How do healthcare organizations (from small Practices to large HDOs) evaluate adherence to the cybersecurity and privacy protection of Medical Internet of Things (MIoT) used in clinical settings? This paper suggests an approach for such evaluation using National Institute of Standards and Technology (NIST) guidance. Through application of NISTIR 8228 Expectations it is possible to quantitatively assess cybersecurity and privacy protection, and determine relative compliance with recommended standards. This approach allows organizations to evaluate the level of risk a MiOT device poses to IT systems and to determine whether or not to permit its use in healthcare/IT environments. This paper reviews the current state of IoT/MiOT cybersecurity and privacy protection using historical and current industry guidance & best-practices; recommendations by federal agencies; NIST publications; and federal law. It then presents similarities and differences between IOT/MiOT devices and "traditional" (or classic) Information Technology (IT) hardware, and cites several challenges IoT/MiOT pose to cybersecurity and privacy protection. Finally, a practical approach to evaluating cybersecurity and privacy protection is offered along with enhancements for validating assessment results. In so doing it will demonstrate general compliance with both NIST guidance and HIPAA/HITECH requirements.

翻译：保健组织(从小习惯到大型保健组织)如何评价临床环境中使用物质医疗互联网(MIOT)的网络安全和隐私保护的遵守情况?本文件建议采用国家标准和技术研究所(NIST)指南进行这种评价的方法。通过应用NISTIR 8228 期望,可以对网络安全和隐私保护进行定量评估,并确定相对遵守建议标准的情况。这种方法使各组织能够评价MIOT装置对信息技术系统构成的风险程度,并确定是否允许在保健/信息技术环境中使用这种装置。本文件审查IOT/MIOT网络安全和隐私保护的现状,并使用历史和当前的行业指导和最佳做法;联邦机构的建议;NIST出版物;以及联邦法律。然后,它介绍了IOT/MIOT装置与“传统”(或经典)信息技术硬件之间的相似和差异,并列举了IOT/MIOT对网络安全和隐私保护构成的若干挑战。最后,在评估网络安全和隐私保护以及验证评估结果的同时,还提出了一种实用的方法。这样做将显示对NIST/HISTA的要求的普遍遵守情况。