IoT Health Devices: Exploring Security Risks in the Connected Landscape

: The concept of the Internet of Things (IoT) spans decades, and the same can be said for its inclusion in healthcare. The IoT is an attractive target in medicine; it offers considerable potential in expanding care. However, the application of the IoT in healthcare is fraught with an array of challenges


Introduction
The Internet of Things (IoT) has been steadily rolled out to numerous devices worldwide since the mid-late 2000s, starting largely with benign consumer items and increasingly into more sensitive areas, including healthcare, transportation, and more sensitive services [1]. With the inclusion of the IoT into healthcare, significant gains were realized in that patients experienced ease in reporting their health status [2,3]. In some cases, those confined gained autonomy [2,3]. This applies to institutions adopting the IoT, gradual, sparing legislation adopted in the past 20 years to fast-track and improve the digitalization and reporting of medical information. It has not been just healthcare facilities that have boomed with IoT adoption. Modern labs, warehouses, schools, transport equipment, and agricultural plots use IoT devices in the 21st century [4], and these remain critical in consideration of healthcare impacts as their inputs and interactions impact operations. However, consumers and institutions alike have raised significant concerns about the continued digitalization of healthcare. The issues causing these concerns have occurred, from simple oversights in design to complex implementations of IoT health devices (IoTHDs). These have been accompanied by the discovery of numerous security vulnerabilities and high volumes of attacks that have been carried out [5][6][7][8][9][10][11][12][13][14]. Vulnerabilities in IoTHD design and implementation pose immediate data-based threats. These threats include mass data leaks, IoT 2023, 4 improper forwarding of data, and sometimes even indirectly disrupting the operation of other connected devices through a lack of communication or coordination [15][16][17]. We found vulnerabilities in production-scale and patched devices that have stored data in unencrypted, non-proprietary, and easy-to-access formats. However, it is worth noting that proprietary formats can frustrate open-source efforts and are usually financially motivated but more secure. Alternatively, some vulnerabilities leak access to other connected devices, which is problematic for any roll-out [17]. Relating to attacks, an increasing amount of health and manufacturing infrastructure has been open [17,18] and subject to attacks, such as Advanced Persistent Threats (APTs), ransomware, trojans, worms, and loggers [19]. These persistent problems within the IoTHD supply chain and health chain of actions pose numerous threats to patient health, caregiver service, and national security. Strielkina et al. [15] noted the significant problems networked devices posed, including random failures, privacy compromise, and deliberate operations disruptions.
This paper examines the architecture components of IoTHD systems dissected in terms of devices, connected software technologies, the backbone infrastructure, and the individuals involved-IoTHD stakeholders. The discussion of the devices targets medical imaging, medical sensors (used to derive data from being taken advantage of and facilitate processes in modern healthcare), external and implanted devices, and virtual home assistants. The software discussion is split between legacy systems and AI-based software technologies that enable functions within these IoTHDs. The infrastructure discussion covers the communication and application backbone relevant to achieving medical services. Lastly, using IoTHDs requires a discussion of the relevant people and communities. These refer to nation-state actors, healthcare facility personnel, and independent and unorthodox communities. With knowledge of the landscape, we explore the vulnerabilities in healthcare infrastructure as a subset of the international bioeconomy through the lens of IoTHDs. We discuss the components of IoTHDs, vulnerabilities and threats leading to security risks, and control suggestions to address the security risks in IoTHDs. We propose and apply a multi-layer approach to IoTHD security risk management as a beneficial method to facilitate end-to-end security in IoTHDs.
Lastly, we discuss the purpose of modern and emerging IoTHDs. Understanding this allows for an enhanced understanding of emerging and future vulnerabilities and threats, i.e., theoretical threat classification due to emerging IoTHD issues (in terms of novel attack/defense topologies, emerging social dynamics around devices, neuro-link adjacent devices, brain-computer interfaces, and wearable and minimally invasive device vulnerabilities) and practical examples with a case report in the literature. Following this, we discuss future IoTHD controls/countermeasures considerations in terms of device and culture design, practices and training, and innovations to introduce as relating to 4th industrial revolution (4IR) technologies (relating to AI, blockchain, and others that assist toward automation), applications of state defense in the vein of defend forward, and business opportunities that can be capitalized upon by enterprising minds. Overall, this condensed survey and exploration paper will be a valuable tool for anyone concerned with the security of IoTHDs and their potential impact on healthcare and other sectors. We believe that our paper can contribute to navigating the complexities and potential risks of IoTHDs and those that emerge from them.

IoT Healthcare Components
IoTHDs are gaining popularity in healthcare. Some are legacy devices that do not immediately have IoTHD features that can be retrofitted, but many are newly manufactured devices that automatically have IoT functionality that can be embedded. Covering important common assets they produce in processing patient phenomena is also important. According to the literature, over half of the IoTHDs have critical security vulnerabilities [20,21]. Before enumerating the vulnerabilities of these devices and the future directions of IoTHDs, we define the different types of IoTHDs that we focus on in this paper.

IoT System High-Level Architecture
In the literature, the extent of the reference architecture used for IoT systems in healthcare examines layered models. The architecture of the IoT in healthcare essentially consists of three (3) basic layers consisting of the perception, network, and application layers [22,23]. Fundamentally, medical information is collected from networked medical devices and wearable or implanted sensors and is transmitted through communication infrastructures to relevant end-users through software applications for monitoring and taking appropriate action. We summarize the high-level architecture of IoT components in healthcare. This is visualized in Figure 1.  [44,45]. This is made possible because IoT technologies have grown rapidly, and thus ubiquitous sensing is available by wearable devices worn by the user that interconnect wearable sensors through wireless connections [46,47]. For example, vital sign patches to wirelessly track and monitor heart rate, respiration rate, temperature, step count, sleep cycle, stress levels, and falls or incapacitation; wireless electrocardiogram monitors [48]; smartwatches and Fitbits (to track activity, heart rate, and sleep patterns); fall detectors, such as iFall (a wearable accelerometer that communicates with a smartphone and the cloud), to detect and respond to patient falls [49]; wearable blood pressure monitors [50]; neural sensors to read and understand neural brain signals and to infer the state of the brain [51]; and finger pulse oximeters to measure oxygen saturation levels in the blood [52]. With the criticality of these devices to patient diagnosis, injecting or removing sensing data can also cause a significant misdiagnosis. However, a lot of these devices have notably poor signal quality already. For instance, wrist-mounted pulse oximeter devices are regularly off by a large margin when addressing patients with darker skin tones [52]. Devices like these require additional reevaluation on top of their potential to leak data. This presents a possible compound disruption to the quality of care in analogously deficient devices. As a result, disruptions can further impede the reliability of healthcare operations. Thus, future healthcare sectors must ensure that medical sensing data are secure.

Implanted Medical Devices
As micro-electromechanical systems (MEMS) have grown significantly, researchers have made inroads to propose medical devices that can be implanted into human bodies-yet popular acceptance of these devices may be many years away. This is to say nothing of the current reliability of these devices, which may be low. Numerous brain-machine interfaces aim to communicate with neural signals of human brains to treat disease conditions that are currently difficult to treat reliably [53][54][55][56]. Likewise, implanted medical devices not only stay in human bodies but will eventually be parts of live devices that can transmit data outside the body [57]. For example, for digital (smart) medications, an ingestible sensor (a microfabricated sensor made from copper, magnesium, and silicon, in minute quantities) can communicate with an external body sensor, such as a wearable sensor patch [23].
In this regard, there are multiple vulnerabilities in using such implanted medical devices [58]. For example, authentication methods on implanted medical devices are an especially pertinent topic [59]. It is also important to consume battery power more efficiently [58]. Implanted devices can be hacked to consume inefficiently and reduce user life quality. In addition, data availability, integrity, and confidentiality should always be available to the users [60]. By doing this, healthcare professionals can better manage the implanted devices.

