Threats and Risk on Using Digital Technologies for Remote Health Care Process

This paper provides a comprehensive exploration of the threats and risk associated with the use of digital technology for remote healthcare. Through our "DigiRemote" research project, we aim to find out the challenges and risks involved in scaling remote health care, with specific focus on its technical and security dimensions. The article delves into the use of digital technologies, including Bluetooth-enabled IoMT devices, for monitoring health metrics in remote care settings. Emphasis is placed on understanding the threats in the generation, storage, and transfer of health data. By, utilizing the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) model, we identified major threats, which are visually represented via heatmaps and bar graphs for ease of analysis. The DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability) model assists in quantifying these threats, categorizing them into distinct risk levels, with detailed description of each threat category. In addition, we also suggest countermeasures for the highest-risk threats. This article serves as a pivotal resource for healthcare organizations and security professionals, shedding light on the risks of remote healthcare and providing mitigation strategies for both the implementation and post-implementation stages.


INTRODUCTION
In recent years, advancements in digital technologies including ICT (Information and Communication Technology), IoT (Internet of Things), digital storage, databases, cloud computing, computation, and high-speed connectivity have unlocked vast potential in the realm of remote healthcare, aiming to enhance overall public health.These technologies empower patients to gather their health data from the comfort of their homes.This data can then be digitally shared with healthcare professionals, allowing for assessments and recommendations without necessitating physical hospital visits [9].More and more, digital technology is being leveraged as a vital component of remote healthcare systems.This not only bolsters patients connection with their care providers but also introduces tools that push the boundaries of accessible preventative healthcare [20].The integration of digital technologies in remote care promises cost savings and an elevation in the quality of treatment [11].Through these technologies, both patients and healthcare professionals can share health data with remote clinical specialists.This exchange offers quicker, more efficient care management, ultimately saving time and resources for all parties involved.While there is currently no standardized terminology for remote care with researchers, academicians, and industries using varied terms like telemedicine, telehealth, telecare, e-health, and digital health we will consistently use "remote health care" for the purpose of this paper [22].
Society has become more digital, and patients have increased their expectations to receive remote care solutions from the health care providers.Patients are becoming more interested in digital health technology and are generally supportive of the use of personal health data to generate new information for improved treatments and management within health systems, as long as security and privacy is protected [17].The adoption of the diverse range of the digital technologies in remote care such as wearables gadgets, smart IoT devices, IoMT sensors and devices, gateways, smartphones, actuators, real-time audio and video transmission, augmented reality and web platform generates huge amount of sensitive data from patient.These generated health data are of much value to health care service provider to improve the quality of healthcare services provided.Moreover, these technologies and devices must communicate each other the public network (Internet) to exchange information on the environment such as Wireless Sensor Network (WSN), Device-to-Device communication, Machine-to-Machine Communication, RFID (Radio-Frequency Identification) network, HTTP (Hypertext Transfer Protocol) Network and Cyber-Physical System [3].So, the patient data collected, stored, processed and shared over the public network (Internet) during the remote care process may pose a security and privacy threats to both the patient and health care providers [13].
Figure 1 represents the typical remote care scenario where the patient at the home (point of care) is equipped with various medical sensors and wearables.These sensors and wearable can be directly connected to the Wi-Fi or cellular network and could exchange data to the cloud platform or could be connected to the cloud platform via gateways.Data analytics provides the ease for the healthcare provider to visualize the progress of the patient.It uses AI technology for analysis of the health data and provide recommendation which could be then verified by the healthcare professional if required and provide a diagnosis curated to the patient on online consultation or offline messaging.
In the wake of the COVID-19 pandemic, remote monitoring systems and other digital methods to get health care services are becoming increasingly popular throughout the world.Patients have increasingly involved themselves in managing their own health, such as using health applications on their smartphones.Also, they are being equipped with wearables, IoT, IoMT and medical sensor devices to collect their health parameters and visualize in their own smartphone or send to the health professional for further consultation [7].One of the examples can be the COVID patient measuring his continuous blood oxygen level in an interval with SPo2 measuring device and sending it via smartphone app when on video consultation with healthcare professional.By observing this health data healthcare professional will be able to provide him with correct diagnosis and inform him if he needs to be hospitalized or not.In the current model of healthcare, patients are expected to make an appointment with a healthcare facility in order to obtain even the most basic forms of advice or treatment.But advances in remote care and ubiquitous access to information and communications using digital technologies imply that individuals may ask inquiries and obtain treatment suggestions through their smartphone or other device rather than by visiting a clinic.An inexpensive digital diagnostic device (medical sensor, IoMT) that can measure vital signs, like temperature, oxygen saturation, respiration rate, and blood pressure, among others, in a simple and accurate manner using nothing more than a smartphone means that most people will no longer have to go to the doctor's office for care unless they are very ill or have complicated needs which saves patient time and money [5].The effectiveness and affordability of remote care system against the existing paradigm of clinics/hospitals visits is especially relevant when trying to combat the home care and global epidemic of chronic disease.

