":"10.1007","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1177-6800","authenticated-orcid":false,"given":"Mohammad","family":"Aijaz","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammed","family":"Nazir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Malik Nadeem Anwar","family":"Mohammad","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,9,21]]},"reference":[{"key":"2221_CR1","unstructured":"2022 Data Breach Investigations Report $$|$$ Verizon. https:\/\/www.verizon.com\/business\/resources\/reports."},{"key":"2221_CR2","unstructured":"ADTool. https:\/\/satoss.uni.lu\/members\/piotr\/adtool\/. Accessed 7 June 2023."},{"key":"2221_CR3","unstructured":"Attacktree+. https:\/\/www.isograph.com\/software\/attacktree\/. Accessed 7 June 2023."},{"key":"2221_CR4","unstructured":"Comcast Business 2021 DDoS threat report: DDoS becomes a bigger priority as multi-vector attacks are on the rise. https:\/\/corporate.comcast.com\/press\/releases."},{"key":"2221_CR5","unstructured":"Graphviz. https:\/\/graphviz.org\/. Accessed 7 June 2023."},{"key":"2221_CR6","unstructured":"Microsoft download center. https:\/\/www.microsoft.com\/en-in\/download\/details.aspx?id=49168. Accessed 7 June 2023."},{"key":"2221_CR7","unstructured":"NVD\u2014Home. https:\/\/nvd.nist.gov\/."},{"key":"2221_CR8","unstructured":"Playbook for Threat Modeling Medical Devices. The MITRE Corporation."},{"key":"2221_CR9","unstructured":"Abomhara M, Gerdes M, K\u00f8ien GM. A STRIDE-based threat model for telehealth systems. Norsk Inf (NISK). 2015;8(January 2016):82\u201396."},{"key":"2221_CR10","doi-asserted-by":"publisher","first-page":"19140","DOI":"10.1109\/ACCESS.2018.2805919","volume":"6","author":"H Abrar","year":"2018","unstructured":"Abrar H, Hussain SJ, Chaudhry J, Saleem K, Orgun MA, Al-Muhtadi J, Valli C. Risk analysis of cloud sourcing in healthcare and public health industry. IEEE Access. 2018;6:19140\u201350. https:\/\/doi.org\/10.1109\/ACCESS.2018.2805919.","journal-title":"IEEE Access"},{"key":"2221_CR11","doi-asserted-by":"crossref","unstructured":"Aijaz M, Nazir M, Anwar MN. Classification of security attacks in healthcare and associated cyber-harms. In: 2021 First International Conference on Advances in Computing and Future Communication Technologies (ICACFCT). IEEE. 2021. p. 166\u2013173.","DOI":"10.1109\/ICACFCT53978.2021.9837349"},{"key":"2221_CR12","doi-asserted-by":"publisher","unstructured":"Al Asif, M.R., Khondoker, R.: Cyber security threat modeling of a telesurgery system. In: 2020 2nd international conference on sustainable technologies for industry 4.0 (STI). IEEE; 2020. p. 1\u20136. https:\/\/doi.org\/10.1109\/STI50764.2020.9350452","DOI":"10.1109\/STI50764.2020.9350452"},{"key":"2221_CR13","doi-asserted-by":"publisher","first-page":"101879","DOI":"10.1109\/access.2019.2930962","volume":"7","author":"A Algarni","year":"2019","unstructured":"Algarni A. A survey and classification of security and privacy research in smart healthcare systems. IEEE Access. 2019;7:101879\u201394. https:\/\/doi.org\/10.1109\/access.2019.2930962.","journal-title":"IEEE Access"},{"key":"2221_CR14","doi-asserted-by":"publisher","unstructured":"Almohri H, Cheng L, Yao D, Alemzadeh H. On threat modeling and mitigation of medical cyber-physical systems. In: 2017 IEEE\/ACM international conference on connected health: applications, systems and engineering technologies (CHASE). IEEE; 2017. p. 114\u2013119. https:\/\/doi.org\/10.1109\/CHASE.2017.69.","DOI":"10.1109\/CHASE.2017.69"},{"issue":"5","key":"2221_CR15","doi-asserted-by":"publisher","first-page":"2921","DOI":"10.1007\/s10916-011-9770-6","volume":"36","author":"A Almulhem","year":"2012","unstructured":"Almulhem A. Threat modeling for electronic health record systems. J Med Syst. 2012;36(5):2921\u20136. https:\/\/doi.org\/10.1007\/s10916-011-9770-6.","journal-title":"J Med Syst"},{"key":"2221_CR16","doi-asserted-by":"crossref","unstructured":"Alshareef H, Stucki S, Schneider G. Refining privacy-aware data flow diagrams. In: International conference on software engineering and formal methods. Springer; 2021. p. 121\u2013140.","DOI":"10.1007\/978-3-030-92124-8_8"},{"issue":"2","key":"2221_CR17","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1016\/j.eij.2018.12.001","volume":"20","author":"NA Azeez","year":"2019","unstructured":"Azeez NA, der Vyver CV. Security and privacy issues in e-health cloud-based system: a comprehensive content analysis. Egypt Inform J. 