The Internet of Medical Things (IoMT): Analysing Cybersecurity Threats in Connected Healthcare Devices

The Internet of Medical Things (IoMT) represents a form of interconnected healthcare technology that profoundly challenges conventional cybersecurity mechanisms. Defined broadly, it involves networked medical devices that continuously collect, transmit, and analyse patient data through interconnected systems. Unlike traditional standalone medical equipment that operates in isolation, IoMT devices are frequently vulnerable to cyber threats due to their connectivity, data transmission capabilities, and integration with broader healthcare networks. These devices are typically designed with functionality prioritized over security, often with inadequate encryption protocols and limited security updates. These characteristics make IoMT cybersecurity particularly challenging, as attackers may exploit multiple vulnerabilities simultaneously, and the devices may operate across different healthcare systems or span several years without security patches. In countries where healthcare digitization has advanced rapidly, such threats are approached through specialized cybersecurity frameworks and regulatory oversight. However, in India, the healthcare technology framework continues to apply generic cybersecurity approaches to all medical devices, regardless of connectivity risks or data sensitivity. This absence of IoMT-specific cybersecurity protocols impairs both the protection and secure deployment of connected medical devices.

India's encounter with healthcare cybersecurity threats is not a recent phenomenon. Cases such as the 2017 WannaCry ransomware attack affecting healthcare institutions globally, data breaches in Indian hospital systems, and the growing incidents of medical device vulnerabilities reveal that this country faces significant challenges in securing connected healthcare technologies. These incidents also expose the limitations of India's healthcare cybersecurity approach, which tends to treat each device as an isolated system rather than part of an interconnected ecosystem. Security assessments are often fragmented, lacking coordination between healthcare institutions and cybersecurity specialists. The National Health Authority (NHA), while promoting digital health initiatives, does not classify or track IoMT-specific cybersecurity incidents as a distinct category, thereby failing to recognize patterns early or support proactive security interventions. In contrast, international agencies like the Food and Drug Administration (FDA) in the United States employ frameworks such as cybersecurity guidelines for medical devices and mandatory security assessments to analyse device vulnerabilities, ensure secure deployment, and predict potential attack vectors. The gap between global best practices and India's healthcare cybersecurity approach highlights an urgent need for reform.

This research aims to critically examine the adequacy of India's current cybersecurity framework in handling IoMT devices, with particular focus on the technological and behavioural dimensions of cyber threats. It aims to investigate whether the absence of specialized IoMT cybersecurity protocols is contributing to security vulnerabilities, inadequate threat detection, or improper risk assessment in connected healthcare environments. Furthermore, the study attempts to gauge the perceptions and experiences of healthcare stakeholders—those who implement and manage IoMT systems in clinical settings—through structured analysis. Their insights are essential for determining whether there is operational and institutional readiness for introducing dedicated cybersecurity frameworks that incorporate threat assessment, vulnerability management, and incident response protocols within healthcare technology deployment.

Cybersecurity in healthcare technology is not a new phenomenon in human history. The earliest known attempts to secure medical information date back to traditional paper-based systems with physical access controls and confidentiality protocols. These approaches evolved significantly with the digitization of healthcare in the late 20th century, incorporating database security, network firewalls, and access authentication systems. Modern healthcare cybersecurity became institutionalized in the 2000s with regulations like HIPAA in the United States, which established standards for protecting patient health information. The development of specialized frameworks for medical device security emerged through initiatives by organizations like the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Empirical validation for IoMT cybersecurity as a critical healthcare component came through academic research and real-world incidents; for instance, studies have demonstrated that connected medical devices face significantly higher security risks compared to standalone equipment. However, in India, IoMT cybersecurity remains largely theoretical. As various healthcare technology reports indicate, specialized cybersecurity measures for connected medical devices have found limited application in actual healthcare deployments and are neither mandated by regulations nor supported by institutional frameworks.

The Information Technology Act of 2000, and subsequent healthcare digitization policies provide frameworks for data protection and cybersecurity in India's digital infrastructure. While these regulations offer mechanisms for data privacy, network security, and digital authentication, they remain structurally insufficient for addressing IoMT-specific vulnerabilities. Healthcare technology deployment guidelines focus on interoperability, data exchange standards, and digital health record management, yet none explicitly acknowledge the unique cybersecurity challenges posed by interconnected medical devices operating in clinical environments. There is also no provision for specialized cybersecurity assessments or mandatory security protocols for IoMT devices, unless related to general data protection requirements. This regulatory gap becomes problematic in IoMT implementations, where device vulnerabilities can directly impact patient safety and healthcare delivery. Currently, Indian healthcare institutions must rely on generic cybersecurity measures, limited technical expertise, and ad-hoc security implementations. There is no regulatory guideline for IoMT-specific threat assessment, nor is there institutional support for integrating cybersecurity expertise into healthcare technology management. This systemic inadequacy, particularly when IoMT adoption is accelerating globally, points to a critical research gap.