Virtual Medical Home Assistants
As discussed earlier, advanced IoT technologies can enable patients to be treated at home. Virtual medical home assistants could be part of healthcare [16,[61][62][63]. For example, continuous glucose monitors and smart insulin pens (which track dose and time and recommend the correct type of insulin to use) [64]; sleep trackers; home security cameras; and voice assistants can also be part of healthcare components because they generate medical information, e.g., fall events, and transmit them to off-site data storage facilities [65,66]. These devices can be used at home for remotely monitoring patients' biomedical status remotely [16].
Specifically, smart voice assistants (also known as conversation agents) installed in the home setting can support users through conversations, answer specific health-related questions without human contact, and collect data for screening and remote patient monitoring [67]. Product designers, security experts, human factors engineers, and regulators might benefit from considering how the lexicon might affect voice assistants. For example, they might want to consider how people of different backgrounds/incomes would talk to a doctor and (presumably) a voice assistant differently. Considerations within this space might help expose additional vulnerabilities in device operation.
Additionally, health robots can be applied to support the detection of unhealthy behaviors, manage medication use, and assist in rehabilitation therapies [68].
Overall, the definition of healthcare input data has expanded substantially. Accordingly, healthcare should protect these wide scopes of input data from malicious adversaries [14,[69][70][71][72]. As healthcare organizations become more distributed in treating and observing patients, they represent wider attack surfaces.

IoT Healthcare Supporting Technologies
Various software components and infrastructure technologies support IoTHDs to function effectively.

IoTHD Software Components
Software components are crucial in enabling various functionalities and facilitating communication among different devices and systems, and they need to be designed, developed, and tested with security in mind. Healthcare facilities can choose from a wide variety of healthcare software programs. Each choice requires high-quality security implementations to secure patient data and medical facilities. IT solutions in healthcare support medical professionals by automating manual workflow or supporting medical workers wherever they work. Most software gathers patient information to coordinate the best care among qualified healthcare providers. The Electronic Health Record Software (EHR) and Electronic Medical Record Software (EMR) are the most used healthcare software. These are the gateways for both patients and providers. Other medical software currently available includes Medical Diagnosis Software, which enables the real-time transmission of information between providers, medical databases, visualization and imaging, medical research, tele-health and telemedicine, and patient engagement software [73]. Software for the healthcare industry is not currently standardized. Even at its best, some of the current healthcare software is cumbersome. The user experience was not prioritized in the design of the system interface. Although EHR is intended to simplify the process, it can be compromised. As a result, hackers are free to take patient data and hold it hostage while exploiting it to make money. Some hospitals still use paper medical records because they have not fully migrated to EHR. Teaching hospital employees the best ways to secure patient data throughout these changes is crucial. As secure as any software is, medical professionals will continue making human errors in healthcare. The medical software should be a backup to the provider to provide the best possible care.
Healthcare systems have also used outdated legacy software that is still in use due to its critical functionality but is often no longer supported by the manufacturers, making them vulnerable to security risks and compatibility issues. One major challenge with legacy software in IoT healthcare device systems is the potential for security vulnerabilities. These software components no longer receive updates and patches, making them susceptible to cyberattacks that exploit known vulnerabilities. This could result in compromised sensitive patient data or the device, potentially harming patients [34,74,75]. Another issue with legacy software is compatibility. As new technologies and systems are developed, legacy software may no longer be compatible with newer hardware or software. This can create issues when integrating older devices into new systems or upgrading existing ones. It is also important to note that in some cases, healthcare organizations may be required to continue using legacy software due to regulatory or compliance requirements.
AI-based software also benefits IoTHDs. AI can read available EMR data, including medical history, physicals, laboratory reports, imaging, and medications, and contextualize these data to generate treatment and/or diagnosis decisions and/or possibilities. Further, it can interpret data from various sources. For example, IBM Watson uses AI to read both structured and unstructured text in EMR, to read images to highlight primary and incidental findings, and to compile relevant medical literature in response to clinical queries [39]. IoT-based healthcare and deep machine learning can assist health professionals in seeing the unseeable and providing new and enhanced diagnostic capabilities. Although diagnostic confidence may never reach 100%, combining machines and clinician expertise reliably enhances system performance. For example, compared with the diagnostic evaluation by 54 ophthalmologists and senior residents, applying AI to retinal images improved the detection and grading of diabetic retinopathy and macular edema, achieving high specificity (98%) and sensitivity (90%) [76]. AI and deep learning can also optimize disease management, provide big data and analysis generated from mHealth apps and IoT devices, and are seeing adoption in healthcare [77]. Some examples of this include predicting risk, future medical outcomes, and care decisions in diabetes and mental health [78] and predicting the progression of congestive heart failure [79,80], bone disease [81], Alzheimer disease [82], and benign and malignant tumor classification [83]. However, AI-based threats are new and emerging. These threats used machine learning techniques to rapidly and comprehensively learn new vulnerabilities and attack routes. A recent survey [84] listed actual and possible frameworks that can attack devices, software, and other assets in health security.

IoTHD Supporting Infrastructure
Backbone infrastructures are critical in ensuring IoTHDs function effectively, securely, and reliably.
IoTHDs generate massive amounts of data that need to be processed and analyzed in real time, where cloud computing infrastructure provides the necessary processing power and storage capacity to handle this data. However, with more cloud apps entering the health market, it is just as important that an evidence base supports its effectiveness and safety and can deal with the security of health data and the reliability and transparency of that data by third parties. Furthermore, it has been suggested that centralized cloud storage will present issues in the future to users, such as excessive data accumulation and latency, because of the distance between IoT devices and data centers.
IoTHDs require a reliable and secure communication infrastructure to transmit data between devices, servers, and other systems. This infrastructure includes wired and wireless networks, protocols, and communication standards. Communicated healthcare data are often stored on a local machine (often decentralized) or turned over to a central hospital repository. Cloud-based computing to support the delivery of health services has many benefits, as it is ubiquitous, flexible, and scalable in terms of data acquisition, storage, and transmission between devices connected to the cloud [66]. The use of the cloud can be foreseen to support data-intensive electronic medical records (EMRs), patient portals, medical IoT devices (which can include smartphone apps), and the big data analytics driving decision support systems and therapeutic strategies [85].
Decentralized data processing and networking approaches may improve the scalability of the IoT in healthcare. Edge cloud is a newer cloud computing concept that allows IoT sensors and network gateways to process and analyze data themselves (i.e., at the edge) in a decentralized fashion, reducing the amount of data required to be communicated and managed at a centralized location [31,86]. Similarly, blockchain storage uses a decentralized approach to data storage, creating independent blocks containing individual sets of information, forming a dependent link in a collective block, and creating a network regulated by patients rather than a third party [87]. However, the usage of blockchain is minimal for now. There are examples of platforms engineering blockchain for medical practice already [20,87]; however, research on edge clouds and blockchains in healthcare is still limited and is an important area for future research.

IoT Healthcare Stakeholders
Individuals must interface with IoTHDs on the front end (usually the Graphical User Interface (GUI)) and back end (usually through medical infrastructure). We focus on patients and patient family members, healthcare personnel, and IoTHD developers as they have security impacts on IoTHDs and their related assets.