2019;20(2):97\u2013108. https:\/\/doi.org\/10.1016\/j.eij.2018.12.001.","journal-title":"Egypt Inform J"},{"key":"2221_CR18","doi-asserted-by":"publisher","unstructured":"Kitchenham BASC. Guidelines for performing systematic literature reviews in software engineering. Tech. rep. 2007. https:\/\/doi.org\/10.1109\/ACCESS.2016.2603219.","DOI":"10.1109\/ACCESS.2016.2603219"},{"key":"2221_CR19","doi-asserted-by":"crossref","unstructured":"Berger BJ, Sohr K, Koschke R. Automatically extracting threats from extended data flow diagrams. In: International symposium on engineering secure software and systems. Springer; 2016. p. 56\u201371.","DOI":"10.1007\/978-3-319-30806-7_4"},{"issue":"13","key":"2221_CR20","doi-asserted-by":"publisher","first-page":"10474","DOI":"10.1109\/JIOT.2021.3062630","volume":"8","author":"MN Bhuiyan","year":"2021","unstructured":"Bhuiyan MN, Rahman MM, Billah MM, Saha D. Internet of Things (IoT): a review of its enabling technologies in healthcare applications, standards protocols, security, and market opportunities. IEEE Internet Things J. 2021;8(13):10474\u201398. https:\/\/doi.org\/10.1109\/JIOT.2021.3062630.","journal-title":"IEEE Internet Things J"},{"key":"2221_CR21","doi-asserted-by":"crossref","unstructured":"Chaudhary M, Chopra A. CMMI for development: Implementation guide. Apress. 2016.","DOI":"10.1007\/978-1-4842-2529-5"},{"key":"2221_CR22","unstructured":"CWE: CWE\u2014Common weakness enumeration. 2022. https:\/\/cwe.mitre.org\/."},{"key":"2221_CR23","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1016\/j.procs.2017.08.314","volume":"113","author":"S Darwish","year":"2017","unstructured":"Darwish S, Nouretdinov I, Wolthusen SD. Towards composable threat assessment for medical IoT (MIoT). Procedia Comput Sci. 2017;113:627\u201332. https:\/\/doi.org\/10.1016\/j.procs.2017.08.314.","journal-title":"Procedia Comput Sci"},{"issue":"5","key":"2221_CR24","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1007\/s10796-017-9809-4","volume":"21","author":"S Das","year":"2019","unstructured":"Das S, Mukhopadhyay A, Saha D, Sadhukhan S. A Markov-based model for information security risk assessment in healthcare MANETs. Inf Syst Front. 2019;21(5):959\u201377. https:\/\/doi.org\/10.1007\/s10796-017-9809-4.","journal-title":"Inf Syst Front"},{"key":"2221_CR25","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/J.COMNET.2019.03.006","volume":"153","author":"MM Dhanvijay","year":"2019","unstructured":"Dhanvijay MM, Patil SC. Internet of Things: a survey of enabling technologies in healthcare and its applications. Comput Netw. 2019;153:113\u201331. https:\/\/doi.org\/10.1016\/J.COMNET.2019.03.006.","journal-title":"Comput Netw"},{"key":"2221_CR26","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/j.procs.2018.10.003","volume":"138","author":"A Fatima","year":"2018","unstructured":"Fatima A, Colomo-Palacios R. Security aspects in healthcare information systems: a systematic mapping. Procedia Comput Sci. 2018;138:12\u20139. https:\/\/doi.org\/10.1016\/j.procs.2018.10.003.","journal-title":"Procedia Comput Sci"},{"issue":"1","key":"2221_CR27","doi-asserted-by":"publisher","first-page":"455","DOI":"10.11591\/ijece.v10i1.pp455-466","volume":"10","author":"R Ganiga","year":"2020","unstructured":"Ganiga R, Pai RM, Manohara Pai MM, Sinha RK. Security framework for cloud based Electronic Health Record (EHR) system. Int J Electr Comput Eng. 2020;10(1):455\u201366. https:\/\/doi.org\/10.11591\/ijece.v10i1.pp455-466.","journal-title":"Int J Electr Comput Eng"},{"key":"2221_CR28","doi-asserted-by":"publisher","DOI":"10.3390\/s21165493","author":"G Gonzalez-Granadillo","year":"2021","unstructured":"Gonzalez-Granadillo G, Menesidou SA, Papamartzivanos D, Romeu R, Navarro-Llobet D, Okoh C, Nifakos S, Xenakis C, Panaousis E. Automated cyber and privacy risk management toolkit. Sensors. 2021. https:\/\/doi.org\/10.3390\/s21165493.","journal-title":"Sensors"},{"key":"2221_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2020.02.018","author":"JJ Hathaliya","year":"2020","unstructured":"Hathaliya JJ, Tanwar S. An exhaustive survey on security and privacy issues in healthcare. Comput Commun. 2020. https:\/\/doi.org\/10.1016\/j.comcom.2020.02.018.","journal-title":"Comput Commun."},{"key":"2221_CR30","doi-asserted-by":"publisher","unstructured":"Hayakawa T, Sasaki R, Hayashi H, Takahashi Y, Kaneko T, Okubo T. Proposal and application of security\/safety evaluation method for medical device system that includes IoT. In: ACM international conference proceeding series. 