RELATED WORK
Abomhara et.al [1] meticulously analyzed telehealth system security using Microsoft's threat modeling process.This involved identifying valuable assets, cataloging potential threats (both internal and external) based on the STRIDE model [6], and devising a mitigation strategy.To validate this methodology, the telehealth trial system at the University of Agder's Center for eHealth and Healthcare Technology was examined with the Microsoft Threat Modeling Tool 2014.The findings not only highlighted the system's vulnerabilities but also emphasized the need for ongoing research.Future work will delve deeper into outsider threats and assess the robustness of the proposed protection measures in real-world settings.Cagnazzo et.al [4] delves into the realm of Mobile Health (mHealth), highlighting its potential to revolutionize healthcare by reducing costs and enhancing quality.As mHealth intersects with the Internet of Things (IoT), it brings forth challenges, notably in interoperability and security.The study emphasizes the need for robust authentication and encryption, especially for devices with constrained resources.By utilizing the STRIDE methodology, the paper identifies and classifies threats within a prototyped mHealth ecosystem.It further assesses the associated risks using the DREAD model [1], suggesting mitigation strategies.Key assets identified include network components, identity management systems, and databases, with potential threats posing risks like data integrity loss and confidentiality breaches.The paper underscores the importance of threat modeling in the security development lifecycle, offering a comprehensive insight into mHealth's security challenges.The article emphasizes the evolving security challenges in mHealth.Future research will focus on updating software and firmware for resilience against threats, testing adversarial inputs in AI-driven medical systems, and addressing the unique challenges posed by the diverse mHealth ecosystem.Continuous threat modeling is essential as mHealth technologies advance.Tseng et.al [21], addresses the security challenges IoT applications, particularly wearable health devices.As IoT applications grow, they face complexities due to device heterogeneity, influenced by factors like hardware capabilities and data transmission methods.The authors propose a strategy tailored for IoT-based health systems, simulating potential attacks using interfaces like Wi-Fi and Bluetooth to formulate testing methods.The study's implementation integrates IoT devices, such as smartphones and smartwatches, to monitor individual lifestyles outside medical facilities.This platform evaluates environmental risks, offers lifestyle guidance, and gathers diverse data, ensuring data privacy through HTTPS.The research adopts a systematic approach to IoT security threats, utilizing tools like Data Flow Diagrams and Penetration Testing.They also reference the STRIDE and DREAD models for risk assessment.In future endeavors, the authors aim to incorporate international standards, especially the under-development ISO/IEC WD 27030, to enhance their security measures, aiming for a robust protection mechanism.
Elhoseny et.al [10] provides a comprehensive exploration of the Internet of Medical Things (IoMT).As technology becomes increasingly integrated into healthcare, IoMT emerges as a pivotal advancement, offering enhanced patient care and overall health benefits.However, this integration brings forth significant security and privacy challenges.The authors address the existing research gap by presenting an in-depth review of IoMT's security and privacy facets, encompassing its ecosystem, current trends, potential vulnerabilities, and countermeasures.Their systematic methodology includes a thorough literature review, comparison with existing studies, and identification of challenges and future directions.Notably, the research emphasizes the importance of proactive security measures, suggesting technologies like intrusion prevention systems, encryption, risk assessment, and the integration of AI and blockchain.Furthermore, they highlight the need for trust management and awareness against social engineering threats.While the study does not delve into hands-on implementation, it offers invaluable insights, guiding future endeavors in IoMT security and privacy.Ngamboé et.al [15], delve into the cybersecurity risks associated with telemetry-enabled cardiac implantable electronic devices (CIEDs).As modern CIEDs become increasingly sophisticated, offering a myriad of functionalities, their prevalence in medical treatments has surged.These devices, pivotal in-patient care, communicate via radio frequency (RF) signals and interface with databases and online platforms through IP connectivity.However, this connectivity also exposes them to potential cyber-attacks, especially those targeting their RF interfaces.The study's methodology, rooted in the ISO/IEC 27005 standard, adopts a threat-oriented approach.It identifies potential malicious actors, including cybercriminals, spies, and even terrorist groups.By assessing the potential impact of attacks on health, finances, quality of life, and privacy, the researchers paint a comprehensive picture of the risks.They also explore various attack scenarios, considering the likelihood of each based on the attacker's capability and intent.The conclusions drawn emphasize the need for intensified research collaborations between academia and device manufacturers.While the study primarily focuses on CIEDs, it acknowledges that other implantable medical devices, like insulin pumps and cochlear implants, have their own set of vulnerabilities.The paper suggests broadening the scope of research to these devices and underscores the importance of considering even unintentional threats.In essence, this research underscores the criticality of understanding and mitigating the cybersecurity risks in the rapidly evolving landscape of medical devices.
Ondiege et al. [16] discussed the pressing need for bolstered security in Remote Patient Monitoring (RPM) devices, a technology that enables patient monitoring from home, enhancing healthcare quality while curbing costs.Despite its benefits, the healthcare sector faces significant cybersecurity threats, with a staggering 94% of organizations being cyberattack targets.This vulnerability is further exacerbated by the current RPM devices inadequate security measures and their limitations, such as restricted user capacities.Various global legislations, like the US HIPAA, Europe GDPR, and the UK's Data Protection Act 1998, have been established to safeguard personal health data, imposing penalties for breaches.However, many RPM systems still overlook security, often due to unfamiliarity with the technology.Personal Health Devices (PHDs) are not immune to threats either, ranging from usability issues to technical failures.To counter these vulnerabilities, threat modeling is suggested as a potent tool.While existing security frameworks offer some protection, they often fall short in addressing the unique needs of RPM devices.The authors advocate for a novel security framework, drawing inspiration from the United4Health telehealth functional model, which provides an in-depth security overview but has its limitations.This proposed framework encompasses a Home Area Network, emphasizing elderly usability, a Manager Device fortified against malware, and a Telemonitoring Server Infrastructure that leans on cloud storage for data reliability.A standout feature is the Capability-Based System, designed to authenticate only registered devices, thereby enhancing security.The framework emphasis is not solely on security.Recognizing the rise in chronic diseases and the possibility of multiple patients in a household, the model also focuses on usability.It introduces an NFC identification technique, especially beneficial for the elderly with cognitive challenges, ensuring easy device access in multi-user environments.In essence, this comprehensive framework seeks to address both the security and usability challenges in RPM devices, ensuring patient safety, data integrity, and ease of use.
In the rapidly advancing digital health technologies landscape, each remote health care system, which may telehealth platforms, Mobile Health (mHealth) technologies, the Internet of Medical Things (IoMT), telemetry-enabled cardiac implantable electronic devices (CIEDs), or Remote Patient Monitoring (RPM) devices, is prone to a myriad of threats and vulnerabilities.All the authors discussed above converge on the theme that, while these technologies usher in a transformative era in healthcare, the risks they face are multifaceted and ever evolving.These threats, both internal and external, can range from system vulnerabilities to cyberattacks targeting specific device interfaces.Moreover, the risk profile for each system, model or device is not universal; it varies based on its design, application, and the environment in which it operates.This underscores the imperative for a case-by-case threat analysis, proactive mitigation strategies, and an adaptable approach to ensure robust security measures.The literature consistently highlights the importance of ongoing research, continuous threat modeling, and the integration of global standards to navigate these security challenges.It is evident that in our pursuit of healthcare innovation, the parallel track of meticulous risk assessment and management remains paramount.This dual endeavor not only ensures that technological advances are harnessed effectively but also safeguards the fundamental tenets of patient safety, data integrity, and system reliability.Therefore, in this article, we try to assess the potential threats and their risks metrics associated with Internet of Medical Things (IoMT) devices, which are integrated into the remote care procedures of our DigiRemote project.Our discussion focuses on an aggregate analysis of IoMT devices that are Bluetooth-enabled, rather than focusing on a specific device.These devices are designed to measure a diverse range of health and environmental parameters to facilitate the provision of remote care to patients.Furthermore, based on our analysis, we aim to identify potential security measures for the identified high-risk threats.These measures are not only identified to address the observed vulnerabilities but also to proactively mitigate the elevated risks associated with these devices.

