Scalable Vulnerability Management in the Internet of Medical Things: An AI-Driven Automated Framework for Threat Mitigation in High-Asset Environments

Dr. Jorvin S. Halstrom

Open Access

Scalable Vulnerability Management in the Internet of Medical Things: An AI-Driven Automated Framework for Threat Mitigation in High-Asset Environments

pdf

Dr. Jorvin S. Halstrom ¹ ,

⁴ Department of Biomedical Systems & Threat Mitigation, Carnegie Mellon University, USA

Abstract

Background: The rapid proliferation of the Internet of Medical Things (IoMT) has expanded the attack surface of healthcare organizations, creating environments with over 100,000 connected assets. Traditional vulnerability management (VM) relies on periodic scanning and manual remediation, which are insufficient for the scale and criticality of modern medical networks.

Methods: This study proposes an AI-driven Automated Framework for Threat Mitigation designed specifically for high-asset environments. Drawing on recent advances in vulnerability management at scale and anomaly detection in time-series data, we developed a hybrid deep learning model utilizing Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) units. The framework was tested in a simulated environment replicating a Tier-1 hospital network with diverse endpoints, ranging from MRI machines to implantable cardiac devices.

RESULTS: The proposed framework demonstrated a statistically significant improvement in threat detection speed compared to legacy systems. Specifically, the automated approach reduced the Mean Time to Remediation (MTTR) by 42% and decreased false positive alerts by 65%. Furthermore, the system maintained 99.99% availability for critical life-support nodes during active threat mitigation protocols.

conclusion: The integration of AI-driven automation into vulnerability management offers a viable path for securing large-scale IoMT environments. However, the transition requires careful consideration of algorithmic interpretability and the ethical implications of automated decision-making in clinical settings.

Keywords

Vulnerability Management, Internet of Medical Things (IoMT), Artificial Intelligence, Threat Mitigation

References

📄 Prassanna Rao Rajgopal, Badal Bhushan and Ashish Bhatti 2025. Vulnerability Management at Scale: Automated Frameworks for 100K+ Asset Environments. Utilitas Mathematica . 122, 2 (Sep. 2025), 897–925.

📄 Yaqoob, T.; Abbas, H.; Atiquzzaman, M. Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—A review. IEEE Commun. Surv. Tutor. 2019, 21, 3723–3768.

📄 Newaz, A.I.; Sikder, A.K.; Babun, L.; Uluagac, A.S. Heka: A novel intrusion detection system for attacks to personal medical devices. In Proceedings of the 2020 IEEE Conference on Communications and Network Security (CNS), Virtual, 29 June–1 July 2020; pp. 1–9.

📄 Hassija, V.; Chamola, V.; Bajpai, B.C.; Zeadally, S. Security issues in implantable medical devices: Fact or fiction? Sustain. Cities Soc. 2021, 66, 102552.

📄 Temitope, O., Owoyemi, J., & Edeamah, O. Exploring Techniques and Applications for Anomaly Detection in Time Series Data. International Advanced Research Journal in Science, Engineering, and Technology, 10 (5), 1-16.

📄 McGraw, G. Software Security: Building Security In; Addison-Wesley: Boston, MA, USA, 2006.

📄 Sametinger, J.; Rozenblit, J.; Lysecky, R.; Ott, P. Security challenges for medical devices. Commun. ACM 2015, 58, 74–82.

📄 Yeng, P.K.; Wolthusen, S.D.; Yang, B. Comparative analysis of software development methodologies for security requirement analysis: Towards healthcare security practice. Inf. Syst. 2020, 48, 227–241.

📄 Wheeler, E. (2011). Security risk management: Building an information security risk management program from the Ground Up. Elsevier.

📄 Muckin, M., & Fitch, S. C. (2014). A threatdriven approach to cyber security. Lockheed Martin Corporation.

📄 Tiller, J. S. (2011). CISO'S Guide to Penetration Testing: A framework to plan, manage, and maximize benefits. CRC Press

📄 Shah, C., Sabbella, V. R. R., & Buvvaji, H. V. (2022). From Deterministic to Data-Driven: AI and Machine Learning for Next-Generation Production Line Optimization. Journal of Artificial Intelligence and Big Data, 21-31.

📄 Carter, D., & Clark, E. (2011). AI-based Vulnerability Management and Threat Mitigation. Journal of Network and Computer Applications, 34(5), 234-245.

📄 Garcia, L., & Wilson, P. (2013). Automated Threat Mitigation Systems: AI Perspectives. International Journal of Information Security, 22(3), 167-179.

📄 Thompson, K., & Walker, H. (2014). AI-driven Approaches to Threat Mitigation. Computers & Security, 45, 123-135.

📄 Sethuraman, S.C.; Vijayakumar, V.; Walczak, S. Cyber attacks on healthcare devices using unmanned aerial vehicles. J. Med. Syst. 2020, 44, 29.

📄 Campbell, T., 2016. Practical information security management. Practical Information Security Management, pp.155-177.

📄 Hodson, C. J. (2024). Cyber risk management: Prioritize threats, identify vulnerabilities and apply controls. Kogan Page Publishers.

📄 Chang, V., & Ramachandran, M. (2015). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on services computing, 9(1), 138-151.

How to Cite

Dr. Jorvin S. Halstrom. (2025). Scalable Vulnerability Management in the Internet of Medical Things: An AI-Driven Automated Framework for Threat Mitigation in High-Asset Environments. Global Journal of Medical and Pharmaceutical Sciences, 4(11), 16-23. https://www.grpublishing.org/journals/index.php/gjmps/article/view/198