2018. p. 157\u2013164. https:\/\/doi.org\/10.1145\/3301326.3301330","DOI":"10.1145\/3301326.3301330"},{"issue":"1","key":"2221_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/1472-6947-13-85","volume":"13","author":"E Henriksen","year":"2013","unstructured":"Henriksen E, Burkow TM, Johnsen E, Vognild LK. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education. BMC Med Inform Decis Mak. 2013;13(1):1\u201313.","journal-title":"BMC Med Inform Decis Mak"},{"key":"2221_CR32","doi-asserted-by":"publisher","unstructured":"Hodges B, Mcdonald J, Glisson W, Jacobs M, Van Devender M, Pardue H. Attack modeling and mitigation strategies for risk-based analysis of networked medical devices. In: Proceedings of the 53rd Hawaii international conference on system sciences, vol.\u00a03. 2020. p. 6506\u20136515. https:\/\/doi.org\/10.24251\/HICSS.2020.796","DOI":"10.24251\/HICSS.2020.796"},{"key":"2221_CR33","doi-asserted-by":"publisher","DOI":"10.1002\/9781119162315","volume-title":"How to measure anything in cybersecurity risk","author":"DW Hubbard","year":"2016","unstructured":"Hubbard DW, Seiersen R. How to measure anything in cybersecurity risk. Oxford: Wiley; 2016."},{"issue":"2","key":"2221_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/bios10020014","volume":"10","author":"M Ibrahim","year":"2020","unstructured":"Ibrahim M, Alsheikh A, Matar A. Attack graph modeling for implantable pacemaker. Biosensors. 2020;10(2):1\u201312. https:\/\/doi.org\/10.3390\/bios10020014.","journal-title":"Biosensors"},{"key":"2221_CR35","unstructured":"ICCC FBI: Internet Crime Report 2021. Tech. rep. 2022. https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport"},{"key":"2221_CR36","doi-asserted-by":"publisher","unstructured":"Iwaya LH, Fischer-Hubner S, \u00c5hlfeldt RM, Martucci LA. MHealth: a privacy threat analysis for public health surveillance systems. In: Proceedings\u2014IEEE symposium on computer-based medical systems 2018-June. 2018. p. 42\u201347. https:\/\/doi.org\/10.1109\/CBMS.2018.00015","DOI":"10.1109\/CBMS.2018.00015"},{"issue":"1","key":"2221_CR37","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1093\/jamia\/ocy148","volume":"26","author":"MS Jalali","year":"2019","unstructured":"Jalali MS, Russell B, Razak S, Gordon WJ. EARS to cyber incidents in health care. J Am Med Inform Assoc. 2019;26(1):81\u201390. https:\/\/doi.org\/10.1093\/jamia\/ocy148.","journal-title":"J Am Med Inform Assoc"},{"key":"2221_CR38","doi-asserted-by":"publisher","DOI":"10.3390\/app11156699","author":"M Jofre","year":"2021","unstructured":"Jofre M, Navarro-Llobet D, Agull\u00f3 R, Puig J, Gonzalez-Granadillo G, Zamorano JM, Romeu R. Cybersecurity and privacy risk assessment of point-of-care systems in healthcare\u2014a use case approach. Appl Sci (Switzerland). 2021. https:\/\/doi.org\/10.3390\/app11156699.","journal-title":"Appl Sci (Switzerland)"},{"key":"2221_CR39","doi-asserted-by":"publisher","unstructured":"Kammuller F. A proof calculus for attack trees in Isabelle. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), vol. 10436 LNCS; 2017. p. 3\u201318. https:\/\/doi.org\/10.1007\/978-3-319-67816-0_1","DOI":"10.1007\/978-3-319-67816-0_1"},{"key":"2221_CR40","doi-asserted-by":"publisher","unstructured":"Kamm\u00fcller F. Attack trees in Isabelle. In: International conference on information and communications security, vol. 5488. 2018. p. 611\u2013628. https:\/\/doi.org\/10.1007\/978-3-030-01950-1_36","DOI":"10.1007\/978-3-030-01950-1_36"},{"key":"2221_CR41","doi-asserted-by":"publisher","first-page":"115370","DOI":"10.1109\/ACCESS.2020.3003032","volume":"8","author":"DW Kim","year":"2020","unstructured":"Kim DW, Choi JY, Han KH. Medical device safety management using cybersecurity risk analysis. IEEE Access. 2020;8:115370\u201382. https:\/\/doi.org\/10.1109\/ACCESS.2020.3003032.","journal-title":"IEEE Access"},{"key":"2221_CR42","doi-asserted-by":"publisher","DOI":"10.1186\/s12911-020-01145-7","author":"DW Kim","year":"2020","unstructured":"Kim DW, Choi JY, Han KH. Risk management-based security evaluation model for telemedicine systems. BMC Med Inform Decis Making. 