THE CASE OF DIGI-REMOTE PROJECT
The researchers participating in Digi-Remote research project which span from 2021 to 2024 will research different aspects of using digital tools to improve the quality of remote healthcare in Norway and China.The goal is to expand the availability of digital healthcare to more people by developing efficient methods, systems, and solutions for this purpose.The ideas outlined by Barlow et al. [2] serve as the foundation for our growth initiatives, which center on expanding our reach, standardizing our processes, strengthening our capacities, encouraging employee agency, and adapting our projects to meet the needs of the future.The project is currently introducing these technology advancements in select hospitals throughout the two countries, benefiting Norwegians with chronic illnesses and Chinese patients recovering from heart and lung surgery.The primary focus of the research is to understand the difficulties encountered by both countries in fully implementing this technology.This endeavor is a joint effort amongst prestigious Norwegian academic institutions, each of which contributes its knowledge of digital innovation, strategic service development, corporate innovation, and cybersecurity.This effort is a partnership between a leading Norwegian business partner Dignio in remote health care and top-tier, research-focused hospitals in China.We see this as a bold first step that will lead to groundbreaking transdisciplinary discoveries that can benefit both the public sector and the private sector in both countries [14].
In our research project Norwegian IT company Dignio experience in both the development of digital technology for remote care and the design and the implementation of remote care services is the main vendor which provides the digital solution for research purpose.The solution includes a web-based patient monitoring portal Dignio Connected Care and a patient application My Dignio with integrated measuring devices for digital home follow-up.Healthcare professionals use the web-based portal to access patient data and manage care, while patients use the mobile app with Bluetoothconnected devices to view, record and report measurements (Blood pressure, Blood sugar levels, Weight, Temperature, Pulse, Oxygen saturation, Lung function and capacity, Activity, Sleep) [8].The system allows real-time data sharing between patients and healthcare professionals, supporting individualized follow-up.Wearable measuring devices are also integrated to enable at-home measurements.The platform scalability accommodates the addition of new measuring devices for continuous improvement.Dignio Connected Care is currently seamlessly integrated with over 20 medical measuring devices through standardized APIs.Patients data is effortlessly transferred via Bluetooth from the devices to their connected tablets or smartphones, and then seamlessly relayed to our platform for healthcare professionals.The initial pairing process is simplified within the platform, eliminating the need for managing Bluetooth connections.Patients can conveniently perform measurements at home, and the data is automatically recorded and transmitted to MyDignio on their tablets or phones.