Patients and Related Family Members
Patients and their related family members have a tremendous role in accessing and advocating for quality care. It is important to consider the modes of care and the communication platforms (smartphone vs. hospital-owned medical device(s)). Healthcare security professionals should consider wide scenarios at play with the transmission of hospital information. For example, upon obtaining acceptance from the patient, or even the patient themself on their smartphone, family members will communicate healthcare details differently.

Healthcare Personnel
We discuss healthcare personnel in degrees of contact with patients. First-degree personnel commonly include physicians, nurses, students, receptionists, phlebotomists, technicians, surgeons, scribes, emergency response doctors, janitors, security workers, and administrators. Contract workers who may be involved with security, the transportation of materials, information technology staff, and guest scientists or collaborators make up second-degree personnel. Third-degree personnel can work with or associate with second-degree personnel or are unpaid, such as students, volunteers, patient visitors, and police officers, in limited cases of needed operation, participation, and agency.

IoTHD Manufacturers
IoTHD manufacturers cover all those in charge of building, configuring, and maintaining IoTHDs. IoTHD manufacturers can introduce security issues during device manufacturing cycles and should similarly sharpen the protection of their most critical manufactured assets. These include tighter protocols, vetting, and minimization of interactions with core IP assets, offline backups, networking segmentation, web filtering, etc. [88]. Additionally, IoTHD manufacturers should assume they are already targets and be aware of phishing attacks [88].

Security Risk Management
To study the security aspects and possible risks with IoTHDs, we apply information systems security risk management (ISSRM) concepts, defined by Dubois et al. [89], that define the asset, risk, and risk treatment-related concepts to guide security risk management. We selected the ISSRM method because it supported systematic asset identification and functional decomposition of the system [90,91] when compared to other risk management methods used for IoT systems, such as NIST (National Institute of Standards and Technology) [92], OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation Method) [93], and TARA (Threat Assessment and Remediation Analysis) [94]. Affia et al. [95] provides a more detailed comparison of these methods. We also follow a threat-driven approach to security risk management [96], developed in line with the ISSRM method, to provide security threat analysis support benefits, including threat and risk treatment coverage, by leveraging the STRIDE method. We explore major concepts of the ISSRM method below: • Asset-related concepts-identify relevant assets for security risk analysis. It describes the business assets-that represent information, data, and processes that bring value to an organization-and system assets-that support business assets to protect. Assetrelated concepts also describe the security criteria (in terms of confidentiality, integrity, and availability) that define the security needs of the assets [89]. • Risk-related concepts-illustrate the vulnerability, threat agent, threats, and risk impact analysis of the assets in scope. A security risk is a combination of a security event and its impact (negation of the security criterion), harming business and system assets. A vulnerability is a characteristic of system assets, constituting its flaws-an implementation defect that can lead to a vulnerability [89]. A threat agent refers to an entity that has the potential to cause damage to information system assets, thereby initiating a threat and becoming the origin of a risk. Typically, a threat agent is identified by their motivation, skills, capability, knowledge, available resources, and opportunity to carry out an attack [89,97]. A threat event is a component of security risk that occurs when a threat targets system assets and exploits their vulnerability. The STRIDE method [98] can then be used for security threat analysis [96]. The abbreviation STRIDE stands for spoofing (S)-pretending to be someone else to gain access to sensitive data or resources, tampering (T)-altering data or code to manipulate the application's behavior or cause it to malfunction, repudiation (R)-denying ones actions or the actions of others and making it difficult to track down the source of an action, information disclosure (I)-exposing or gaining access to information one should not be able to access, denial of service (D)-preventing a system from providing its intended service by crashing it, slowing it down, or filling its storage, and elevation of privilege (E)-gaining access to functionality without authorization [98]. Further in this study, we use STRIDE to guide a security threat analysis due to its industrial usage, maturity, high research concentration within the security community, and applicability for guiding risk treatment. • Risk treatment-related concepts-tackle mitigating the identified security risks, guiding risk mitigation decisions, security requirements, and controls to treat the risks. Security requirements aim to define conditions to be reached by mitigating identified security risks and are prerequisites to controls that implement the specified security requirements [89]. The STRIDE security requirements can thus guide requirements elicitation for risk treatment [96].
In this study, we apply these security risk management concepts in a multi-layer approach to understand the security risks within the IoTHD ecosystem.

Security Risks in IoT Health Devices
The examination of security risk management in IoT layers through the related work [24] has brought to light certain issues that may not have been discovered if the IoT system's architecture was not considered. These issues include research gaps arising from an unequal focus on security research on some IoT architecture layers to the detriment of others, the effect of risk on one layer cascading to other layers, and the necessity of implementing multi-layer risk analysis and defence strategies. Thus, we seek to apply a multi-layer approach to IoTHD security management as a beneficial method to facilitate end-to-end security in IoTHDs. In this section, we summarize our multi-layer IoTHD asset findings in Table 1, discuss the vulnerabilities of these IoTHD system assets, highlight relevant threat agents with the motivation and expertise to attack IoTHDs, and then formalize threats to IoTHDs in Table 2. We also provide a multi-layer risk analysis based on real-world scenarios to instantiate our approach. Table 1 summarizes the IoTHD assets (system and business assets) based on the discussed IoTHDs and classifies these assets into functional areas of each layer.

IoTHD Vulnerabilities
A vulnerability is a weakness in a system asset, group of system assets, or security control that a threat agent could exploit to cause harm to the system. As such, medical devices, specifically when they are connected to networks, are just as vulnerable as any other networked security systems and are subject to security breaches because they are all interconnected [100]. As the medical world expands in networking and information technology, there are increased opportunities for threat incidents initiated by malicious agents that target IoTHD system assets by exploiting their vulnerabilities. IoTHDs have become more vulnerable to cybersecurity vulnerabilities due to the rapid growth, prioritized role in aiding healthcare diagnosis, and greater connectivity between the devices, leading to high-impact clinical treatment and patient safety [100]. This section discusses the vulnerabilities of IoTHD system assets within their respective IoT layers.

Perception-Layer Vulnerabilities
IoTHDs, including legacy devices, are vulnerable to physical attacks that render devices unusable. Those medical devices are usually expensive and mostly managed by RFID in hospitals [101]. Despite the efforts of the protocol-level approaches, medical devices are often targeted by physical thefts, which is harder to protect through software solutions. Additionally, the potential for smart pills to be a target of theft exists as well [102], alongside medical identity theft by stealing fobs, cards, and other physical means of accessing healthcare assets. According to Mancini et al. [103], medical identity is used to access certain medical benefits by adversaries. IoT health devices are also limited in the power and resources they possess [100]. Thus, encrypting data transmitted by these devices, for instance, can significantly slow down their operation, reducing their usable battery life. This is a critical issue as some medical devices rely on prolonged battery life, and any reduction in it could affect their effectiveness and even pose risks to patients.
Data authentication is crucial to medical device security because these factors are related to one's medical history and data privacy. IoTHDs may suffer from an elevation of privilege attacks (EoP) when device authentication is missing [104]. Implanted devices that enable communication between brains, brain-stems, and other parts of the central nervous system are vulnerable to unethical access to consumer/patient neural information. Although these devices are designed to help mitigate patients' diseases, adversaries can potentially exploit the IoTHDs to extract information from our brains. Several researchers have pointed out that this could be a new ethical threat to humans in the coming decades [105,106].