2020. https:\/\/doi.org\/10.1186\/s12911-020-01145-7.","journal-title":"BMC Med Inform Decis Making"},{"issue":"8","key":"2221_CR43","doi-asserted-by":"publisher","first-page":"721","DOI":"10.1109\/TSE.2002.1027796","volume":"28","author":"BA Kitchenham","year":"2002","unstructured":"Kitchenham BA, Pfleeger SL, Pickard LM, Jones PW, Hoaglin DC, El Emam K, Rosenberg J. Preliminary guidelines for empirical research in software engineering. IEEE Trans Softw Eng. 2002;28(8):721\u201334. https:\/\/doi.org\/10.1109\/TSE.2002.1027796.","journal-title":"IEEE Trans Softw Eng"},{"issue":"1","key":"2221_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy B, Pi\u00e8tre-Cambac\u00e9d\u00e8s L, Schweitzer P. DAG-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput Sci Rev. 2014;13\u201314(1):1\u201338. https:\/\/doi.org\/10.1016\/j.cosrev.2014.07.001.","journal-title":"Comput Sci Rev"},{"issue":"1","key":"2221_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-161263","volume":"25","author":"C Kruse","year":"2017","unstructured":"Kruse C, Frederick B, Jacobson T, Monticone D. Cybersecurity in healthcare: a systematic review of modern threats and trends. Technol Health Care. 2017;25(1):1\u201310. https:\/\/doi.org\/10.3233\/THC-161263.","journal-title":"Technol Health Care"},{"key":"2221_CR46","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102376","volume":"108","author":"R Leszczyna","year":"2021","unstructured":"Leszczyna R. Review of cybersecurity assessment methods: applicability perspective. Comput Secur. 2021;108: 102376. https:\/\/doi.org\/10.1016\/j.cose.2021.102376.","journal-title":"Comput Secur"},{"key":"2221_CR47","doi-asserted-by":"publisher","unstructured":"Luckett P, McDonald JT, Glisson WB. Attack-graph threat modeling assessment of ambulatory medical devices. In: Proceedings of the Annual Hawaii international conference on system sciences 2017-January. 2017. p. 3648\u20133657. https:\/\/doi.org\/10.24251\/hicss.2017.441.","DOI":"10.24251\/hicss.2017.441"},{"key":"2221_CR48","unstructured":"Mahler T, Elovici Y, Shahar Y. A new methodology for information security risk assessment for medical devices and its evaluation. 2020. arXiv preprint arXiv:2002.06938."},{"key":"2221_CR49","doi-asserted-by":"publisher","DOI":"10.1007\/s10278-021-00562-y","author":"T Mahler","year":"2022","unstructured":"Mahler T, Shalom E, Makori A, Elovici Y, Shahar Y. A cyber-security risk assessment methodology for medical imaging devices: the radiologists\u2019 perspective. J Digit Imaging. 2022. https:\/\/doi.org\/10.1007\/s10278-021-00562-y.","journal-title":"J Digit Imaging"},{"key":"2221_CR50","doi-asserted-by":"publisher","first-page":"40049","DOI":"10.1109\/ACCESS.2021.3064682","volume":"9","author":"V Malamas","year":"2021","unstructured":"Malamas V, Chantzis F, Dasaklis TK, Stergiopoulos G, Kotzanikolaou P, Douligeris C. Risk assessment methodologies for the internet of medical things: a survey and comparative appraisal. IEEE Access. 2021;9:40049\u201375. https:\/\/doi.org\/10.1109\/ACCESS.2021.3064682.","journal-title":"IEEE Access"},{"key":"2221_CR51","doi-asserted-by":"publisher","unstructured":"Manikandan R, Sathyadevan S. Medical implant communication systems (MICS) threat modelling. In: ICSCCC 2021\u2014international conference on secure cyber computing and communications. 2021. p. 518\u2013523. https:\/\/doi.org\/10.1109\/ICSCCC51823.2021.9478155.","DOI":"10.1109\/ICSCCC51823.2021.9478155"},{"key":"2221_CR52","doi-asserted-by":"publisher","unstructured":"Manikas TW, Feinstein DY, Thornton MA. Modeling medical system threats with conditional probabilities using multiple-valued logic decision diagrams. In: Proceedings of the international symposium on multiple-valued logic. 2012. p. 244\u2013249. https:\/\/doi.org\/10.1109\/ISMVL.2012.29.","DOI":"10.1109\/ISMVL.2012.29"},{"issue":"2","key":"2221_CR53","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1037\/h0043158","volume":"63","author":"GA Miller","year":"1956","unstructured":"Miller GA. The magical number seven plus or minus two: some limits on our capacity for processing information. Psychol Rev. 1956;63(2):81\u201397. https:\/\/doi.org\/10.1037\/h0043158.","journal-title":"Psychol Rev"},{"key":"2221_CR54","unstructured":"Mitre: CVE\u2014CVE. 2021. https:\/\/cve.mitre.org\/"},{"key":"2221_CR55","unstructured":"MITRE Corporation: CAPEC\u2014Common Attack Pattern Enumeration and Classification (CAPEC). 