ARCHITECTURE FOR REMOTE HEALTH CARE
The figure 2 depicts a multilayered and comprehensive data flow system in remote healthcare.Starting with the Sensing Layer, wearable devices and IoT sensors gather patient data.This data is then passed to the Gateway Routing layer, which directs it to the Local Storage Layer for temporary storage.The Data Routing layer subsequently sends this data to the Cloud Layer, which not only stores but also analyzes the information.For user and health care provider interaction, the Application Layer offers platforms to access this cloud-stored data.Meanwhile, Third Party Service Providers offer additional data analysis services.Also, "Third Party" signifies organizations outside the immediate healthcare sector that offer complementary services such as "Data Analytics" which derives meaningful insights from the stored data.Key healthcare stakeholders are identified: doctors and nurses who diagnose and treat patients; Health Admins overseeing system efficiency; Emergency Responders attending to urgent medical needs; and Health Service Providers as a whole delivering general remote healthcare.Finally, the Web/Mobile Platform term underscores the technological mediums users employ to interact with this data system.In essence, the architecture represents a comprehensive picture of how modern healthcare leverages technology and data for remote patient care.
In the realm of remote care, data flow and interactions are tailored to bridge distances and ensure timely care.For example, a patient at home wears a smartwatch (Sensing Layer) that monitors vital signs.If an irregularity is detected, the data is sent via their smartphone (Gateway Routing) to a local digital health repository (Local Storage Layer).From there, encrypted data is relayed (Data Routing) to a specialized cloud-based telehealth platform (Cloud Layer) that applies machine learning to determine urgency.The patient then receives alerts or recommendations on a dedicated telehealth app (Application Layer) where they can schedule virtual consultations.Third-party integrations might include services like virtual physiotherapy tools or mental health bots (Third Party Service Providers).This remote care ecosystem is supported by the expertise of health IT professionals creating secure platforms for predictive health analytics (Data Analytics), virtual consultations with doctors/nurses (Doctor/Nurse), administrators ensuring seamless service delivery (Health Admin), digital emergency response protocols for urgent cases (Emergency Responder), broader telehealth platforms offering diverse services (Health Service Provider), and both web and mobile platforms (Web/Mobile Platform) facilitating patient and caregiver interactions.The setup epitomizes the fusion of digital technology with healthcare, especially vital when direct physical interactions are limited.