Network-Layer Vulnerabilities
Data integrity is a key security criterion for securing data generated and transmitted by IoTHDs. However, the data integrity of the remotely collected data in communication is not always easy. Vulnerabilities in communication are likely to persist. For accessibility, any data generated by IoTHDs are usually always available. While adversaries may block transmission channels by using jamming or flooding attacks, medical devices should be able to provide ceaseless data monitoring [107,108]. The lack of accessibility may also cause data integrity, which can be used for altering data stored on IoTHDs [78,106]. Automation has boosted medical device manufacturing, providing many advantages in improving productivity while reducing unnecessary costs [109,110]. However, in medical device manufacturing, every component created with network capability or means of amplifying, dampening, or re-routing network communications creates new avenues of attacks [111]. For example, ransomware can cause massive supply-chain disruptions [111].

Application-Layer Vulnerabilities
Many computer vision technologies have been proposed to alter images [1,112]. Thus, it threatens healthcare sectors that adversaries could apply techniques such as modification, swapping, and obscuring toward vulnerable medical images [113,114]. For example, injecting or removing medical evidence to and from those medical images can cause a major misdiagnosis [115,116]. Medical images with insufficient security guidelines updates can also often suffer from various malicious manipulation attacks [33]. Additionally, adversaries and researchers have proposed more complicated attacking models and defense requirements as deep learning techniques evolve. For example, CT-GANs (Computed Tomography-Generative Adversarial Networks) [117] train GANs to generate fake CT images by having AI learn real medical images [117].
At the application layer, web services have become a popular means of interfacing with existing (and somewhat legacy) systems. However, when it comes to ensuring greater interoperability, some implementations can be insecure due to weak authentication and the absence of encryption. As a result, there is a risk of information being tampered with during transmission. Given the growing importance of IoTHDs, preserving data integrity is of utmost importance [100]. The human factor is also a component of the application layer. A lack of awareness of cybersecurity issues, poor security practices, and the consistent education and training of healthcare personnel, patients, and endusers of IoTHDs on cybersecurity risks and their impact contributes to the persistent cybersecurity vulnerabilities [100]. Some examples of these insecure practices include the insecure disposal of devices containing sensitive information or data, sharing passwords, and distributing passwords for device access, especially in cases where password protection is required [100].

Relevant Threat Agents
A threat agent can be a person, group, or organization that intends to exploit a vulnerability to cause harm to a system intentionally. A threat agent is characterized by motivation, available resources, and expertise to use an attack method sufficient to trigger a threat. The threat agent is, thus, the source of risk. This section highlights relevant threat agents with the motivation and expertise to attack IoTHDs.

Nation and State Actors
Nation and state actors are parties that operate on behalf of governments-with or without that government's public support. These tend to be well-funded entities collaborating with other allied countries and often work with "private enterprise" or criminal associations [118][119][120]. However, governments can fund operations that are often seen as independent. They have been known to be the main parties perpetrating cyber warfare largely through APTs contributing sustained operations [13,121]. For example, various APTs have been noted for interfering in politics, assisting in IP theft, participating in extortion attempts, or shoring up military imbalances in capacity between nations. A yet unknown source has been behind the "Tardigrade" APT targeting biomanufacturing facilities [122]. So far, Tardigrade has been suspected of gathering intelligence on vaccine production data [88] to disrupt it. Even more unusual is the metamorphic ability of Tardigrade to learn the systems it is in, change its signatures when detected, and then act anew. Thus, meaningful concerns can be had about new Tardigrade-like and Tardigrade derivatives in development or deployed elsewhere, perhaps even other industries. Limited actions can be performed while Tardigrade is under examination, but key insights can be gleaned: • State actors continue to have the means to produce sophisticated works. • APTs produced are likely to prioritize and maintain autonomy, allowing damages delivered to be sustained. Interference can be run through these to disrupt the operations of critical healthcare [122]. • If APTs can securely deliver hostile software into organizations with enough IoTHDs, and those devices are distributed widely enough and sufficiently evade patching, they can be a significant means of surveillance. • The most relevant APTs toward IoTHDs appear to be those that would target both IP and operations of such IP. Such could deliver strategic technological gains to nationstates while offering positioning to control companies of rival nation-states and or their alliances. • IoTHD developers should assume they are already targets and sharpen the protection of their most critical assets, including tighter protocols, vetting, and minimization of interactions with core IP assets. Further, as per BIO-ISAC's reported recommendation for bio manufacturers, all IoTHD developers should similarly consider reviewing the degree of backups, networking segmentation, and product lead times [88].
• Owing to automation in APTs and other means of automated attacks, we may see increased automation in defense.

Healthcare Facilities and Related Personnel
Conversations about healthcare facilities and personnel commonly include physicians, nurses, students, receptionists, phlebotomists, technicians, surgeons, scribes, emergency response doctors, janitors, security workers, and administrators. These are first-degree personnel. The many contract workers who may be involved with security, the transportation of materials, information technology staff, and guest scientists or collaborators are important to include, which can make up the second degree. One more degree can be removed for those who work with or associate with workers at the second degree or are unpaid, such as students, volunteers, patient visitors, and police officers, in limited cases of needed operation, participation, and agency. From the first to the third degree, there is a gradient of access to IoTHDs, from higher to lower. Still, all must be considered to a degree depending on the tasks at hand and the value of the IoTHD assets, for they can all provide an input that can determine a valuable output. Each of these degrees of separation entails different trees of attacks on healthcare assets. Healthcare personnel need to consider how the IoT either shortens the degree of separation or removes barriers entirely.

Independent and Unorthodox Communities
Unorthodox communities include many diverse actors of different funding groups and sizes. Independent actors can include from hobbyists and lone actors to organized groups either looking to exploit for intrigue, the repurposing of devices, or exploitation or harm. From the ethical hacker end of the spectrum, spaces such as those within Community Bio and Makerspaces and groups such as "I Am The Calvary" and the "Grinder [Implant] Community" would be those among whom IoHTDs may find beneficent uses. These individuals improve technology through identifying vulnerabilities and alerting manufacturers, addressing the vulnerabilities directly, positively advertising the proper use of the devices, or repurposing the devices within accepted frameworks. Toward the other end, lone exhibitors, criminals, and criminal groups can be expected to pose considerable, irregular threats to IoTHD users.

IoTHD Security Threats
Medical devices, specifically when they are connected to networks, are just as vulnerable as any other networked security systems and are subject to security breaches because they are all interconnected. IoT devices have increasingly become prevalent in healthcare and have improved patient care, remote monitoring, and medical research. However, these devices pose security threats that malicious actors (see Section 3.3) can exploit. Security threats to IoT devices in healthcare can occur at different layers, including the perception, network, and application layers.

IoTHD Countermeasures
As the medical world expands in networking and information technology, security threats in IoTHDs will continue to impact the future of clinical treatment and patient safety directly. Technical controls, governance, resilience measures, unified reporting, context expertise, regulation, and standards are general suggestions for the remediation of security risks due to IoTHD threats [100]. We discuss countermeasures to IoTHD security threats (see Section 3.4) at the perception, network, and application layers [124,126,127].