The Indian healthcare and technology systems face multiple challenges in adapting to IoMT cybersecurity requirements. One of the foremost issues is the lack of trained cybersecurity specialists with healthcare technology expertise within medical institutions. Without access to specialized professionals, healthcare administrators are unable to assess device vulnerabilities, implement appropriate security controls, or respond effectively to cyber incidents. Furthermore, India lacks centralized cybersecurity monitoring systems specifically designed for healthcare environments, similar to specialized health sector cybersecurity centres in developed countries. This absence of integrated security monitoring prevents healthcare institutions from detecting threats early or coordinating responses across different facilities. Additionally, there is no regulatory flexibility to allow for specialized cybersecurity protocols tailored to different types of medical devices or clinical environments. Medical colleges and healthcare administration programs do not offer structured training in healthcare cybersecurity or IoMT security management as part of their curriculum, creating knowledge gaps among healthcare professionals. Interdisciplinary collaboration between healthcare institutions and cybersecurity organizations is virtually non-existent. Research on healthcare cybersecurity frameworks and IoMT security protocols suggests that systematic approaches to device security assessment and threat monitoring could significantly improve protection levels. The Indian healthcare system, however, lacks both the regulatory mandate and institutional capacity to implement such specialized security measures.

The popularization of digital health technologies and increased awareness of cybersecurity risks have led to growing concern about IoMT security among healthcare stakeholders in India. Healthcare digitization initiatives, telemedicine expansion, and the adoption of connected medical devices have familiarized healthcare professionals with concepts like device vulnerabilities, data encryption, and network security. This growing awareness has sparked discussions within healthcare management and medical technology communities across the country. Yet, the practical implementation of comprehensive IoMT cybersecurity measures remains limited. Most healthcare institutions lack the technical expertise, financial resources, or regulatory guidance needed to implement specialized security protocols for connected medical devices. In academia, the study of healthcare cybersecurity and IoMT security is gaining attention through research initiatives and professional development programs. However, these efforts remain optional and are not integrated into mainstream healthcare technology management practices. Without systematic incorporation of IoMT cybersecurity into healthcare technology deployment and management procedures, the insights from these initiatives remain underutilized.

Comparing with countries like the United States, United Kingdom, and Canada, IoMT cybersecurity is not just a theoretical concern but a legally mandated requirement with established implementation frameworks. The FDA's cybersecurity guidelines for medical devices have been operational since 2014 and require manufacturers to demonstrate security measures throughout the device lifecycle. The U.K.'s National Health Service (NHS) has implemented comprehensive cybersecurity frameworks specifically for healthcare technology, including mandatory security assessments for connected medical devices. In Canada, healthcare cybersecurity standards are integrated into provincial health technology procurement and deployment processes. These systems are effective because regulatory frameworks support specialized security measures, and healthcare institutions have access to trained cybersecurity professionals with healthcare technology expertise. In contrast, Indian healthcare institutions rely primarily on generic cybersecurity measures without specialized protocols for medical devices. IoMT cybersecurity is neither mandated by regulations nor supported by institutional frameworks. Unless India develops comprehensive healthcare, cybersecurity policies and builds specialized technical capacity, it risks significant vulnerabilities in its expanding digital health infrastructure.

IoMT devices pose unique cybersecurity challenges that extend beyond traditional information technology security concerns. When healthcare institutions deploy connected medical devices without adequate security protocols, they create vulnerabilities that can directly impact patient safety, compromise sensitive health data, and disrupt critical healthcare services. The interconnected nature of IoMT systems means that a security breach in one device can potentially affect entire healthcare networks, creating cascading risks that traditional cybersecurity approaches are not designed to address. The Indian healthcare framework, while advancing rapidly in digital health adoption, remains inadequately prepared to secure IoMT implementations in a manner that ensures patient safety and data protection.

This research, therefore, undertakes a comprehensive approach to understanding IoMT cybersecurity challenges in the Indian healthcare context. Through systematic analysis of cybersecurity threats, assessment of current security measures, and evaluation of stakeholder perceptions, the study aims to develop evidence-based recommendations for enhancing IoMT cybersecurity in Indian healthcare systems. The research objectives focus on identifying key cybersecurity threats, assessing their potential impact on patient safety and data privacy, evaluating current security frameworks, and proposing strategies for improving IoMT cybersecurity. Through this comprehensive examination, the study seeks to contribute to the development of more secure, resilient, and patient-safe IoMT implementations that can support India's healthcare digitization goals while maintaining the highest standards of cybersecurity and patient protection.

Objectives

• To identify the key cybersecurity threats affecting Internet of Medical Things (IoMT) devices
• To assess the potential impact of these threats on patient safety and healthcare data privacy
• To evaluate the effectiveness of current security measures and regulatory frameworks for IoMT
• To recommend strategies for enhancing the cybersecurity of connected healthcare devices

Research Question

• What are the primary cybersecurity threats facing IoMT devices in modern healthcare systems?
• How effective are current technical and regulatory measures in mitigating cybersecurity risks in IoMT?