THREAT MODEL AND DREAD ANALYSIS
Threat modeling assists in identifying system security threats and vulnerabilities, as well as how such threats may affect users and organizations.It also helps to identify the most cost-effective security solutions for mitigating cyberattacks.An important element of the risk assessment process is the threat model and identifying assets, analyzing threats, and taking countermeasures are the goals of this method [19].In remote care environment, health data are crucial aspects for providing care and are generated by various digital sensors and devices.The generated health data are collected, stored, processed, and shared at various stages of the remote care process.Hence, throughout these stages, the generated data is vulnerable to a range of adversarial threats and cyberattacks.So, here we seek to identify the various threats in several stages either from the attacker perspective and try to provide the countermeasure.
STRIDE is an acronym for six threat categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privileges [19].The method of threat modeling has been extensively studied by both academia and industry.STRIDE is the most mature and widely used tool for threat modelling which is being invented and adopted by Microsoft.When L. Kohnfelder and P. Garg created this approach, it was utilized in both academia and industry; it allows for the extraction of rigorous findings for the risks that the target systems are exposed to and may be applied even earlier in the design process [12].There are several other frameworks that are being used today for threat modelling are PASTA, LINDDUN, CVSS, Attack Trees, Persona non Grata, Security Cards, hTMM, Quantitative TMM, Trike, VAST modeling, and OCTAVE [18].But due to the extensive use of STRIDE model we also adopt .We will also evaluate threat based on the following category also: • Authentication threats • Authorization and access threats • Privacy threats • Adversary threats • Human threats After the STRIDE threats are addressed, a metric for the risk of an actual attack needs to be calculated.We will use the DREAD model to evaluate the likelihood of an attack by exploiting a particular threat.The DREAD model is a well-established framework employed to assess the potential risk associated with specific threats.It is a great way to determine how likely it is that an attacker will exploit a certain vulnerability.This model revolves around five key components, each focusing on a distinct aspect of risk.By understanding and evaluating these components, organizations can better predict the potential consequences and the feasibility of an exploit, guiding them in setting priorities for risk mitigation.
Below, we will discuss each part in greater detail: • Damage Potential (D): This refers to the potential harm or impact an exploit might have on the system or the organization as a whole.Will the attack cause temporary disruption, permanent data loss, or perhaps financial ramifications?This factor gauges the severity of the possible aftermath.• Reproducibility (R): This component focuses on the ease with which an attack can be reproduced.A vulnerability that can be easily and consistently exploited by attackers is considered to have high reproducibility.If an exploit requires a rare set of conditions to be met and can only be reproduced infrequently, its reproducibility score would be low.• Exploitability (E): This measure evaluates the level of difficulty associated with executing the attack.This analysis takes into account several factors, namely the requisite level of technical proficiency, the necessary equipment and resources, and the estimated time frame for effectively exploiting the vulnerability.• Affected Users (A): This gauges the scale or reach of the threat.It reflects the portion of the user base that would be impacted should the vulnerability be exploited.If a vulnerability exclusively impacts a limited fraction of users, the associated risk may be considered to be relatively smaller compared to a scenario where the entire user base is susceptible to the vulnerability.• Discoverability (Di): This measures how apparent or hidden the vulnerability is.If a flaw is easily discoverable and does not require specialized tools or deep knowledge to uncover, it has high discoverability.Conversely, vulnerabilities that are deeply hidden and require significant effort to identify have low discoverability.By quantifying each of these five components, a cumulative risk score (Risk  ) can be calculated using the formula: This cumulative score provides a holistic view of the threats potential risk, guiding organizations in their security decisions and mitigation planning.