2021. https:\/\/capec.mitre.org\/, http:\/\/capec.mitre.org\/index.html"},{"key":"2221_CR56","doi-asserted-by":"publisher","unstructured":"Mnjama, J., Foster, G., Irwin, B.: A privacy and security threat assessment framework for consumer health wearables. In: 2017 Information Security for South Africa (ISSA), vol. 2018-January. IEEE; 2017. p. 66\u201373. https:\/\/doi.org\/10.1109\/ISSA.2017.8251776","DOI":"10.1109\/ISSA.2017.8251776"},{"issue":"6","key":"2221_CR57","doi-asserted-by":"publisher","first-page":"756","DOI":"10.1109\/TSE.2009.67","volume":"35","author":"D Moody","year":"2009","unstructured":"Moody D. The \u201cphysics\u2019\u2019 of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans Softw Eng. 2009;35(6):756\u201379.","journal-title":"IEEE Trans Softw Eng"},{"issue":"3","key":"2221_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3453176","volume":"2","author":"AI Newaz","year":"2021","unstructured":"Newaz AI, Sikder AK, Rahman MA, Uluagac AS. A survey on security and privacy issues in modern healthcare systems. ACM Trans Comput Healthc. 2021;2(3):1\u201344. https:\/\/doi.org\/10.1145\/3453176.","journal-title":"ACM Trans Comput Healthc"},{"issue":"4","key":"2221_CR59","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1007\/s10207-020-00522-7","volume":"20","author":"M Ngambo\u00e9","year":"2021","unstructured":"Ngambo\u00e9 M, Berthier P, Ammari N, Dyrda K, Fernandez JM. Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED). Int J Inf Secur. 2021;20(4):621\u201345. https:\/\/doi.org\/10.1007\/s10207-020-00522-7.","journal-title":"Int J Inf Secur"},{"issue":"21","key":"2221_CR60","doi-asserted-by":"publisher","first-page":"15704","DOI":"10.1109\/JIOT.2021.3081420","volume":"8","author":"TA Nguyen","year":"2021","unstructured":"Nguyen TA, Min D, Choi E, Lee JW. Dependability and security quantification of an internet of medical things infrastructure based on cloud-fog-edge continuum for healthcare monitoring using hierarchical models. IEEE Internet Things J. 2021;8(21):15704\u201348. https:\/\/doi.org\/10.1109\/JIOT.2021.3081420.","journal-title":"IEEE Internet Things J"},{"key":"2221_CR61","doi-asserted-by":"publisher","DOI":"10.3390\/s21155119","author":"S Nifakos","year":"2021","unstructured":"Nifakos S, Chandramouli K, Nikolaou C, Papachristou P, Koch S, Panaousis E, Bonacina S. Influence of human factors on cyber security within healthcare organisations: a systematic review. Sensors. 2021. https:\/\/doi.org\/10.3390\/s21155119.","journal-title":"Sensors"},{"issue":"1","key":"2221_CR62","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1080\/19361610.2019.1545278","volume":"14","author":"A Omotosho","year":"2019","unstructured":"Omotosho A, Ayemlo Haruna B, Mikail Olaniyi O. Threat modeling of Internet of Things health devices. J Appl Secur Res. 2019;14(1):106\u201321. https:\/\/doi.org\/10.1080\/19361610.2019.1545278.","journal-title":"J Appl Secur Res"},{"key":"2221_CR63","doi-asserted-by":"publisher","DOI":"10.3390\/computers6010011","author":"B Ondiege","year":"2017","unstructured":"Ondiege B, Clarke M, Mapp G. Exploring a new security framework for remote patient monitoring devices. Computers. 2017. https:\/\/doi.org\/10.3390\/computers6010011.","journal-title":"Computers"},{"issue":"2","key":"2221_CR64","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/fi13020030","volume":"13","author":"D Papamartzivanos","year":"2021","unstructured":"Papamartzivanos D, Menesidou SA, Gouvas P, Giannetsos T. A perfect match: converging and automating privacy and security impact assessment on-the-fly. Future Internet. 2021;13(2):1\u201334. https:\/\/doi.org\/10.3390\/fi13020030.","journal-title":"Future Internet"},{"issue":"4","key":"2221_CR65","doi-asserted-by":"publisher","first-page":"20","DOI":"10.4018\/ijhisi.2014100102","volume":"9","author":"JC Pendergrass","year":"2014","unstructured":"Pendergrass JC, Heart K, Ranganathan C, Venkatakrishnan VN. A threat table based assessment of information security in telemedicine. Int J Healthc Inf Syst Inform. 2014;9(4):20\u201331. https:\/\/doi.org\/10.4018\/ijhisi.2014100102.","journal-title":"Int J Healthc Inf Syst Inform"},{"issue":"6","key":"2221_CR66","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1145\/203241.203251","volume":"38","author":"M Petre","year":"1995","unstructured":"Petre M. Why looking isn\u2019t always seeing: readership skills and graphical programming. Commun ACM. 1995;38(6):33\u201344. https:\/\/doi.org\/10.1145\/203241.203251.","journal-title":"Commun ACM"},{"key":"2221_CR67","doi-asserted-by":"publisher","DOI":"10.3390\/s21072426","author":"T Poleto","year":"2021","unstructured":"Poleto T, Silva MM, Clemente TRN, de Gusm\u00e3o APH, Ara\u00fajo APDB, Costa APCS. A risk assessment framework proposal based on bow-tie analysis for medical image diagnosis sharing within telemedicine. Sensors. 