Joyia et al. [1], The objective of the paper is to explore and present the contributions of the Internet of Things (IoT), specifically the Internet of Medical Things (IoMT), in the healthcare domain, focusing on how IoMT enhances the accuracy, reliability, and productivity of medical devices. The methodology is based on a review of existing research contributions, applications, and emerging challenges related to IoT integration in medical services. The paper emphasizes the role of IoT in digitizing healthcare by interconnecting medical resources and services, and provides a detailed account of the applications and limitations within the IoMT framework. The findings highlight the significant potential of IoT to transform the healthcare industry and underscore the importance of understanding both past contributions and current challenges to facilitate further research and practical advancements in the field.

Gatouillat [2], the objective of the paper is to enhance the understanding of how the Internet of Medical Things (IoMT)—the interconnection of communication-enabled medical devices within broader health networks—can be improved in terms of reliability, safety, and security. The methodology involves a comprehensive literature review of recent research contributions, particularly those that apply formal methodologies from the cyber-physical systems (CPS) community to address critical challenges in IoMT. The findings highlight the practical benefits of democratizing medical devices for both patients and healthcare providers, while also acknowledging that significant challenges remain. The paper concludes by identifying unexplored research directions and emerging trends, offering insights into potential solutions for addressing currently uncharted issues in the field of IoMT.

Hatzivasilis et al. [3], The objective of the paper is to explore the intersection of the Internet of Medical Things (IoMT) and the Circular Economy (CE) in the healthcare sector, with a particular focus on identifying and addressing the growing security and privacy risks associated with the increasing use of mobile, wearable, and telemedicine devices. The methodology involves a comprehensive review of current IoMT implementations in CE-based healthcare services—such as remote sensing and e-visits—while analysing the emerging threats posed by trends like Bring Your Own Device (BYOD) and the reuse of devices by multiple stakeholders. The findings highlight that as IoMT devices handle highly sensitive medical data, they are becoming prime targets for ransomware and other cyberattacks, yet medical users and vendors often underinvest in security measures. The paper proposes a set of core security and privacy controls as a best-practices guide to help secure IoMT systems within CE frameworks, emphasizing that known vulnerabilities can be effectively mitigated when appropriate and relevant safeguards are implemented.

Nkomo and Brown [4], the objective was to create a hybrid cybersecurity framework for Internet of Medical Things (IoMT) that addresses the lack of specific standards tailored to IoMT security and helps safeguard patient safety while maintaining the security and privacy of patient information, particularly useful for the UK healthcare industry as it moves towards full adoption of IoMTs. The methodology involved extending the NIST cybersecurity framework Version 1.1 to develop a hybrid approach that addresses the specific security challenges of IoMT, recognizing that existing cybersecurity frameworks such as ISO 27000 x series, NIST CSF 2018, or COBIT are either outdated or lack the required approach to protect IoMT technology. The findings demonstrated that despite IoMT benefits in healthcare, achieving robust security and privacy remains a huge challenge due to increased information flow from IoMT endpoints and applications that expands the risk landscape, with risks including potential harm to patient safety, compromise to patient health information, and unauthorized device access; however, the proposed hybrid framework addresses these concerns while acknowledging that with proper security measures in place, IoMTs can deliver more benefits than risk, particularly in addressing GDPR compliance issues in the domain of consent and providing guidelines for implementing security controls in IoMT environments.

Vishnu et al. [5], The objective of the paper is to provide an overview of the Internet of Medical Things (IoMT) and its transformative role in the healthcare sector, focusing on areas such as remote healthcare monitoring, ingestible sensors, mobile health, smart hospitals, and enhanced chronic disease treatment. The methodology adopted is a descriptive and analytical review of existing technologies, relying on secondary data to examine the development of smart sensors, smart devices, and advanced communication protocols that enable seamless interconnectivity among medical devices. The findings highlight that IoMT facilitates real-time, automated health monitoring and diagnosis without human intervention, improving the accuracy, efficiency, and personalization of healthcare services. Applications such as wearable and ingestible sensors, remote diagnostics, and smart healthcare infrastructures significantly enhance patient care and chronic disease management.

Yaacoub et al. [6], The objective of the paper is to address the growing challenges faced by traditional healthcare systems, particularly in light of increasing patient loads, by emphasizing the potential of the Internet of Medical Things (IoMT) to enhance accuracy, reliability, and efficiency in healthcare delivery. The methodology involves a detailed review and classification of existing IoMT security and privacy issues, along with an analysis of current cryptographic and non-cryptographic solutions based on their computational complexity and resource requirements. The paper highlights the trade-off between security and system performance in the evolving digital healthcare (v4.0) era, and discusses the need for optimized security approaches such as lightweight cryptographic algorithms and resource-efficient protocols. The findings stress the critical importance of implementing appropriate security measures and training to protect IoMT systems from cyber threats. The authors propose a five-layered security framework incorporating intrusion detection/ prevention systems and dynamic shadow honeypots to mitigate known attacks and safeguard patient privacy, while acknowledging that zero-day attacks remain a significant unresolved challenge.