Scenario: Bluetooth-Enabled Medical IoMT Devices for Remote Home Care
Description: Patients use Bluetooth-enabled medical IoT devices (like blood pressure monitors, glucose meters, and wearable fitness trackers) at home.These devices continuously collect health metrics from My Dignio App, which are then sent to a centralized cloudbased system or directly to the health care provider portal Dignio Connected Care for analysis.Remote care physicians, nurses, and healthcare providers can monitor the patient status in real-time, and the patient can also access their own data through a dedicated app.An additional feature later might allow sharing of health data with pharmacies for medication refills or with specialists for more comprehensive analysis.

Assets .
Here we will list out the possible information assets and physical assets.
• Patient personal and identification data (Name, DOB, Address, etc.).• Login credentials and access tokens.
• Software & firmware running on the devices and backend systems.• Data analytics, insights, and generated reports.
• Communication logs and interaction histories between the patient and remote care providers.

Physical Assets:
• The Bluetooth-enabled medical IoT devices themselves.
• Patient personal devices accessing health data (smartphones, tablets, PCs).• The cloud servers or direct-to-doctor portals.
• Patient home WiFi routers and networking equipment.

Data Flow Diagram (DFD).
After identifying all the assets, we aim to graphically illustrate the data "flow" through device, app, cloud, and data source highlighting its processing pathways.This visualization simplifies the identification of potential vulnerabilities and threat points.The primary purpose of providing a data sequence and DFD (Data Flow Diagram) is to offer a visual overview of the system that is comprehensible to both technical and non-technical stakeholders.In the figure 4 we can clearly map out a remote health care system where a patient IoT device sends health metrics to the "My Dignio App".This app encrypts and forwards the data to the "Dignio Connected Care Cloud" which both analyzes it and sends the results to healthcare providers and stores it in the "Patient Data Store".As the patient historical data is fetched from the datastore to the app, feedback (possibly diagnosis) flows from providers back to the app.Alongside this data flow, the diagram highlights a myriad of potential security threats at each stage, from device vulnerabilities like tampering to broader systemic threats like data breaches and supply chain attacks, emphasizing the criticality of robust cybersecurity measures in healthcare infrastructures.
From Figure 5, the data flow is depicted more clearly, making it easier even for non-technical users to identify potential threat points.

