Secure DevSecOps Workflows for Medical IoT Device Integration in Smart Hospitals
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I1P113Keywords:
DevSecOps, IoMT, Smart Hospitals, OTA Firmware, Medical Device Security, CI/CD, Healthcare Cyber-Physical SystemsAbstract
Smart hospitals increasingly depend on interconnected medical IoT devices that collect physiological signals, execute clinical workflows, and support real-time decision making. These devices require continuous software updates and secure firmware delivery to maintain safety and interoperability across complex healthcare ecosystems. Conventional software pipelines are insufficient for this purpose because medical devices operate under strict regulatory constraints, involve persistent wireless connectivity, and remain exposed to both cyber threats and physical misuse. This paper proposes a secure DevSecOps workflow tailored specifically for medical IoT integration within smart hospital environments. The workflow incorporates secure firmware signing, hardware-rooted device identity, continuous vulnerability scanning, compliance-aware release gating, and post-deployment telemetry validation. By embedding security checks directly throughout the update and release lifecycle, medical IoT devices obtain resilient over-the-air provisioning and maintain verifiable trust from manufacturer to bedside. The resulting pipeline shifts device cybersecurity from post-release patching to continuous assurance, enabling safe, traceable, and regulation-conscious delivery of medical device software updates in smart hospitals
References
1. Y. Sun, F. P.-W. Lo, and B. Lo, “Security and privacy for the internet of medical things enabled healthcare systems: A survey,” IEEE Access, vol. 7, pp. 183339–183355, 2019.
2. R. C. Moioli, P. H. J. Nardelli, M. T. Barros, W. Saad, A. Hekmatmanesh, P. E. G. Silva, A. S. de Sena, M. Dzaferagic, H. Siljak, W. Van Leekwijck, D. C. Melgarejo, and S. Latre, “Neurosciences and´ wireless networks: The potential of brain-type communications and their applications,” IEEE Communications Surveys & Tutorials, vol. 23, no. 3, pp. 1599–1621, 2021.
3. K. Nomikos, A. Papadimitriou, G. Stergiopoulos, D. Koutras, M. Psarakis, and P. Kotzanikolaou, “On a security-oriented design framework for medical iot devices: The hardware security perspective,” in 2020 23rd Euromicro Conference on Digital System Design (DSD), 2020, pp. 301–308.
4. A. Sivanathan, H. H. Gharakheili, and V. Sivaraman, “Detecting behavioral change of iot devices using clustering-based network traffic modeling,” IEEE Internet of Things Journal, vol. 7, no. 8, pp. 7295– 7309, 2020.
5. N. Asokan, T. Nyman, N. Rattanavipanon, A.-R. Sadeghi, and G. Tsudik, “Assured: Architecture for secure software update of realistic embedded devices,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 37, no. 11, pp. 2290–2300, 2018.
6. E. Raj, D. Buffoni, M. Westerlund, and K. Ahola, “Edge mlops: An automation framework for aiot applications,” in 2021 IEEE International Conference on Cloud Engineering (IC2E), 2021, pp. 191–200.
7. D. Spychalski, O. Rode, M. Ritthaler, and G. Raptis, “Conceptual design and analysis of a mobile digital identity for ehealth applications,” in 2021 IEEE EMBS International Conference on Biomedical and Health Informatics (BHI), 2021, pp. 1–4.
8. T. Yaqoob, H. Abbas, and M. Atiquzzaman, “Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices—a review,” IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723–3768, 2019.
9. Z. Kazemi, A. Papadimitriou, D. Hely, M. Fazcli, and V. Beroulle, “Hardware security evaluation platform for mcu-based connected devices: Application to healthcare iot,” in 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018, pp. 87–92.
10. K. Kuru and W. Khan, “A framework for the synergistic integration of fully autonomous ground vehicles with smart city,” IEEE Access, vol. 9, pp. 923–948, 2021.
11. G. Hatzivasilis, O. Soultatos, S. Ioannidis, C. Verikoukis, G. Demetriou, and C. Tsatsoulis, “Review of security and privacy for the internet of medical things (iomt),” in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2019, pp. 457–464.
12. A. Sobecki, J. Szymanski, D. Gil, and H. Mora, “Framework for in-´ tegration decentralized and untrusted multi-vendor iomt environments,” IEEE Access, vol. 8, pp. 108102–108112, 2020.
13. S. Cong, M. Jianfeng, and Y. Qingsong, “On the architecture and development life cycle of secure cyber-physical systems,” Journal of Communications and Information Networks, vol. 1, no. 4, pp. 1–21, 2016.