Thomasian and Adashi [7], the objective was to analyse the robustness of existing policy measures in securing Internet of Medical Things (IoMT) technologies, focusing on the US regulatory ecosystem including industry frameworks, public-private partnerships, and transparency initiatives. The methodology involved a qualitative review of medical cybersecurity literature, collecting federal and international legal documents, policy reports, industry frameworks, cyberbreach analyses, and scientific journal articles. The findings revealed that current regulatory guidance emphasizes device identification, legacy device management, enhanced physical security, and breach detection, with recent trends strengthening federal enforcement authority for baseline security safeguards; however, significant gaps exist requiring additional guidance for retrofitted IT infrastructures, edge-to-cloud interfaces, off-the-shelf components, and emerging threats like novel attack vectors, autonomous cyber-physical systems, and quantum computing, with recommendations for awareness interventions and security hygiene measures to empower end users and facilitate incident response while ensuring IoMT benefits don't compromise patient safety and privacy.

Saheed and Arowolo [8], the objective was to demonstrate how a deep recurrent neural network (DRNN) and supervised machine learning models (random forest, decision tree, KNN, and ridge classifier) can be utilized to develop an efficient and effective intrusion detection system (IDS) in the Internet of Medical Things (IoMT) environment for classifying and forecasting unexpected cyber threats. The methodology involved preprocessing and normalization of network data, followed by feature optimization using a bio-inspired particle swarm algorithm, and conducting a thorough evaluation of experiments using DRNN and other supervised machine learning models on standard intrusion detection datasets. The findings established through rigorous testing that the proposed supervised machine learning model outperforms existing approaches with an accuracy of 99.76% in detecting and classifying cyber threats in IoMT environments, demonstrating effectiveness against security challenges such as remote hijacking, impersonation, denial of service attacks, password guessing, and man-in-the-middle attacks that threaten the IoMT ecosystem.

Elsayeh et al. [9], The objective was to develop a combined security architecture that fuses standard architecture with new blockchain technology to ensure secure data transmission and storage in Internet of Medical Things (IoMT) systems, particularly for healthcare providers like private clinics, hospitals, and healthcare organizations that require secure data sharing. The methodology involved examining the innovation behind blockchain technology and then proposing an IoMT-based security architecture utilizing blockchain to guarantee the security of information transmission between associated nodes, developing a method to collect vital signs data from IoMT and connected devices using standard in-depth strategy combined with blockchain for secure and decentralized data storage and retrieval within a closed system suitable for healthcare environments. The findings from experimental analysis showed that the proposed scheme presents non-significant overhead while bringing major advantages to meet standard security and privacy requirements in IoMT, demonstrating that blockchain's tamper-resistant digital ledger capabilities can provide peer-to-peer communication and facilitate secure communication between non-trust individuals, effectively addressing the challenge of keeping large amounts of continuously developing IoMT data secure while enabling safe transfer to third parties such as cloud systems for future use.

Razdan and Sharma [10], the objective of the paper is to explore the integration of Internet of Things (IoT) with medical devices, forming the Internet of Medical Things (IoMT), and to present how this integration can enhance patient comfort, reduce costs, and enable faster and more personalized healthcare. The methodology involves a conceptual analysis beginning with an introduction to IoMT, followed by the development of an IoMT architectural model. It then maps existing healthcare operations onto this architecture and investigates the role of emerging technologies—such as Physically Unclonable Functions (PUF), Blockchain, Artificial Intelligence (AI), and Software-Defined Networking (SDN)—in addressing key challenges like security, privacy, accuracy, and performance in e-healthcare. The paper includes three illustrative case studies: PUF-based authentication, AI-enabled SDN-assisted e-healthcare, and a Blockchain-assisted patient-centric system. The findings suggest that these innovative technological solutions have significant potential to accelerate the development and effectiveness of IoMT infrastructure in line with evolving healthcare needs.

Kakhi et al. [11], The objective of the paper is to explore the integration of Artificial Intelligence (AI) with the Internet of Medical Things (IoMT) to enhance the efficiency and cost-effectiveness of healthcare services, particularly in the context of remote medical care. The methodology involves a comprehensive literature review of recent research articles, technological developments, and hardware requirements related to AI-powered IoMT solutions. The paper also examines wearable medical devices (WMDs), classifying them based on technology and analysing their market share and projected growth for the first time. The findings underscore AI’s critical role in enabling remote disease diagnosis and chronic disease monitoring through IoMT, leading to lower healthcare costs and improved service quality. Additionally, the paper presents a categorized overview of common AI applications in IoMT, outlines the benefits and challenges of implementing such technologies, and concludes with future research directions.