Perception/Device-Level Controls
In the era of Healthcare 4.0, all the sensing data from IoTHDs will be transmitted to remote servers and stored in cloud databases [128][129][130]. In addition, due to the nature of IoT devices, various sensing capabilities are used. Especially in implanted medical devices and sensors, if the data protocols or message formats vary, data protection against a wide range of malicious attacks can be more difficult [83]. Thus, more unified networks can be built with unified data encryption and transmission schemes to bring more protection capabilities against future adversaries [131]. Perception-layer components are prone to physical attacks, such as tampering or theft. Physical-layer security schemes [124,132] including RFID-based secure algorithms [101] have been suggested to protect against physical attacks (i.e., eavesdropping, sniffing, data breach, compromised node and device cloning attacks).
Researchers have also proposed secure data management protocols for medical identity protection [133,134] against medical identity theft that allow for privileged attacks. Mashima et al. [135] pioneered to secure medical systems against physical theft [135] that creates a trusted domain and an online monitoring system. However, medical identity threats cannot only be resolved by engineering efforts but also require holistic efforts. Halstead et al. [136] emphasized the importance of educating healthcare workers to become aware of these physical threats [136]. Medical professionals are not trained to deal with security threats, so device manufacturers should provide some security on their devices, release patches, and ensure secure products. While medical staff have little to do with the security of their devices, the owner of the healthcare facility can maintain (buy) strong device security and hire capable cybersecurity teams [137].
IoTHD perception-layer components become a more beneficial target as they collect patient medical data and control the device. Data hygiene entails the removal or limited persistence of data created on or entered into the device to reduce the impact of device data breaches and limit how much sensitive data can be transmitted to other IoT layers. Developers must consider protocols that limit the data taken and the data deciphered to limit thefts, as the ability to decode human biosignatures improves [105]. Additionally, data authentication schemes (i.e., biometric-based, mutual authentication, etc.) are crucial to medical device security because these factors are related to the privacy of one's medical history and data [124]. Such schemes can help remediate impersonation, password intrusion, reply, weak authentication, and side-channel attacks.

Network/Communication-Level Controls
Vulnerabilities in IoTHD communication can be addressed through key management schemes (using symmetric or asymmetric approaches) to protect the information exchanges between IoTHD system components [124]. With key management, the messages to be transmitted are protected with a key, which allows the packets to be encrypted. However, with the traditional approaches, there is a possibility of high power consumption and complexity [138]. There is also a need to adapt to newer technologies such as 5G technology and the emergence of more complex smart applications [124]. Proxy-based mechanisms can introduce additional security by adding an entity, layer, or process to secure the data generated in medical devices and transmitted between medical devices and the healthcare platform at the application layer. Wu et al. [139] created a proxy-based approach with ciphertext-policy attribute-based encryption (CP-ABE) to protect the communications and provide fine-grained access control in devices and WBANs. Similarly, Marwan et al. [140] proposed the CloudSec framework for data sharing and processing with two cryptosystems (AES and Paillier cryptosystems) for data encryption and key management.
Secure routing mechanisms such as SDN technology [141] protect IoTHDs from attacks such as Wormhole, routing attacks, DoS, battery depletion, flooding, Grayhole, etc., that take advantage of the high power consumption or low processing capabilities of the transmission mechanisms. Thus, deploying secure gathering and routing strategies to incur the least communication overheads and transmission costs mitigate these attacks [141,142]. Intrusion detection techniques are also beneficial for discovering attacks or malicious actions in the network or system [124].
Lastly, as with limiting the data collected through data hygiene methods, limiting the data transmitted from IoTHDs remains important. Despite implicit agreements upon the IoTHDs' vulnerabilities in communication, several studies [143,144] have reviewed the literature on how to build reliable data communication protocols or systems.

Application-Level Controls
Security at this layer is critical because it manages the exchange of sensitive data between the device and the user or external systems. Developers of IoT health applications should follow secure coding practices, such as input validation, output encoding, and data sanitization, to prevent common application-layer attacks, such as SQL injection and buffer overflows. While key management schemes protect data in transit between the IoT device and the user's mobile device or external systems [100,124], sensitive data should be encrypted at rest in the user's mobile device or external systems. Strong encryption algorithms such as AES symmetric key based-schemes and RSA should be used [124]. IoT health devices must also ensure data integrity of the data transmitted and received, as incorrect data can lead to life-threatening situations. Mechanisms such as check-sums, digital signatures, and hash functions can be used to ensure that data have not been tampered with. Access control mechanisms can also be implemented to limit authorized users' access to sensitive data and device functionality. Authentication mechanisms such as username/password, biometrics, or smart cards can be used to authenticate users.
Secure data aggregation techniques protect the patient's sensitive information aggregated from distributed medical devices (medical sensors) by applying an aggregation technique to secure and privatize the information. Tang et al. [145] applied different characteristics to implement secure data aggregation techniques, such as differential privacy preservation, obliviousness security, patient fair incentives, and data aggregation source identification. Chen et al. [146] proposed the federated learning paradigm using trained models to implement secure data aggregation.

Practical Examples Inspired by Real-World Concerns
We have followed a high-level layered architecture perspective to IoT systems, allowing for a more in-depth asset-oriented security risk analysis of IoTHDs within their perception, network, and application layers. We applied a suitable security risk management method-the ISSRM method-and its domain model [89] to guide our analysis. Our analysis in Section 3 shows that a multi-layer security risk management analysis benefits securing IoT health devices. By identifying and mitigating potential risks at each layer, IoT health devices can be made more secure, protecting user privacy and safety. In this section, we summarize this analysis at each layer.

Risk 1: Medical Image Modification
Medical imaging systems can comprise sensor equipment to collect CT and MRI images in various formats and store, transmit, or share them using the picture archiving and communication system (PACS). PACS is networked medical imaging technology that facilitates the storage, retrieval, and sharing of medical images.

Perception-Layer Risk Analysis
In the case of medical imaging using PACS, the perception layer includes devices used to capture and configure the CT and MRI imagery, as well as the software used. These include the CT scanners, MRI, DR device, ultrasound to capture medical imagery, and the modality workstation configuring and sending all the imagery in the DICOM format to the PACS server [117]. Vulnerabilities in the perception layer may arise from inadequate security measures, such as weak passwords, unpatched software, or default settings that have not been changed, which can increase the risk of unauthorized access to these assets. The attacker with physical access to the perception-layer assets, i.e., the modality workstation, can plant the malware by accessing the unlocked workstation. To secure against this threat, anti-virus software can be used on modality workstations and should be kept up to date [117]. Additionally, digital signatures [147] and digital watermarking [148] with each scan and machine learning techniques [149] can be used to detect tampered images and, thus, prevent their use for medical diagnosis.

Network-Layer Risk Analysis
The network layer in this scenario refers to the PACS network infrastructure used to transmit and store the medical images, typically in the DICOM format. The network layer comprises internal networks, WiFi access points connected to the internal network, and an internet connection. PACS which are not directly connected to the internet can be indirectly connected via the facility's internal network [150] and are thus vulnerable to attacks. PACS servers exposed to the internet pose a high risk of security threats that could compromise the confidentiality, integrity, and availability of the medical images stored on the server. Threats in this layer could include social engineering attacks, physical access, network intrusions, denial-of-service attacks, and other types of attacks that target the network infrastructure [151]. The risk of these threats increases when the medical images are transmitted over unsecured networks or stored in an unencrypted form. For example, an attacker can access the internal network by hacking WiFi access points with critical vulnerabilities, such as "Krack" [152] and "BleedingBit" [153], where Bluetooth and WiFi electronics are integrated into a single chip. To address such threats, healthcare facilities should enable encryption between the hosts in their PACS network using proper SSL certificates [117] and remain up to date with patches to vulnerable network software.