Possible Threats:
After careful analysis of the assets, sequence diagrams and DFD we pinpointed 27 potential threats throughout our scenario of remote care process, which encompasses the generation, storage, and transfer of health data using various digital tools.Our primary emphasis is on Bluetooth-enabled IoMT devices that generate health data and their role in the remote care setting.Table 1 enumerates all the threats we identified, categorized by STRIDE and threat type and T.XX in Threat Number (T.N) column represent the threat number.The STRIDE category and threat type also offer insights into their interrelation, which we will delve into and visualize subsequently.
The heatmap in figure 6 provides a visual representation of the relationship between STRIDE elements and various threat categories.Each cell color intensity indicates the number of threats at the intersection of a STRIDE element and a threat category, with darker shades signifying a higher threat count.From the heatmap, it is evident that "Tampering" threats predominantly fall under the  "ADVERSARY THREATS" category.This suggests that unauthorized alterations of data or systems are a significant concern for this category.Similarly, "Information Disclosure" threats, involving unauthorized access to information, are majorly associated with "PRIVACY THREATS".This highlights the risk of private data being exposed or accessed without permission.On the other hand, certain STRIDE elements like "Repudiation" have fewer associated threats, evident from the lighter shades in their respective column.This indicates that actions denying performed activities might not be as prominent a threat in the scenario provided.In essence, this heatmap offers a consolidated view of how threats are distributed across STRIDE elements and categories.It serves as a quick reference for organizations to identify potential vulnerabilities and prioritize security measures based on the most prevalent threats.The bar graph in figure 7 provides a visual depiction of the distribution of threats across the STRIDE framework.This framework categorizes threats based on the nature of the potential security risk they represent.From the graph, "Tampering" emerges as the most prominent STRIDE element, indicating a high number of threats associated with unauthorized alterations to data or systems.This underscores the significance of ensuring data integrity and the importance of implementing measures against unauthorized system modifications."Information Disclosure" also shows a high threat count, highlighting concerns around unauthorized access or exposure of sensitive information.This emphasizes the need for robust data protection mechanisms and secure communication channels to prevent inadvertent or malicious data leaks.Conversely, elements like "Repudiation" have fewer associated threats in the scenario, suggesting that the risk of individuals denying their actions might not be a primary concern in this context.
In summary, the graph in figure 7 offers valuable insights into which STRIDE elements are most prevalent in the given scenario.Organizations can use this information to tailor their security strategies, focusing on the most prominent threat vectors and ensuring comprehensive protection against potential vulnerabilities.
The bar graph in figure 8 illustrates the distribution of threats across different categories.Among these, "Adversary Threats" stands out as the most prevalent, indicating a dominant concern with threats originating from malicious actors or entities aiming to exploit system vulnerabilities.This is followed by "Privacy Threats", which underscores the challenges and risks associated with unauthorized data access and breaches of confidential information.Conversely, categories like "Authentication Threats" have fewer incidents, suggesting that while still important, they might not be the primary focus in the given scenario.The graph underscores the importance of understanding and prioritizing defenses against the most dominant threat categories to ensure a robust security posture.   2 Table 3 offers a comprehensive analysis of each factor, presenting the overall RiskD for every threat.In the 'Reason/Comment' column, individual factors are differentiated using the initials D, R, E, A, and Di." We have undertaken a systematic categorization of threats using their RiskD scores.The scoring framework is as follows: • Low Risk (Score 30-36): Threats that fall within this range have a relatively lower potential to cause harm or disruption.These threats, while still needing attention, may not be as pressing or severe as those in the higher categories.In our assessment, we identified 8 such threats that fit into this category.• Medium Risk (Score 36-43): Threats with scores in this range represent a moderate level of risk.They have a higher potential to impact systems or data than low-risk threats, and addressing these should be of significant importance.Our analysis revealed 13 threats that belong to this medium risk category.• High Risk (Score above 43): These are the threats with the most potential to cause substantial harm or disruption.They demand immediate attention and mitigation strategies due to their severe nature.We found 6 threats that fall into this high-risk bracket.
It is crucial to address all threats based on their risk category to prioritize security measures effectively.
In interpreting radar charts, the profile of each threat across different dimensions becomes apparent.Each axis represents a distinct category, and the distance from the center signifies the threats magnitude in that category.By examining the shape formed by the points for each threat, one can swiftly gauge the areas of most concern.However, it is crucial to complement these visual interpretations with domain knowledge and contextual understanding, as the actual impact and mitigation strategies might depend on various external factors.
Low Risk Threats: The threats in this category have a relatively low overall risk score (RiskD score between 30-36).Notably, "Supply Chain Attacks" and "Insider Threats" show a higher concern in the "A" category, while they register relatively lower in the "R" category.On the other hand, "Physical Security Breaches" and "Lack of Physical Security Measures" consistently show low scores across all categories.Additionally, "Device Malfunction" and "Interoperability Issues" tend to have a slightly higher concern in the "A" category.Medium Risk Threats: These threats have a moderate overall risk score (RiskD score between 36-43).Significant observations include the pronounced spike for "DoS Attacks" and "Weak Passwords" in the "R" category, indicating these threats heightened perception.In contrast, "Firmware Vulnerabilities" and "Lack of Updates/Patches" remain consistent across most categories but dip slightly in the "E" category.Moreover, "Man-in-the-Middle Attacks" and "Data Interception and Eavesdropping" emphasize a higher concern in the "Di" category compared to other threats in this group.High Risk Threats: Threats in this high-risk category possess a risk score above 43."Insecure Communication" and "Inadequate Encryption" consistently score high across all categories, marking them as top threats.The "Weak Passwords" threat notably stands out in the "R" and "Di" categories, while "Data Integrity Issues" and "Social Engineering" showcase an even risk distribution, suggesting a consistent threat in every dimension.Table 4 offers a summary of threat categorization based on their RiskD score, distinguishing between low, medium, and high-risk levels.
5.1.5Countermeasure.We will now outline the countermeasures that need to be adopted to address high-risk threats.While all threats are critical and must be addressed promptly, prioritizing high-risk threats is especially essential.In digital remote care scenarios, health data is transmitted, stored, and analyzed, often across various communication channels.These operations can be particularly sensitive due to the nature of the information involved.Given this context, let us tailor our countermeasures to meet the specific needs of digital remote care: • T.2 Data Breaches (Score: 44) -Countermeasures: * Ensure health data storage systems have stringent access controls.* Use data loss prevention tools specific to healthcare data to monitor and control transfers.* Regularly back up patient data and ensure backups are encrypted and stored securely.* Use medical-specific vulnerability assessments and penetration testing solutions.