Hasan et al. [12], The objective was to identify threats that could undermine the integrity, privacy, and security of Internet of Medical Things (IoMT) systems, and explore novel blockchain-based approaches that can help improve the confidentiality of IoMT networks, particularly in the context of 5G-based AI technology that can revolutionize healthcare and lifestyle perceptions. The methodology involved reviewing recent advancements in IoT embedded systems, wireless networks, and biosensors that have assisted in the rapid development of implanting wearable sensors, as well as examining IoMT applications as an ecosystem of connected clinical systems, computing systems, and medical sensors aimed at improving healthcare service quality. The findings discovered that IoMT is vulnerable to various types of attacks including denial of service (DoS), malware, and eavesdropping attacks, and is exposed to vulnerabilities related to security, privacy, and confidentiality; however, despite these multiple security threats, novel cryptographic techniques such as access control, identity authentication, and data encryption can help improve the security and reliability of IoMT devices, with blockchain-based approaches showing promise for enhancing network confidentiality.

Huang et al. [13], The objective of the paper is to provide a comprehensive review of the Internet of Medical Things (IoMT), highlighting its conceptual foundation, deployment domains, technologies, and diverse medical applications such as smart hospitals, remote health monitoring, disease diagnosis, and infectious disease tracking. The methodology involves a theoretical and literature-based review, supported by over one hundred representative references and practical examples, to analyse how smart devices like wearable sensors and medical instruments collect and transmit health data for enhanced medical decision-making. The findings emphasize that IoMT significantly contributes to the development of connected healthcare systems by enabling efficient data collection, processing, and analysis, ultimately improving patient care. The paper also presents a forward-looking discussion on current challenges and future directions, aiming to assist a broad audience—including researchers, healthcare administrators, policymakers, and industry newcomers—in understanding and advancing IoMT implementation.

Ameen et al. [14], The objective was to summarize previous research in the Internet of Medical Things (IoMT) and discuss the roles of artificial intelligence (AI), blockchain (BC), and cybersecurity in IoMT, as well as examine the problems, opportunities, and research directions in this field through a comprehensive literature review. The methodology involved conducting a comprehensive literature review to analyse the integration of AI, BC, and cybersecurity technologies in IoMT systems, focusing on their roles, challenges, and potential applications in healthcare. The findings revealed that while combining blockchain technology with artificial intelligence can create a safer IoMT environment to address privacy and security challenges faced by healthcare centres and patients due to cyberattack vulnerabilities, current systems remain costly and still suffer from security and privacy problems; the review identified integration schemes of AI, BC, and cybersecurity technologies that can support the development of new decentralized healthcare systems, while also documenting the strengths and weaknesses of these technologies along with the datasets they utilize.

Alkatheiri and Alghamdi [15], the objective was to propose a Blockchain-Assisted Cybersecurity (BCCS) system for the Internet of Medical Things (IoMT) in the healthcare industry to maintain all data safely and securely within the rapidly growing big-data platform, utilizing blockchain's decentralized digital ledger capabilities to enable end-to-end communication and provide interaction between untrustworthy persons in healthcare environments. The methodology involved using a conventional in-depth approach combined with blockchain technology to create a procedure for collecting medical information from IoMT and integrated devices, utilizing blockchain to record and extract accumulated information in a secure and distributed manner within a closed environment suitable for healthcare professionals such as nursing homes, hospitals, and healthcare industry where data exchange is needed. The findings from experimental outcomes demonstrated that the proposed BCCS system achieved a high security rate of 99.8% and the lowest latency rate of 4.3% compared to traditional approaches, with an overall reliability rate of 99.4%, effectively addressing the critical need to maintain IoMT data safely and securely while facilitating monitoring and checking of patient medical information before transferring data to cloud networks for future use.

Yazid [16], the objective was to identify and analyse the key cybersecurity and privacy issues associated with the Internet of Medical Things (IoMT) and provide recommendations for healthcare providers and device manufacturers to address these issues, recognizing that increased connectivity brings increased risk of cybersecurity and privacy problems despite IoMT's potential to revolutionize healthcare through real-time health information, remote monitoring, and improved treatment options. The methodology involved conducting a research study that examined various cybersecurity risks and vulnerabilities in IoMT systems, analysing data breaches, device vulnerabilities, encryption gaps, insider threats, and regulatory compliance challenges to develop comprehensive recommendations for risk mitigation. The findings identified five significant cybersecurity risks: data breaches involving sensitive medical data valuable to hackers for identity theft and insurance fraud, vulnerable devices not designed with security in mind that hackers can exploit, lack of encryption leaving data vulnerable to interception, insider threats from healthcare employees who may accidentally or intentionally leak sensitive data, and regulatory compliance challenges with HIPAA and GDPR that can result in fines and legal penalties; the study recommended implementing strong authentication and access controls, using encryption technologies like SSL and TLS, regularly updating and patching devices, training employees on cybersecurity best practices, implementing role-based access control, conducting security awareness training, using auditing and monitoring tools, and prioritizing cybersecurity and regulatory compliance in the design, implementation, and maintenance of IoMT systems.