Application-Layer Risk Analysis
In the application layer, the risk of unauthorized access to the medical images stored on the PACS server can lead to malicious image modification. Although most healthcare facilities use local servers, a few have transitioned to cloud storage [154], increasing the potential attack surface. When a PACS server is exposed to the internet, there is a risk of various security threats that could compromise the confidentiality, integrity, and availability of the medical images stored on the server. Thus, a threat agent with motivation, expertise, and resources to gain unauthorized access to the PACS server can use the CT-GAN technique on medical imaging systems, posing a high risk of malicious image modification, leading to the loss of integrity of MRI/CT images, misdiagnosis of a severe disease, delayed treatment for the affected patients, and a loss of trust in the medical system. Vulnerabilities in medical imaging systems, such as inadequate encryption and security measures, increase the likelihood and severity of this risk.
Mirsky et al. [117] also demonstrated how an attacker could compromise medical images on PACS servers by designing two conditional GAN models. One injects medical evidence into healthy images, while the other removes medical evidence from images with detectable tumors [117]. This approach is critical because it can cause a misdiagnosis of severe diseases. Pathologies requiring high-resolution scanning would become a higher risk of CT-GAN-related attacks [117]. To mitigate this risk, organizations should implement adequate security controls, such as encryption (of data in motion (DiM) and data at rest (DaR)) and access controls, and limit the exposure the PACS server has to the internet [117]. Additionally, organizations should reduce the sensitive data collected (e.g., pathologies that do not need a CT scan should be discouraged), prioritize pathologies that require high-resolution scanning for further security measures, and consider alternatives to CT scanning for pathologies that do not require it. Finally, organizations should use risk management methodologies, such as the STRIDE method, to identify and address specific threats posed by the CT-GAN technique.

Summary
Malicious image modification by malicious actors can have severe consequences for the affected patients and the medical system. Attacker motivations comprise ideological, political, money, fame, and revenge motivations; attacker goals vary according to motivations, including to affect elections (political), hold data hostage (money), insurance fraud (money), terrorism (revenge), etc.; and the impact includes physical (injury and death), mental (trauma and life course), and monetary (loss and payouts). These point to nation/state actors and unorthodox communities, although independent actors (i.e., hobbyists and ethical hackers) may seek to explore such evolving uses of CT-GANs [117]. Therefore, it is essential to implement appropriate security measures, such as strong authentication and access control, data encryption, and regular security assessments, to mitigate the risks at each IoT layer. We illustrate a scenario of malicious image manipulation in Table 3.

Risk 2: Malicious Synthesis and Camouflage of Genetic Sequences
DNA synthesis has become more common [155]. It now is a non-trivial threat [156] where genetic sequences being synthesized and analyzed for various purposes, such as medical research, drug development, and forensic analysis, can be leaked to unauthorized parties or corrupted.

Perception-Layer Risk Analysis
The perception-layer security risk analysis of the DNA synthesis IoT health device system involves identifying risks associated with the user's interaction with the system. In this case, the risk involves the attack on the synthesizer through sound waves produced during the operation of the synthesizer. The acoustic side-channel attack is a type of "sonic malware" or "bioacoustic hacking" that can infer information about the synthesizer's operation and the synthesized DNA sequence [157,158]. This attack requires close physi-cal proximity to the DNA synthesizer, which means that healthcare or related personnel could be likely threat agents. Alternatively, an attacker can breach systems in proximity to the DNA synthesizer (e.g., remote monitoring systems, employee phone/laptop, etc.) and record the information leaked in the acoustic side-channel of the DNA synthesizer through an existing microphone(s) of those systems [157]. To mitigate acoustic side-channel risks, Faezi et al. [157] suggested using physically identical components placed in a geometrically uniform manner to remove any variations in acoustic emissions. Additionally, preventing unauthorized personnel from accessing any room containing a DNA synthesizer helps to maintain confidentiality of the synthesized DNA sequences. Any unapproved devices discovered in the same room as a DNA synthesizer should be reported as a security threat [157].

Network-Layer Risk Analysis
DNA synthesizers can connect to computers, external drives, and Ethernet cables. However, operators generally keep the machine disconnected from the internet and local networks or use secured protocols to eliminate the possibility of cyberattacks [157]. Although the possibility of network-layer attacks is limited, security risks target the communication between the DNA synthesizer and any integrated external system posing a significant risk to the confidentiality of the synthesized DNA sequences. Appropriate security measures, such as encryption, access controls, and monitoring for suspicious activity in any room containing a DNA synthesizer, can mitigate network-layer risks [157].

Application-Layer Risk Analysis
The application-layer security risk analysis of the DNA synthesis IoT health device system involves risk impacts stemming from perception-layer threats. When genetic sequences are manipulated, these corrupted sequences will be used in various medical applications, posing significant risks to genetic research and development [157]. Routine risk assessments can help identify corrupted sequences and prevent malicious actors from exploiting them.

Summary
DNA synthesis in medical research, drug development, and forensic analysis poses a significant security risk to genetic research and development integrity. The risk of malicious DNA synthesis and camouflage, particularly through acoustic side-channel attacks, can compromise genetic data and misdiagnose severe diseases. Faezi et al. [157] discuss attacker intent, such as industrial espionage and bioterrorism; however, because most attacks require close physical proximity to the DNA synthesizer, the healthcare or related personnel are the likely threat agent (although they can be recruited by a nation/state actor or an unorthodox group). To mitigate these risks, appropriate security measures must be implemented at the perception, network, and application layers, including removing variations in acoustic emissions, encryption, access controls, and monitoring for suspicious activity. We illustrate a scenario of a genetic sequences attack in Table 3.

Risk 3: Transport of Critical Materials and Unintentional Advertising
IoT health devices often use expensive and potentially dangerous materials such as radioactive isotopes to function properly, such as in medical devices used in radiation therapy or medical imaging. These devices may have communication protocols that could be vulnerable to malicious attacks or unintentional exposure, leading to serious health risks for the public. For example, in the Goiânia accident, numerous people were exposed to radioactive material stolen from a hospital, and this could easily happen again [159]. Therefore, assessing the security risks at the perception, network, and application layers of these IoT health systems and implementing appropriate security measures to protect against such risks is important. We illustrate a scenario of attacks exploiting the unintentional advertising of critical materials in Table 3.

Perception-Layer Risk Analysis
This IoT health device system's perception layer involves medical materials containing high-activity radioactive materials. The lack of comprehensive security protocols to protect them can result in unintentional advertising, making them a target for theft. The theft of these materials can pose severe health risks to the public and lead to legal consequences, damaging the reputation of medical device manufacturers [160]. Therefore, marking these materials discreetly among professionals is crucial to avoid unnecessary exposure to unprepared populations and to implement appropriate security measures to protect against malicious attacks [161]. For instance, the International Atomic Energy Agency (IAEA) has established guidelines for the security of radioactive sources, including physical protection, control and accounting requirements, and detection and response to unauthorized access [162].

Network-Layer Risk Analysis
The network layer of this IoT health device system involves assessing vulnerabilities in the communication protocols of IoTHDs. Network-layer security risks may involve the possibility of a malicious actor gaining access to IoTHD communication protocols and using them to identify and target medical materials containing radioactive isotopes. This could involve network scanning or malware to gain unauthorized access to the device or network.
Implementing appropriate security measures to protect against such attacks, such as encryption and access controls, and conducting routine vulnerability testing is necessary. Novel engineering efforts are also required to develop more specified security protocols to protect against theft and the unintentional exposure of these materials and revised education and law enforcement for medical professionals and peripheral agencies [163,164].

Application-Layer Risk Analysis
Application-layer security risks could include a malicious actor exploiting vulnerabilities in the software or firmware of medical devices to gain unauthorized access to sensitive information or materials. This could include tactics such as exploiting software vulnerabilities or using malware to gain access to device settings or data. Implementing appropriate security measures, such as revising education and law enforcement for medical professionals and peripheral agencies to ensure the safe handling and disposal of radioactive materials, can significantly reduce the risk of malicious attacks and unintentional exposure.

