The Internet of Things (IoT) has not been around for very long. However, since the notion of IoT introduced, most of IoT studies focused on a strategic level such as planning, architectures, standardization, and latest technologies, however, studies of risk management plan of IoT are still lacking.  IoT has been widely used to link existing medical resources and provide reliable, effective and smart healthcare services to elderly and patients with chronic illnesses.  However, a systematic process is missing when managing and anticipating the risk of IoT usage in healthcare.  For this purpose, this paper extensively explores various IoT technologies used in health care services and its security challenges. As a result, IoT Security Risk Model for Healthcare is introduced to cater a complete process of risk management based on ISO/IEC 27005:2018 standard.  It is believed that by having this model, it will emphasize on iterative IoT risk management process as it may increase the depth and detail of the assessment at each iteration.