2021. https:\/\/doi.org\/10.3390\/s21072426.","journal-title":"Sensors"},{"key":"2221_CR68","doi-asserted-by":"publisher","first-page":"168774","DOI":"10.1109\/ACCESS.2019.2950849","volume":"7","author":"A Razaque","year":"2019","unstructured":"Razaque A, Amsaad F, Jaro Khan M, Hariri S, Chen S, Siting C, Ji X. Survey: cybersecurity vulnerabilities, attacks and solutions in the medical domain. IEEE Access. 2019;7:168774\u201397. https:\/\/doi.org\/10.1109\/ACCESS.2019.2950849.","journal-title":"IEEE Access"},{"issue":"17","key":"2221_CR69","doi-asserted-by":"publisher","first-page":"7002","DOI":"10.3390\/su12177002","volume":"12","author":"A Sardi","year":"2020","unstructured":"Sardi A, Rizzi A, Sorano E, Guerrieri A. Cyber risk in health facilities: a systematic literature review. Sustainability. 2020;12(17):7002. https:\/\/doi.org\/10.3390\/su12177002.","journal-title":"Sustainability"},{"key":"2221_CR70","doi-asserted-by":"publisher","unstructured":"Seale K, McDonald J, Glisson W, Pardue H, Jacobs M. MedDevRisk: risk analysis methodology for networked medical devices. In: Proceedings of the 51st Hawaii international conference on system sciences. 2018. https:\/\/doi.org\/10.24251\/HICSS.2018.414.","DOI":"10.24251\/HICSS.2018.414"},{"key":"2221_CR71","doi-asserted-by":"publisher","DOI":"10.3390\/computers5040027","author":"D Seifert","year":"2016","unstructured":"Seifert D, Rez H. A security analysis of cyber-physical systems architecture for healthcare. Computers. 2016. https:\/\/doi.org\/10.3390\/computers5040027.","journal-title":"Computers"},{"issue":"12","key":"2221_CR72","doi-asserted-by":"publisher","first-page":"1619","DOI":"10.1080\/13669877.2021.1900337","volume":"24","author":"B Sheehan","year":"2021","unstructured":"Sheehan B, Murphy F, Kia AN, Kiely R. A quantitative bow-tie cyber risk classification and assessment framework. J Risk Res. 2021;24(12):1619\u201338. https:\/\/doi.org\/10.1080\/13669877.2021.1900337.","journal-title":"J Risk Res"},{"key":"2221_CR73","doi-asserted-by":"publisher","unstructured":"Siddiqi MA, Seepers RM, Hamad M, Prevelakis V, Strydis C. Attack-tree-based threat modeling of medical implants. In: PROOFS@ CHES, September. 2018. p. 32\u201313. https:\/\/doi.org\/10.29007\/8gxh.","DOI":"10.29007\/8gxh"},{"key":"2221_CR74","doi-asserted-by":"crossref","unstructured":"Sion L, Yskout K, Van\u00a0Landuyt D, van Den\u00a0Berghe A, Joosen W. Security threat modeling: are data flow diagrams enough? In: Proceedings of the IEEE\/ACM 42nd international conference on software engineering workshops. 2020. p. 254\u2013257.","DOI":"10.1145\/3387940.3392221"},{"key":"2221_CR75","doi-asserted-by":"publisher","DOI":"10.3390\/sym13050742","author":"R Sivan","year":"2021","unstructured":"Sivan R, Zukarnain ZA. Security and privacy in cloud-based e-health system. Symmetry. 2021. https:\/\/doi.org\/10.3390\/sym13050742.","journal-title":"Symmetry"},{"key":"2221_CR76","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-020-02340-0","author":"R Somasundaram","year":"2020","unstructured":"Somasundaram R, Thirugnanam M. Review of security challenges in healthcare internet of things. Wirel Netw. 2020. https:\/\/doi.org\/10.1007\/s11276-020-02340-0.","journal-title":"Wirel Netw"},{"key":"2221_CR77","doi-asserted-by":"publisher","unstructured":"Spanakis EG, Bonomi S, Sfakianakis S, Santucci G, Lenti S, Sorella M, Tanasache FD, Palleschi A, Ciccotelli C, Sakkalis V, Magalini S. Cyber-attacks and threats for healthcare\u2014a multi-layer thread analysis. In: Proceedings of the annual international conference of the ieee engineering in medicine and biology society, EMBS, vol. 2020-July. 2020. p. 5705\u20135708. https:\/\/doi.org\/10.1109\/EMBC44109.2020.9176698.","DOI":"10.1109\/EMBC44109.2020.9176698"},{"key":"2221_CR78","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102316","volume":"107","author":"I Stellios","year":"2021","unstructured":"Stellios I, Kotzanikolaou P, Grigoriadis C. Assessing IoT enabled cyber-physical attack paths against critical systems. Comput Secur. 