Summary
Overall, the security risks associated with medical devices that use expensive and potentially dangerous materials require careful consideration and appropriate measures to ensure the safety of the public and the reputation of medical device manufacturers. Healthcare facilities housing high-risk radioactive materials and devices become easy targets for theft or sabotage. Attackers can be highly motivated and well-resourced unorthodox communities or state-sponsored threat actors with specific agendas, such as economic or political gain, terrorism, or activism. This could include insiders with privileged access to the medical device manufacturer's systems or facilities. Due to the high value of the medical materials involved, the attackers may be highly skilled and sophisticated and able to leverage a variety of attack vectors and techniques to achieve their objectives [165]. Thus, medical device manufacturers must keep abreast of potential malicious actors and implement appropriate security measures to protect against malicious attacks and unintentional exposure. This may require novel engineering efforts such as blockchain technology to enhance security and traceability in managing radioactive sources in medical facilities [164], and revised education and law enforcement for medical professionals and peripheral agencies [163].

Lessons Learned
A multi-layer approach to security risk management is essential for IoT health device systems because it helps identify potential risks and threats across different system layers. IoT health devices involve interconnected components that operate at different levels, including perception, network, and application layers. Each of these layers has unique vulnerabilities and threats requiring different security measures. At the perception layer, the physical sensors and actuators that gather and control data are vulnerable to tampering, eavesdropping, and spoofing attacks. Network-layer vulnerabilities can result from unsecured wireless communications, weak authentication, and unencrypted data transmission. The application-layer vulnerabilities arise from the software and applications used to process and store data, including outdated software, unpatched vulnerabilities, and weak password policies.
IoT health device manufacturers and healthcare organizations can identify and assess these vulnerabilities and threats across different system layers by taking a multi-layer approach to security risk management. This approach enables relevant stakeholders to implement appropriate security measures that address the specific risks at each layer. It also helps to ensure that security controls are integrated across all layers to provide end-to-end security. Furthermore, as we have seen from the scenarios discussed, a multi-layer approach can help identify risks across different layers. For instance, in the DNA synthesizers scenario, attacks may require physical proximity to the device (at the perception layer) and the ability to analyze acoustic signals (at the application layer). This highlights the importance of considering security risks spanning different IoT system layers and implementing security measures that address these risks.

The Future of IoTHD Security
Many new medical technologies are increasingly accepted and trusted by medical professionals [166][167][168]. Specifically, we will briefly address several innovations of the 4th industrial revolution, including artificial intelligence [169], blockchain [170,171], genetic engineering, quantum computing, and intersectional/combinatorial use. Innovations with these technologies can be expected to set the stage for novel exploits leading into the middle and latter parts of the 21st century.

Administrative (Laws and Policy Changes)
As discussed above, modern medical devices vary in many aspects, such as software, operating systems, and communication protocols. More administrative efforts are needed to achieve cybersecurity in various medical devices, especially at the law and policy levels.
First, governmental health agencies must specifically define their roles in cybersecurity administration toward devices [86]. Formulating a policy/framework and having vendors follow the guidelines is required. That said, a single reliable network that supports heterogeneous medical devices can be newly defined, and vendors could promptly integrate existing/new medical devices into the secure network. Depending on laws and policy, governments may decide whether they utilize existing networks or redesign a network for future IoTHDs [77]. For example, current MRI/CT images are connected to centralized pictures archiving and communication system (PACS) networks. Building a new framework should consider those existing networks [172]. In the new form of medical network frameworks, migrating legacy devices effectively is necessary. These gateway designs can include but are not limited to data transformation, network protocol design, and encryption/decryption schemes. Some medical devices do not have network capabilities; thus, a form of data transformation and secure uploading scheme will be needed. Otherwise, adversaries could conduct physical data theft attacks or man-in-the-middle attacks.
Vendors are expected to abide by laws/policy changes at any level of cybersecurity. This can be developing security programs or adding two-factor authentication. Both administrations and vendors should collaboratively inspect the quality of security fulfillment. During the inspection periods, the government may define standardized action items as validated and deliverable tests. It is recommended that government health agencies define fine-grained requirements with expected outcomes, eventually decreasing overall timelines. Vendors can then provide corresponding item results in their lab settings. That way, health agencies can assess the risk management abilities of the manufacturers. This process should be performed seamlessly; existing users would not face denial-of-service experiences. Overall, being aware of cybersecurity for medical devices in laws and policies is important. When building a future framework/network, governmental and industrial efforts can expedite smoother transitions [173].

Defending Forward
A small but significant amount of the literature on the intersections of biosecurity and cybersecurity discusses the national security implications at risk. George (2020) speaks about this at length with the health of citizens and the status of bioeconomies [174]. Palmer and Karahan [13] discuss how intersectional research is important to consider in light of cybersecurity defense initiatives under the term "Defend Forward", given how integral health infrastructure is. The careless integration of IoTHDs can threaten military operations if they can be widely and acutely exploited. It, therefore, appears sensible that further scrutiny be given to IoTHDs as they are considered for purchase and use in proximity to military and policing forces, regardless of the country. Further, such scrutiny is reasonable to be heightened as 4IR technologies, especially that of artificial intelligence, are employed [175]. Several AI-based studies [76,81,82,176,177] discuss this at length wherein AI can meaningfully present further hurdles if misused or taken advantage of. Future considerations toward defend forward applications should be mindful of health infrastructure that is accessible at these intersections.

AI Innovations and New Directions
According to Kruk et al. [178], about 3.6 million people die annually due to poor quality healthcare [178]. There is also an employment gap of 5.9 million nurses globally [179]. This is alarming and has triggered a lot of technological innovations within the space of artificial intelligence (AI), machine learning, and the Internet of Things (IoT) to solve these challenges. Machine learning techniques have proven to learn complex representations and patterns to automate some clinical responsibilities. Internet of Things devices, on the other hand, have provided the capabilities to collect high-throughput heterogeneous rich data from patients and individuals for training and improving AI algorithms. Healthcare workers and patients expect AI to play an important role in diagnosis and treatment more effectively and accurately than the current methods [180][181][182][183]. For example, as AI in computer vision improves image analysis, patients can obtain better image quality from medical devices with AI. Likewise, AI characteristics can improve the diagnosis and disease management process. This is not to say that the applications are not without hurdles, but there exists evidence for optimism over time as practitioners improve their integration of artificial intelligence-based modalities [184]. We can expect artificial intelligence to improve applications in resource-strapped areas.
AI and machine learning have permeated every aspect of healthcare delivery-identifying and discovering new therapeutics, diagnosing diseases and infections, or aiding in treatment decision making. Toward the discovery of novel therapeutics and drugs, AI has been used to speed up the virtual screening of compounds to narrow the search space for lead compounds or potentially viable drugs [185]. This decreases the cost and time it will take to bring new drugs to market by pharmaceutical companies. Within disease diagnosis, AI has been used to diagnose disease and medical abnormalities from data collected with IoT devices (such as wearable fitness devices), medical imaging devices, and blood chemistry analyzers [186]. In terms of administering treatments, ML algorithms have been used to inform how limited clinical resources should be allocated [187]. For example, machine learning algorithms have been used to prioritize patients to maximize how clinical resources are used to treat patients. Moreover, ML algorithms have aided in determining the optimal time for administering certain treatments. AI and ML have shown incredible performance in the past and have demonstrated a lot of potential for the future. Despite these, AI in healthcare poses major drawbacks that must be addressed as the field evolves. One of these drawbacks is the lack of ethnic diversity in some datasets used in training these AI systems [188]. An AI system is as good as the dataset it was built on. Thus, if certain groups of people are not represented in these training datasets, AI systems built on these datasets will perform terribly when used on underrepresented groups. Notable authors who have discussed issues and potential pathways to solutions regarding representation in data and the algorithms handling them can be found among [189][190][191][192][193][194][195].
Moreover, many AI systems and IoT applications require good infrastructure, such as reliable internet and electricity. In resource-constrained environments where such amenities are a challenge, it will be almost impossible to deploy these technological innovations fully. Thus, more work is needed to investigate ways to deploy these technologies in resource-constrained settings. With access to medical data, generative AI can generate fake medical information, including MRI/CT images, for which new security means have been suggested [117,196,197]. Thus, data generated by IoTHDs must be validated by experts or high-performing discriminator models. Building a good discriminator model for data protection can help healthcare sectors to protect from malicious data fabrication attacks. This approach is needed given the data generated. The same aspects can be applied to other types of medical data resources. To extrapolate, future cyberbiosecurity models may apply more complicated discriminative techniques to detect generic sequences of DNA synthesis or other important biological outputs or signatures. In terms of biomolecules, biosystems, biomachine interfaces, and biocomputing, there exist many new and dynamic targets [155,198]. A single organization or academic institute cannot make this approach. Thus, region-wide or nation-wide data collection and research collaborations are needed and can expedite more complicated AI solutions [199][200][201][202][203].