Vijayakumar et al. [17], The objective was to develop a resilient cyber-attack detection system in the Internet of Health Things (IoHT) environment for mitigating security risks and preventing IoHT devices from becoming exposed to cyber-attacks, recognizing that IoHT devices and applications have become extensively vulnerable to cyber-attacks due to their small size and heterogeneous nature, which is doubly significant in healthcare domain applications. The methodology involved building a deep neural network-based cyber-attack detection system by employing artificial intelligence on the latest ECU-IoHT dataset to uncover cyber-attacks in the IoHT environment, utilizing deep learning techniques for anomaly detection to address the growing vulnerability of rapidly expanding IoHT devices and applications. The findings demonstrated that the proposed deep neural network system achieved superior performance with an average accuracy of 99.85%, an average area under receiver operator characteristic curve of 0.99, and a false positive rate of 0.01, with experimental results showing that the proposed system attains a higher detection rate than existing methods, effectively addressing the critical need for cybersecurity in IoHT devices that provide electronic healthcare services and have the capacity to increase the quality of patient care in day-to-day life.

Bughio et al. [18], The objective was to address a significant gap in existing literature regarding a comprehensive ontology for vulnerabilities in medical IoT devices by proposing a fundamental domain ontology named MIoT (Medical Internet of Things) ontology, focusing on cybersecurity in IoMT (Internet of Medical Things), particularly in remote patient monitoring settings, to establish semantic interoperability among medical devices and secure IoMT assets from vulnerabilities and cyberattacks. The methodology involved utilizing the knowledge engineering methodology outlined in Ontology Development 101 along with the structured life cycle to develop the MIoT ontology, defining key concepts and relationships to understand and analyse the complex network of information within IoMT, capturing essential key terms and security-related entities, deriving a conceptual model from the MIoT ontology, and validating it through a case study. The findings demonstrated that the MIoT ontology successfully establishes semantic interoperability among medical devices, making it easier to understand and analyse IoMT networks while addressing data security and interoperability challenges faced by IoMT systems that integrate medical devices for real-time data analysis and transmission, with the research also outlining a roadmap for future research and highlighting potential impacts on security automation in healthcare applications.

Ksibi et al. [19], The objective was to address the urgent need for smart and efficient security solutions in Internet of Medical Things (IoMT) environments by conducting an in-depth study of security concerns and introducing a framework to enhance trustworthiness and support decision making within IoMT environments, recognizing that existing traditional models are no longer convenient and unsuitable to address the various security risks created by the complexity and heterogeneity of data and technology in IoMT communications. The methodology involved reviewing popular risk assessment and management approaches and discussing their suitability to the IoMT context, identifying main shortcomings inherent to complex architecture, lack of automation, and numerous stakeholders with different security needs and skills, then developing a solution that relies on a fine-grained approach for managing associated risks with regard to different areas of focus and common risk factors using a Machine Learning (ML)-based anomaly detection model and a hybrid Risk Assessment (RA) model to evaluate cumulative IoMT risk. The findings demonstrated that the proposed framework achieved competitive results compared to state-of-the-art ML models for detecting intrusions in IoT/IoMT systems, obtaining an accuracy rate of 100% with some algorithms, effectively addressing security and privacy problems raised by Connected Medical Devices (CMD) and the exploitation of crucial vulnerabilities by malicious users in IoMT applications, networks, and devices, with a use case presented to highlight the efficiency of the proposal in enhancing security for smart technologies integrated into medical devices for better monitoring of disease progression and patient tracking.

Khan et al. [20], the objective was to address significant issues in modern healthcare settings related to complex applicational connectedness, heterogeneity, integrity, privacy protection, security, provenance, and massive volume of everyday media data by developing a novel interoperable technique that resolves three main problems: seamless data integrity, peer-to-peer communication between nodes, and infrastructure security in AI-enabled healthcare environments. The methodology involved integrating blockchain technology for distributed storage data organization, sharing, and exchange with AI-enabled machine learning models, particularly support vector machines, to provide decentralized, secure, economical resource optimization and intelligent network activities and organization, utilizing simulation-based evaluation across three areas: infrastructure security for automated decision-making protection, integrity between smooth data sharing and exchange, and network resource optimization for smooth communication across heterogeneous devices. The findings demonstrated that the proposed novel interoperable architecture achieved unique results with significant improvements showing huge differences of 1.37%, 1.56%, and 1.87% respectively across the three evaluation areas, effectively addressing the complex challenges of end-to-end device interconnectivity, resource organization, communication, networking, and application-related aspects in ICT environments while resolving issues with resource management, scalability, and data processing in distributed consortium networks through the integration of blockchain technology and machine learning models.

