Optimizing IoT Security for Hospital Applications

Authors

  • Mohd Ikram Husain Azad institute of Engineering & Technology, Lucknow
  • Ms Madhu Azad institute of Engineering & Technology, Lucknow
  • Dr Bassam Ali RR Institute of engineering & Technology, Lucknow

Keywords:

IoT, Healthcare, Remote monitoring, protected health information (PHI)

Abstract

This Paper contributes to the development of a structured and objective methodology for assessing and comparing IoT device security in healthcare environments. It also recommends security practices including network segmentation, biometric authentication, and the implementation of IT asset management (ITAM) solutions

The exponential adoption of Internet of Things (IoT) devices in the healthcare sector has revolutionized medical diagnostics, treatment, and patient monitoring. However, this connectivity introduces significant cyber security challenges due to the sensitive nature of the data involved and the heterogeneity of device architectures. This study investigates the critical security concerns in IoT-based healthcare systems, focusing on threats such as data breaches, unauthorized access, malware attacks, and vulnerabilities arising from inadequate device security. The research underscores the importance of protecting Confidentiality, Integrity, and Availability (CIA) of data, as healthcare data is highly valuable and regulated under strict compliance frameworks like HIPAA.

To systematically evaluate the security of IoT medical devices, the study proposes a Fuzzy Analytic Hierarchy Process (FAHP)-based multi-criteria decision-making model. This model integrates expert judgments to assess five key security attributes: confidentiality, integrity, availability, authentication, and authorization. Six device alternatives were analyzed using fuzzy logic to quantify subjective assessments and reduce bias. The results identified the most secure device alternative (D6) based on its highest closeness coefficient to the ideal security profile.

References

T. Yaqoob, H. Abbasand and M. Atiquzzaman, “Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices-a review,” IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723-3768, 2019.

K. Sahu, F. A. Alzahrani, R. K. Srivastava and R. Kumar, “Hesitant fuzzy sets based symmetrical model of decision-making for estimating the durability of web application,” Symmetry, vol. 12, no. 6, pp. 1770-1792, 2020. 36

A. Algarni, M. Ahmad, A. Attaallah, A. Agrawal, R. Kumar et al., “A hybrid fuzzy rulebased multi-criteria framework for security assessment of medical device software,” International Journal of Intelligent Engineering and Systems, vol. 13, no. 5, pp. 51-62, 2020.

A. Algarni, A. Attaallah, M. Ahmad, A. Agrawal, R. Kumar et al., “A fuzzy multi-objective covering-based security quantification model for mitigating risk of web based medical image processing system,” International Journal of Advanced Computer Science and Applications, vol. 11, no. 1, pp. 481-489, 2020.

C. Bresch, S. Chollet and D. Hely, “Towards an inherently secure run-time environment for medical devices,” in Proc. IEEE International Congress on Internet of Things, San Francisco, USA, pp. 140-147, 2018. [Online]. Available: https://hal.archivesouvertes.fr/hal-01898660.

N. Christoulakis, G. Christou, E. Athanasopoulos and S. Ioannidis, “HCFI: hardwareenforced control-flow integrity,” in Proc. Sixth ACM Conference on Data and Application Security and Privacy, New York, NY, USA, 38–49, 2016. DOI: https://doi.org/10.1145/2857705.2857722.

A. I. Newaz, A. K. Sikder, L. Babunand and A. S. Uluagac, “HEKA: a novel intrusion detection system for attacks to personal medical devices,” in Proc. 2020 IEEE Conference on Communications and Network Security, Avignon, France, pp. 1-9, 2020. DOI: 10.1109/CNS48642.2020.9162311.

L. Zhou and Y. Makris, “HAFIX: hardware-assisted flow integrity extension,” in Proc. 52nd Annual Design Automation Conference, San Francisco, CA, USA. pp. 1550-1555, 2015. [Online]. Available: https://dl.acm.org/doi/10.5555/3130379.3130740.

S. Gao and G. Thamilarasu, “Machine-learning classifiers for security in connected medical devices,” in Proc. 2017 26th International Conference on Computer Communication and Networks, Vancouver, BC, Canada, pp. 1-5, 2017. DOI: 10.1109/ICCCN.2017.8038507.

D. Halperin, T. S. H. Benjamin, B. Ransford, S. S. Clark, B. Defend et al., “Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses,” in Proc. IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 129-142, 2008. DOI: 10.1109/SP.2008.31.

C. Li, A. Raghunathan and N. Jha, “Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system,” in Proc. 2011IEEE 13th International Conference on e-Health Networking, Applications and Services, Columbia, MO, USA, pp. 150–156, 2011. DOI: 10.1109/HEALTH.2011.6026732.

H. Almohri, L. Cheng, D. Yao and M. Alemzadeh, “On threat modeling and mitigation of medical cyber-physical systems,” in Proc. IEEE/ACM International Conference on Connected Health: Applications, System, Philadelphia, PA, USA, pp. 114-119, 2017. DOI: 10.1109/CHASE.2017.69.

Confickered! Medical Devices and Digital Medical Records are Getting Hacked. MassDevice, 2009. [Online]. Available: https://www.massdevice.com/confickered-medicaldevices-and-digital-medical-records-are-getting-hacked/.

NoMoreClipboard Notice to Individuals of a Data Security Compromise. Business Wire, 2015. [Online]. Available: https://www.businesswire.com/news/home/20150610005964/en/NoMoreClipboard-Noticeto-Individuals-of-a-Data-Security-Compromise.

Medical Devices: FDA Should Expand Its Consideration of Information Security for Certain Types of Devices. GAO: U. S. Government Accountability Office, 2012. [Online]. Available: https://www.gao.gov/products/GAO-12-816.

FDA's Role in Regulating Medical Devices. U. S. Food & Drug Administration, 2018. [Online]. Available: https://www.fda.gov/medical-devices/home-use-devices/fdas-roleregulating-medical-devices.

Y. Xu, D. Tran, Y. Tian and H. Alemzadeh, “Poster abstract: analysis of cyber-security vulnerabilities of interconnected medical devices,” in Proc. 2019 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, Arlington, VA, USA, pp. 23-24, 2019. DOI: 10.1109/CHASE48038.2019.00017.

W. Alhakami, A. Baz, H. Alhakami, M. Ahmad, R. A. Khan, “Healthcare Device Security: Insights and Implications,” Intelligent Automation and Soft Computing, vol. 27, no. 2, pp. 409-424. 2020.

T. Bonaci, J. Yan, J. Herron, T. Kohnoand and H. J. Chizeck, “Experimental analysis of denial-of-service attacks on tele operated robotic systems,” in Proc. ACM/IEEE Sixth International Conference on Cyber-Physical Systems, New York, NY, USA, pp. 11–20, 2015. DOI: https://doi.org/10.1145/2735960.2735980.

A. Rayand and C. Rance, “An analysis method for medical device security,” in Proc. Symposium and Bootcamp on the Science of Security, New York, NY, USA, Article 16, pp. 1–2, 2014. DOI:

Downloads

Published

2025-08-20

How to Cite

Husain, M. I., Ms Madhu, & Ali, D. B. (2025). Optimizing IoT Security for Hospital Applications. iJournals:International Journal of Software & Hardware Research in Engineering ISSN:2347-4890, 13(4). Retrieved from https://ijournals.in/journal/index.php/ijshre/article/view/371

Issue

Vol. 13 No. 4 (2025): IJSHRE Volume 13 Issue 4

Section

Articles