Innovations of Blockchain Technology
Blockchain technology refers to cryptography-linked records in chained blocks. It is an emerging technology that may prove essential in shoring-up privacy concerns and adding needed avenues of automation in record processing [204]. With an eye on privacy, several groups have put forth security solutions at this intersection. For example, Kumar and Chand [205] revealed a model for using blockchain with the IoT in medical privacy contexts; this builds on efforts of protocols which aimed to cover the privacy of PII on the blockchain. Those concerned with regulation would be pleased to note that conversation at the intersection of blockchain, regulation, and hospital device application is alive. Sneha et al. [206] introduced a model that "emphasizes distribution and encryption of data, smart contracts, and permissioned blockchain-based architecture" within the scope of the FDA review process. Alblooshi et al. [171] developed a protocol specifically for medical devices. All in all, blockchain efforts exist and are growing. Testing, time, and adoption will tell if the efforts take root. They present novel avenues for managing medical data. These reflect just some of the innovations taking place with blockchain technology.

Genetic Engineering
Genetic engineering is a 4IR technology that has been pacing rapidly [207][208][209][210]. It allows skilled technicians to change fundamental aspects of organism DNA and make profound biomaterials. Of the latter, DNA is being investigated as a programmable 4D scaffold that may improve wearable technology and offer further bio-digital functionality [211][212][213]; in fact, IoT functionality with DNA is already a matter of investigation. In the former case, genetic engineering has immediate healthcare implications as, for example, this can translate to effective gene therapies and allows for crafting tissue and organ grafts that have a much lower rejection from those these are implanted into. Sequencing, the decoding of one's genome, is required for this. Thankfully, the cost to sequence genomes per base pair has fallen drastically, and the speed to do so on a population basis for analyzing a community is here. The advent of COVID-19 provided an important basis and means to implement effective genetic surveillance to study population susceptibility [214,215]. The means can be minimalized significantly. For example, researchers demonstrated that Oxford Nanopore sequencing technology could be utilized via a gaming laptop, allowing for sequencing on the go [216].
From the individual to the corporate entity to the nation-state, there are many reasons to be interested in sequencing. The same goes for information about genetic editing. Cheap gene engineering kits and exploration stations, via companies such as The Odin or Amino Labs, can be obtained cheaply, allowing for the potential of biomedical exploration and prototyping by larger swaths of individuals [207,208]. IoTHDs that utilize either gene editing or sequencing may find themselves targets. Companies might consider adding these products to their labs and sandboxes to test intermediate attacks between connected systems. Reverse engineering and purchasing more advanced units, especially industrial and hospital-grade sequencing and diagnostic units, may heighten preparedness.

Quantum Computing
Quantum computing conducts complex computations by harnessing quantum states. Instead of calculations based on binary architecture, quantum computing can hold more information, significantly reducing computation times and energy usage. This concept of quantum bit computation could eventually lead to accurate diagnosis and precision medicine in healthcare [85]. Although the advanced processing ability of quantum computing may threaten legacy encryption schemes, it can also be used to reinforce the current encryption systems with quantum computing power. There is ample opportunity for business opportunities in exploring both sides of these uses.

Intersectional Fusions of 4th IR Technologies
One potential innovation to be mindful of is the intersection of multiple 4IR technologies in the future. An example can be found in a recent avant-garde project that fuses biotechnology and blockchain in a decentralized autonomous organization (or DAO for short) called BitMouseDAO, sought to encode cryptocurrency into a mouse [217]. This would involve genetically engineering the mouse's DNA to hold the key to access an amount of Bitcoin. Fifty (50) years ago, this idea would have been considered poor science fiction, but the means of technology exist. However, less than twenty (20) years ago, considerable amounts of digital data were converted into DNA reliably stored and played back in text or video format. In the last decade, a researcher and his team managed to encode malware in DNA and use it to perform a remote attack on a DNA sequencer, which spelled immediate implications for future healthcare operations [155]. The takeaway is the value of pondering what creative teams may produce in their goal to produce novel attacks on IoTHDs.
It is not out of the question that institutions may one day see novel attacks that act on the synchronized actions of patients who seek medical services that access their genetic information under the right combination of spiked and submitted samples. It is possible from here that complex bio-digital DDOS attacks can be made functional for more devastating malware, perhaps in the form of a condensed but dynamic machine learning algorithm that eventually winds its way through a facility. This scenario is wonderfully contrived for the time being. Thankfully, this is not a practical attack in the next few years, but with time, testing, and a large enough value target, it very well could be in ten (10) years by an enterprising group. Underestimation is an ever-present vulnerability that must be frequently assessed.

Concluding Remarks
The world of medical devices is diverse, and varieties that utilize internet connectivity add to this diversity and increase use. IoT health devices have become increasingly prevalent in the healthcare sector, offering a range of benefits, such as remote monitoring, real-time tracking, and improved patient outcomes. Thus, when rapid technological advancements outpaced the gradual advancement of healthcare cybersecurity, security concerns became difficult to manage. Each interconnected medical device has unique security risks, and there is not a one-size-fits-all approach to securing IoTHDs. In this paper, we have provided a survey and mapping of IoTHDs, regarding healthcare components and the communities that use them, a multi-layer security risk management analysis, and future and evolving considerations. Each device presents risks that we have classified into the STRIDE threat categories, showing the need to consider the security risks of IoTHDs in their environment and focus on security risk management. We introduced the multi-layer approach to conducting security risk management for these IoTHD systems as it provides a comprehensive view of the system's security posture and enables the implementation of appropriate security measures that address vulnerabilities and threats at each layer while ensuring end-to-end security. We do not cover all of the forms of IoTHDs but provide a useful introduction to thinking about the threat landscape of IoTHDs, proposing that all adoption of IoTHDs is done carefully and with the utmost consideration for security risk management. Funding: Publication costs were funded by CYBER Solutions Academy. The work itself was a volunteer effort.
Data Availability Statement: This is a review paper and as such no data is available to review. All data used in this review was obtained through academic publications or through open-access sources.

Conflicts of Interest:
This work was pursued without aim of commercial gain and its completion was pursued as a volunteer, educational pursuit drawing from the domain understandings of each author. The majority of this work was completed by the time most of the authors were still in school or having recently graduated. That said, Issah Abubakari Samori is employed as an Artificial Intelligence Engineer with MinoHealth AI Labs. Xavier-Lewis Palmer volunteers through educational initiatives separately held by CYBER Solutions Academy and MinoHealth AI Labs.