CONCLUSION
In this study, we delve into the architecture of remote healthcare, presenting a comprehensive overview.Additionally, we introduce the research project "DigiRemote", which primarily aims to identify the challenges and risks associated with scaling remote health care processes.Our primary focus in this article lies on the technical dimensions, especially the security aspects of remote health care, rather than its socio-technical or administrative facets.We explore the adoption of digital technologies, like Bluetooth-enabled IoMT devices, for monitoring health parameters within remote care settings.Our aim is to understand and identify potential threats and risks that arise during the generation, storage, and transfer of health data.Using the STRIDE model and specific threat categories, we were able to discern major threats.These threats have been visually represented through heatmaps and bar graphs, enabling security officers to swiftly assess and strategize how best to manage these challenges.The DREAD model further helped us quantify threat metrics, categorizing them into high, medium, and low risk brackets.We subsequently proposed countermeasures for high-risk threats.We believe this article will be a valuable resource for healthcare organizations and security personnel, offering insights into potential risks associated with implementing remote healthcare processes and strategies to mitigate these challenges both pre and post-implementation.This study also come with limitation as the research is focused specifically on digital technology particularly IoMT devices used for remote patient monitoring, and does not cover the full spectrum of digital technologies used in remote care.
The threats and risk assessment may not apply equally to other devices, platforms or communication protocols.The study examines threats in a generic remote care scenario.Findings may not translate directly to specific implementations of remote care systems in different healthcare organizations.Real-world deployments may face additional threats based on their architecture, size, locations etc.
Only high level countermeasures are presented.More detailed technical recommendations are needed for organizations to implement robust security practices tailored to their specific environment.In our future endeavors, we aim to delve further into specific devices rather than an all-encompassing approach.Our intent is to scrutinize software and hardware-related threats and risks, facilitated by tests in our laboratory.Additionally, we will delve deeper into software testing for web and app platforms to unearth more potential threats.Ultimately, we hope this article serves as a foundational reference for both technical and non-technical stakeholders in our project, promoting heightened security awareness as they integrate and scale these devices within the remote health care framework.

Figure 2 :
Figure 2: Architecture for Remote Health Care

Figure 3
depicts the process flow for Threat Identification, Assessment, Categorization, and Risk Assessment.The following steps are involved: Steps: a: Outline the Scenario b: Recognize Assets (Both Informational and Physical) c: Create Data Flow Diagram (DFD) d: List all possible Threats.(STRIDE Model) (Threat Category) e: Rank Threats (DREAD Model) f: Develop a Mitigation Plan.

Figure 3 :
Figure 3: Threat Identification, Assessment, Categorization and Risk assessment process

Figure 4 :
Figure 4: Possible Threat Points Data Sequence Diagram

5. 1 . 4
DREAD Analysis.DREAD is a methodology used to assess risk in a security threat environment.The DREAD model evaluates five different metrics, and each metric is typically scored on a scale of 1-10.We have already explained above in detail about the DREAD method already.The values in a DREAD analysis are typically determined through a combination of expert judgment, historical data, and sometimes educated guesswork.Here is how each DREAD factors value might be assigned: 1 could represent minimal risk or concern, while 10 represents the maximum risk or extreme concern.

Figure 7 :
Figure 7: STRIDE vs Number of Threats

Table 1 :
Identified Possible Threats