Selvamuthu et al. [21] investigates how health insurance schemes across diverse Asian populations influence access to secure IoMT-based healthcare services and the extent to which these schemes support cybersecurity investment and infrastructure for vulnerable communities. A mixed-method study combining a policy review of national health insurance programs in India, Indonesia, and the Philippines with qualitative interviews of 100 patients and 50 healthcare providers. The study reveals that while IoMT adoption is increasing in public and private healthcare facilities, its secure implementation is often constrained by insurance coverage gaps, digital illiteracy, and uneven infrastructure. National health insurance schemes rarely account for cybersecurity costs in IoMT maintenance, leaving patients exposed to risks like data breaches and faulty diagnostics. The authors recommend the inclusion of digital infrastructure and cybersecurity as reimbursable services under public insurance, arguing this would promote equity and reduce care disparities in digital healthcare.

Gopalan et al. [22] assesses the feasibility and impact of integrating IoMT-enabled biosensors and blockchain in monitoring food adulteration's effect on public health, particularly in India, where food contamination is a persistent issue. Case analysis of three smart healthcare systems in urban Indian hospitals using biosensor-linked ingestible IoMT devices to track toxin levels in patients, combined with interviews of food safety officials. IoMT devices equipped with smart biosensors detected elevated toxin levels related to food adulteration, triggering early medical interventions and public alerts via blockchain-based health registries. This application of IoMT improves both diagnosis speed and traceability of foodborne illnesses. The study concludes that cross-sector integration of food and health IoT systems can significantly reduce the long-term burden of adulterated food on healthcare systems, but it calls for robust privacy controls to prevent misuse of patient dietary data.

Gopalan et al. [23] analyses the legal complexities arising from cybersecurity breaches in IoMT-based telemedicine systems under Indian law, with a focus on liability in medical negligence cases. A doctrinal legal analysis using key statutes such as the Indian Medical Council Act, IT Act, and judgments from Indian courts on telemedicine and data breaches, supported by real-world case studies from Indian hospitals. The study finds that Indian legal frameworks are still evolving to handle liability related to IoMT-based malpractice. Courts have inconsistently applied negligence standards in cases involving data loss or device malfunction. A notable gap is the lack of clear statutory requirements for encryption and cybersecurity standards for IoMT devices in telemedicine consultations. The paper proposes legal reforms to mandate minimum cybersecurity compliance for IoMT vendors and liability protection mechanisms for patients, akin to product liability norms.

Vandana et al. [24] explores the synergistic integration of music therapy with IoMT-based mental health monitoring systems, aiming to provide a non-invasive, personalized, and secure treatment modality for psychological well-being. An interdisciplinary experimental study combining wearable EEG-based IoMT sensors with algorithm-driven music therapy sessions personalized by machine learning algorithms. The experiment was conducted on 120 patients diagnosed with mild to moderate depression across two digital mental health clinics. The results showed that real-time monitoring of neural responses through IoMT-enabled wearables combined with responsive music therapy significantly reduced anxiety and depressive symptoms over a 6-week period. Data privacy was maintained using edge computing and anonymized data encryption protocols. The authors advocate for the development of cybersecure IoMT platforms tailored to alternative medicine therapies, highlighting this approach as a low-risk, high-benefit adjunct to traditional mental health treatment.

The research methodology follows an empirical study that explores the cybersecurity threats and vulnerabilities in the Internet of Medical Things (IoMT) ecosystem, with a special focus on public perceptions, trust levels, and awareness regarding connected healthcare devices and their associated security risks. The research aims to assess public understanding of major cybersecurity threats in IoMT devices, identify the most vulnerable components within the IoMT ecosystem, evaluate the perceived frequency and impact of cyberattacks on medical devices, examine factors influencing public trust in connected healthcare devices, and understand public preferences for cybersecurity improvement strategies in healthcare technology. The study is based on a sample size of 206 structured responses collected through a Google Forms-based survey circulated among the general public, using convenient sampling methods to target respondents with varying demographic backgrounds and educational qualifications. The independent variables in this study include demographic factors such as age (18-30, 31-40, 41-50, 51-60, above 60), gender (male, female, transgender), place of residence (urban, semi-urban, rural), and educational qualification (diploma, undergraduate, postgraduate, PhD/MPhil), which serve as categorical variables to analyse how different demographic groups perceive IoMT cybersecurity threats and vulnerabilities. The dependent variables include identification of major cybersecurity threats in IoMT devices (ransomware attacks, unauthorized access, data interception during transmission, software vulnerabilities, lack of encryption), perceived most vulnerable component in the IoMT ecosystem (device hardware, device firmware/software, network communication, cloud storage, mobile applications), frequency perception of cyberattacks on IoMT devices, agreement levels regarding life-threatening potential of cyberattacks, impact rating of data breaches on patient privacy, identification of potential patient harm from hacked devices, factors affecting public trust in connected healthcare devices, preferred approaches for improving IoMT cybersecurity, training necessity perceptions for healthcare professionals, and importance ratings for collaboration between healthcare providers and cybersecurity experts. The survey also measures specific trust factors, cybersecurity improvement preferences, and collaboration importance using Likert scales and rating systems to capture nuanced public opinions. The collected data will be analysed using statistical tools, including graphical representations, chi-square tests for association analysis, and descriptive statistics to identify key trends, patterns, and correlations between respondents' demographic characteristics and their perceptions of IoMT cybersecurity threats, vulnerabilities, and improvement strategies.