2021;107: 102316. https:\/\/doi.org\/10.1016\/j.cose.2021.102316.","journal-title":"Comput Secur"},{"key":"2221_CR79","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1016\/j.ijcip.2017.04.001","volume":"19","author":"I Stine","year":"2017","unstructured":"Stine I, Rice M, Dunlap S, Pecarina J. A cyber risk scoring system for medical devices. Int J Crit Infrastruct Prot. 2017;19:32\u201346. https:\/\/doi.org\/10.1016\/j.ijcip.2017.04.001.","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2221_CR80","doi-asserted-by":"publisher","unstructured":"Strielkina A, Kharchenko V, Uzun D. Availability models for healthcare IoT systems: classification and research considering attacks on vulnerabilities. In: Proceedings of 2018 IEEE 9th international conference on dependable systems, services and technologies, DESSERT 2018. 2018. p. 58\u201362. https:\/\/doi.org\/10.1109\/DESSERT.2018.8409099.","DOI":"10.1109\/DESSERT.2018.8409099"},{"key":"2221_CR81","doi-asserted-by":"publisher","unstructured":"Strielkina A, Uzun D, Kharchenko V. Modelling of healthcare IoT using the queueing theory. In: Proceedings of the 2017 IEEE 9th international conference on intelligent data acquisition and advanced computing systems: technology and applications, IDAACS 2017, vol.\u00a02. 2017. p. 849\u2013852. https:\/\/doi.org\/10.1109\/IDAACS.2017.8095207.","DOI":"10.1109\/IDAACS.2017.8095207"},{"issue":"1","key":"2221_CR82","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2021.e05969","volume":"7","author":"M Tatam","year":"2021","unstructured":"Tatam M, Shanmugam B, Azam S, Kannoorpatti K. A review of threat modelling approaches for APT-style attacks. Heliyon. 2021;7(1): e05969. https:\/\/doi.org\/10.1016\/j.heliyon.2021.e05969.","journal-title":"Heliyon"},{"key":"2221_CR83","doi-asserted-by":"publisher","unstructured":"Taylor CR, Venkatasubramanian K, Shue CA. Understanding the security of interoperable medical devices using attack graphs. In: Proceedings of the 3rd international conference on High confidence networked systems, 1. ACM, New York; 2014. p. 31\u201340. https:\/\/doi.org\/10.1145\/2566468.2566482.","DOI":"10.1145\/2566468.2566482"},{"key":"2221_CR84","doi-asserted-by":"publisher","unstructured":"Thangeda AR, Coleman A. Risk Management framework to improve associated risk of information exchange between users of health information systems in resource-constrained hospitals. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics, vol. 12254 LNCS. Springer, Cham; 2020. p. 246\u2013260. https:\/\/doi.org\/10.1007\/978-3-030-58817-5_19.","DOI":"10.1007\/978-3-030-58817-5_19"},{"key":"2221_CR85","doi-asserted-by":"publisher","unstructured":"Tomashchuk O. Threat and risk management framework for eHealth IoT applications. In: ACM international conference proceeding series, vol. Part F1644. Association for Computing Machinery; 2020. p. 120\u2013126. https:\/\/doi.org\/10.1145\/3382026.3431250.","DOI":"10.1145\/3382026.3431250"},{"key":"2221_CR86","doi-asserted-by":"publisher","unstructured":"Treacy C, Loane J, McCaffery F. Developer driven framework for security and privacy in the IoMT. In: ICSOFT 2020\u2014proceedings of the 15th international conference on software technologies; 2020. p. 443\u2013451. https:\/\/doi.org\/10.5220\/0009828304430451.","DOI":"10.5220\/0009828304430451"},{"key":"2221_CR87","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1016\/j.jss.2018.06.073","volume":"144","author":"K Tuma","year":"2018","unstructured":"Tuma K, Calikli G, Scandariato R. Threat analysis of software systems: a systematic literature review. J Syst Softw. 2018;144:275\u201394. https:\/\/doi.org\/10.1016\/j.jss.2018.06.073.","journal-title":"J Syst Softw"},{"key":"2221_CR88","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling: process for attack simulation and threat analysis","author":"T UcedaVelez","year":"2015","unstructured":"UcedaVelez T, Morana MM. Risk Centric Threat Modeling: process for attack simulation and threat analysis. New York: Wiley; 2015."},{"key":"2221_CR89","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3144130","author":"V Vakhter","year":"2022","unstructured":"Vakhter V, Soysal B, Schaumont P, Guler U. Threat modeling and risk analysis for miniaturized wireless biomedical devices. IEEE Internet Things J. 2022. https:\/\/doi.org\/10.1109\/JIOT.2022.3144130.","journal-title":"IEEE Internet Things J"},{"key":"2221_CR90","doi-asserted-by":"crossref","unstructured":"Viswanathan G, Jayagopal P. A threat categorization of risk-based approach for analyzing security threats early phase in sdlc. Arab J Sci Eng; 2021. p. 1\u201313.","DOI":"10.1007\/s13369-021-05602-x"},{"key":"2221_CR91","doi-asserted-by":"publisher","first-page":"66774","DOI":"10.1109\/ACCESS.2019.2917701","volume":"7","author":"X Wang","year":"2019","unstructured":"Wang X, Jin Z. An overview of mobile cloud computing for pervasive healthcare. IEEE Access. 