1- RiskOps Health / IoMT — Open-Source Toolkit
1+ # RiskOps Health / IoMT — Open-Source Toolkit
2+
23License: MIT
34Python: 3.9+
45Tests
56Coverage
6- Empowering small healthcare orgs to manage IoMT cybersecurity risks with a lightweight, scriptable framework.
7- Overview
7+
8+ ### Empowering small healthcare orgs to manage IoMT cybersecurity risks with a lightweight, scriptable framework.
9+
10+ ## Overview
811Focus: Risk assessment, compliance mapping (ISO 27001, HIPAA, GDPR), and IoMT-focused detection/pentest tools for clinics, labs, and practices.
912Inspired by EBIOS RM – no heavy tools or consultants needed.
10- Why RiskOps?
13+
14+ ## Why RiskOps?
1115
1216Challenges for SMEs: Limited time, budget, staff, and IoMT-specific tools.
1317Solutions Provided:
@@ -17,28 +21,30 @@ Detection rules for HL7/DICOM (pilot).
1721Non-intrusive pentest checklists (design phase).
1822
1923
20- Key Features
21- GRC Engine (src/riskops/grc/)
24+ ## Key Features
25+
26+ ### GRC Engine (src/riskops/grc/)
2227
2328Load/validate CSV risk matrices.
2429Score risks (Probability × Impact).
2530Map to controls: ISO 27001, HIPAA, GDPR.
2631Gap analysis & reports.
273290% test coverage.
2833
29- Detection (Pilot)
34+ ### Detection (Pilot)
3035
3136HL7/DICOM rules.
3237Data flow docs (PACS, RIS, HIS).
3338
34- Pentest Light (Design)
39+ ### Pentest Light (Design)
3540
3641SAFE approach: Non-intrusive checks.
3742Attack surface & hardening reviews.
3843
39- Project Status
44+ ## Project Status
4045Active development: GRC stable; detection/pentest in pilot. Experimental parts may evolve.
41- Quality Pipeline
46+
47+ ## Quality Pipeline
4248
4349Type: mypy
4450Lint: ruff
@@ -47,17 +53,21 @@ Tests: pytest (>90% coverage)
4753Security: SBOM (syft), scans (trivy) via tools/sec_checks.sh
4854
4955CI: GitHub Actions for QA, security, builds.
50- Quickstart
51- bashgit clone https://github.com/mak3r-cyber/healthcare-iomt-risk.git
56+
57+ ## Quickstart
58+ ``` bash
59+ git clone https://github.com/mak3r-cyber/healthcare-iomt-risk.git
5260cd healthcare-iomt-risk
5361python -m venv venv
5462. venv/bin/activate
5563pip install -r requirements.txt -e .
5664pytest tests/test_grc -v
5765python tools/csv2xlsx.py # Generates risk_matrix.xlsx
66+ ```
5867Output: Excel with scored matrix, heatmap, dashboard.
59- Structure
60- text.
68+
69+ ## Structure
70+ ``` text
6171├── 01-Research/ # IoMT refs
6272├── 02-Matrices/ # CSV inputs
6373├── 03-Methodology/ # EBIOS RM docs
6979├── tests/ # Unit tests
7080├── tools/ # Utils (csv2xlsx, sec_checks)
7181└── LICENSE, ROADMAP.md...
72- Business Processes
82+ ```
83+
84+ ## Business Processes
7385Reusable: Incident Mgmt, Risk Mgmt, Access, ISO 27001, NIS2. See 05-Business-Processes/.
74- Methodology
86+
87+ ## Methodology
7588EBIOS RM Light steps:
7689
7790Scope
@@ -82,29 +95,34 @@ Treatment
8295Monitor
8396
8497Covers: GDPR Art.32, ISO 27001, HDS, EU MDR, NIS2.
85- Sources
98+
99+ ## Sources
86100
87101Regulators: CNIL, ANSSI, EU.
88102Standards: ISO 27k, NIST 800-30/66.
89103Med Devices: FDA, IEC 62304/80001, CVEs.
90104Protocols: HL7 FHIR, DICOM, BLE, 802.1X.
91105
92- Roadmap
106+ ## Roadmap
93107
94108v0.2.x: Stable GRC, 25+ scenarios, Excel tool, HL7 pilot.
95109Next: Case studies, reports, 50+ risks, enriched modules, FR/EN support.
96110
97- Contribute
111+ ## Contribute
98112Welcome! Areas: Risks, cases, tools, docs, fixes.
99- bashgit checkout -b feature/xyz
113+ ``` bash
114+ git checkout -b feature/xyz
100115# Code...
101116git commit -m " feat: xyz"
102117git push origin feature/xyz
103118# PR to main
104- Authors
119+ ```
120+
121+ ## Authors
105122Kamilia & Lazreg Meliani
106123Cybersecurity Leads: GRC, ISO, EBIOS, Audits.
107- Contact
124+
125+ ## Contact
108126
109127Issues: GitHub.
110128LinkedIn: Kamilia Meliani.
0 commit comments