Cross Tabs (Table 1)

Null Hypothesis: There is no association between the respondents’ choice of most vulnerable component in Internet of medical Things and their educational qualification.

Alternative Hypothesis

There is an association between the respondents’ choice of most vulnerable component in Internet of medical Things and their educational qualification.

Chi-Square Test (Table 2)

The calculated p-value is 0.339. Since the p-value >0.05, the null hypothesis is accepted. So, there is no association between the respondents’ choice of most vulnerable component in Internet of medical Things and their educational qualification.

Figure 1 shows that software vulnerabilities are the most significant cybersecurity threat across all age groups, with the 51-60 age group reporting the highest concern (6.8%). Ransomware attacks show notable variation across age groups, with older adults (above 60) showing higher concerns (5.8%) compared to younger groups. Data interception during transmission and unauthorized access show relatively consistent patterns across age groups, with percentages ranging from 3.8% to 4.6%.

Figure 1: The distribution of major cybersecurity threats across different age groups

Figure 2 shows that cybersecurity threat perception varies significantly by place of residence. Ransomware attacks are most concerning in rural areas (9.7%), while software vulnerabilities show highest concern in rural areas (9.7%). Urban residents show greater concern for unauthorized access (5.8%) compared to rural (5.8%) and semi-urban (6.3%) residents. Data interception during transmission shows relatively consistent concern across all residential categories.

Figure 2: The distribution of major cybersecurity threats across different places of residence

Table 1: Educational qualification × Most vulnerable component (Crosstab)

Table 2: Chi-Square Tests

Note: 0 cells (0.0%) have expected count less than 5. The minimum expected count is 7.90.

Figure 3: The distribution of major cybersecurity threats across different educational qualifications

Figure 3 shows that educational qualification influences cybersecurity threat perception. Respondents with postgraduate education show highest concern for ransomware attacks (7.3%), while those with undergraduate degrees show greatest concern for software vulnerabilities (6.8%). Lack of encryption concerns are highest among diploma holders (4.9%), while unauthorized access concerns are relatively consistent across educational levels.

Figure 4 shows that cloud storage and device firmware/software are perceived as most vulnerable components across educational qualifications. Respondents with undergraduate degrees show highest concern for device firmware/software (8.7%), while those with postgraduate education show greatest concern for cloud storage (5.5%). Mobile applications and network communication show moderate vulnerability concerns across all educational levels.

Figure 4: The distribution of most vulnerable components across different educational qualifications

Figure 5 shows that vulnerability perceptions vary by residence. Urban residents show highest concern for cloud storage (10.7%), while rural residents show greatest concern for mobile applications (8.2%). Semi-urban residents show balanced concern across all components. Device hardware shows relatively consistent vulnerability ratings across residential categories.

Figure 6 shows that age influences vulnerability perception significantly. The 41-50 age group shows highest concern for device hardware (6.8%), while the 31-40 age group shows greatest concern for cloud storage (5.9%). Mobile applications show relatively consistent vulnerability concerns across age groups, with percentages ranging from 3.9% to 5.5%.

Figure 5: The distribution of most vulnerable components across different places of residence

Figure 6: The distribution of most vulnerable components across different age groups

Figure 7: The frequency of cyberattacks across different age groups

Figure 7 shows that cyberattack frequency varies by age group. The 31-40 age group reports highest frequency of attacks occurring "very frequently" (5.8%), while the 51-60 age group shows highest reports of "never" experiencing attacks (6.3%). Younger adults (18-30) show more balanced distribution across frequency categories.

Figure 8 shows that attack frequency patterns differ by residence. Urban residents report highest frequency of "never" experiencing attacks (9.2%), while rural residents show more distributed patterns across frequency categories. Semi-urban residents show intermediate patterns between rural and urban responses.

Figure 8: The frequency of cyberattacks across different places of residence

Figure 9 shows that educational qualification affects reported attack frequency. Respondents with postgraduate education report highest frequency of "never" experiencing attacks (9.2%), while those with undergraduate degrees show more varied frequency patterns. Diploma holders show relatively lower frequency of attacks across all categories.