2019;7:66774\u201391. https:\/\/doi.org\/10.1109\/ACCESS.2019.2917701.","journal-title":"IEEE Access"},{"key":"2221_CR92","doi-asserted-by":"publisher","unstructured":"Whiting D, Sorokos I, Papadopoulos Y, Regan G, O\u2019Carroll E. Automated Model-Based Attack Tree Analysis Using HiP-HOPS. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics, vol. 11842 LNCS; 2019. p. 255\u2013269. https:\/\/doi.org\/10.1007\/978-3-030-32872-6_17.","DOI":"10.1007\/978-3-030-32872-6_17"},{"issue":"4","key":"2221_CR93","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3331524","volume":"52","author":"W Wide\u0142","year":"2019","unstructured":"Wide\u0142 W, Audinot M, Fila B, Pinchinat S. Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput Surv (CSUR). 2019;52(4):1\u201336.","journal-title":"ACM Comput Surv (CSUR)"},{"key":"2221_CR94","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.03.010","author":"W Xiong","year":"2019","unstructured":"Xiong W, Lagerstr\u00f6m R. Threat modeling\u2014a systematic literature review. Comput Secur. 2019. https:\/\/doi.org\/10.1016\/j.cose.2019.03.010.","journal-title":"Comput Secur"},{"key":"2221_CR95","doi-asserted-by":"publisher","unstructured":"Xu, J., Venkatasubramanian KK, Sfyrla V. A methodology for systematic attack trees generation for interoperable medical devices. In: 2016 Annual IEEE systems conference (SysCon). IEEE; 2016. p. 1\u20137. https:\/\/doi.org\/10.1109\/SYSCON.2016.7490632","DOI":"10.1109\/SYSCON.2016.7490632"},{"issue":"4","key":"2221_CR96","doi-asserted-by":"publisher","first-page":"3723","DOI":"10.1109\/COMST.2019.2914094","volume":"21","author":"T Yaqoob","year":"2019","unstructured":"Yaqoob T, Abbas H, Atiquzzaman M. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices\u2014a review. IEEE Commun Surv Tutor. 2019;21(4):3723\u201368. https:\/\/doi.org\/10.1109\/COMST.2019.2914094.","journal-title":"IEEE Commun Surv Tutor"},{"issue":"6","key":"2221_CR97","doi-asserted-by":"publisher","first-page":"1752","DOI":"10.1109\/JBHI.2019.2952906","volume":"24","author":"T Yaqoob","year":"2020","unstructured":"Yaqoob T, Abbas H, Shafqat N. Integrated security, safety, and privacy risk assessment framework for medical devices. IEEE J Biomed Health Inform. 2020;24(6):1752\u201361. https:\/\/doi.org\/10.1109\/JBHI.2019.2952906.","journal-title":"IEEE J Biomed Health Inform"},{"issue":"11","key":"2221_CR98","doi-asserted-by":"publisher","first-page":"772","DOI":"10.14569\/IJACSA.2020.0111194","volume":"11","author":"PK Yeng","year":"2020","unstructured":"Yeng PK, Wulthusen SD, Yang B. Comparative analysis of threat modeling methods for cloud computing towards healthcare security practice. Int J Adv Comput Sci Appl. 2020;11(11):772\u201384. https:\/\/doi.org\/10.14569\/IJACSA.2020.0111194.","journal-title":"Int J Adv Comput Sci Appl"},{"issue":"4","key":"2221_CR99","doi-asserted-by":"publisher","first-page":"769","DOI":"10.1108\/LHT-09-2019-0177","volume":"38","author":"N Zou","year":"2020","unstructured":"Zou N, Liang S, He D. Issues and challenges of user and data interaction in healthcare-related IoT: a systematic review. Lib Hi Tech. 2020;38(4):769\u201382. https:\/\/doi.org\/10.1108\/LHT-09-2019-0177.","journal-title":"Lib Hi Tech"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-023-02221-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-023-02221-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-023-02221-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,21]],"date-time":"2023-09-21T08:05:16Z","timestamp":1695283516000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-023-02221-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,21]]},"references-count":99,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2023,11]]}},"alternative-id":["2221"],"URL":"https:\/\/doi.org\/10.1007\/s42979-023-02221-1","relation":{},"ISSN":["2661-8907"],"issn-type":[{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,21]]},"assertion":[{"value":"10 April 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 August 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 September 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The author declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies involving human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"Informed consent was obtained from all individual participants included in the study.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed consent"}}],"article-number":"714"}}