Authors : Ghanakshari Khandre; Shripad Bhide

Volume/Issue : Volume 11 - 2026, Issue 5 - May

Google Scholar : https://tinyurl.com/3hzpx7ay

Scribd : https://tinyurl.com/rfamdp84

DOI : https://doi.org/10.38124/ijisrt/26May1548

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Modern healthcare infrastructures face an escalating spectrum of cyber threats, driven in large part by their growing reliance on tightly integrated digital ecosystems — spanning electronic health records, cloud platforms, and networked clinical devices. This exposure is compounded by the rapid proliferation of the Internet of Medical Things (IoMT), a domain characterized by resource-constrained endpoints, inconsistent patch cycles, and legacy communication protocols ill-suited to contemporary security demands. Concurrently, artificial intelligence and machine learning have emerged as promising instruments for advancing cyber threat detection. Yet a persistent and consequential gap remains: the transition from detection to effective, automated response. Though conceptually intertwined, these two functions present markedly different operational realities. Current literature disproportionately favors detection-centric approaches, leaving automated incident response comparatively underexplored. This paper offers a systematic review of AI-driven automated incident response in the context of healthcare cybersecurity. It critically examines the deployment of Security Orchestratioshrin, Automation, and Response (SOAR) frameworks, delineates security challenges endemic to IoMT environments, and surveys emerging intelligent defense paradigms. Following a PRISMA-guided methodology, relevant literature was drawn from IEEE Xplore, SpringerLink, PubMed, Google Scholar, and arXiv, encompassing publications from 2019 to 2026. A rigorous multi-stage screening of 1,499 initial records, governed by predefined inclusion criteria, yielded 20 studies for substantive analysis. The findings reveal a consistent pattern: while AI-based detection models attain strong performance benchmarks, the operationalization of automated response within clinical settings remains nascent. SOAR adoption continues to mature slowly, and prevailing approaches frequently fall short in delivering real-time mitigation and recovery. Compounding these limitations are dependence on narrow benchmark datasets, insufficient model interpretability for clinical contexts, and inadequate incorporation of privacy-preserving methodologies such as federated learning. Taken together, this review makes a compelling case for end-to-end security architectures that transcend detection alone. Next-generation systems must embed SOAR capabilities across the full incident response lifecycle, positioning healthcare organizations to adopt cybersecurity solutions that are not only technically robust but practically deployable at scale.

References :

1. S. Kumari, M. Gaikwad, and S. A. Chavan, "Secure IoT-edge architecture with data-driven AI techniques for early detection of cyber threats in healthcare," Discover Internet of Things, vol. 5, no. 1, p. 14, 2025.
2. S. H. Almotiri, "AI driven IoMT security framework for advanced malware and ransomware detection in SDN," Journal of Cloud Computing, vol. 14, no. 1, 2025.
3. Ramya, Sudhakaran, Sivagnanam, and S. Krishnan, "Advanced intrusion detection technique (AIDT) for secure communication among devices in internet of medical things (IoMT)," Scientific Reports, vol. 14, 2024.
4. S. Kaur and Gupta, "Explainable AI assisted IoMT security in future 6G networks," Future Internet, vol. 17, no. 5, p. 226, 2025.
5. M. Mohale and O. Obagbuwa, "A systematic review on the integration of explainable artificial intelligence in intrusion detection systems," Frontiers in Artificial Intelligence, vol. 8, 2025.
6. R. Jain and A. Singh, "WUSTL-EHMS-2020: A new dataset for healthcare cybersecurity research," IEEE Internet of Things Journal, vol. 7, no. 9, pp. 8801-8812, 2020.
7. A. Tellache et al., "Advancing autonomous incident response: Leveraging LLMs and cyber threat intelligence," arXiv preprint arXiv:2508.10677, 2025.
8. R. Shinde et al., "Securing AI-based healthcare systems using blockchain technology: A state-of-the-art systematic literature review and future research directions," Artificial Intelligence Review, 2022.
9. R. Kremer et al., "IC-SECURE: Intelligent system for assisting security experts in generating playbooks for automated incident response," in Proc. IEEE Conference on Communications and Network Security (CNS), 2023.
10. S. Mushtaq, M. Mohsin, and M. M. Mushtaq, "A systematic literature review on the implementation and challenges of zero trust architecture across domains," Sensors, vol. 25, no. 19, p. 6118, 2025.
11. M. Yacoubi, O. Moussaoui, and C. Drocourt, "Enhancing IoMT security with explainable machine learning: A case study on the CICIOMT2024 dataset," Information, vol. 16, no. 2, p. 133, 2025.
12. J. Paulraj et al., "Autonomous AI-based cybersecurity framework for critical infrastructure: Real-time threat mitigation," PeerJ Computer Science, vol. 11, p. e2414, 2025.
13. S. Deb et al., "Securing the internet of medical things (IoMT): Real-world attack taxonomy and practical security measures," Journal of Computer Virology and Hacking Techniques, 2025.
14. R. Yener, M. Hassan, and M. Bashir, "Threats and security strategies for IoMT infusion pumps," Healthcare, vol. 10, no. 6, p. 1110, 2022.
15. Z. Huang et al., "Toward an intent-based and ontology-driven autonomic security response in security orchestration automation and response," Information, vol. 16, no. 12, p. 1036, 2025.
16. U. Bartwal et al., "Security orchestration, automation and response engine for deployment of behavioural honeypots," International Journal of Information Security, 2024.
17. Y. Chang, H. Liu, C. Lu, and N. Zhang, "SoK: Security and privacy risks of healthcare AI," JAMA Network Open, vol. 8, no. 5, 2025.
18. S. Abraham et al., "AI incident monitoring through a public health lens," Journal of Cyber Policy, vol. 4, no. 3, 2025.
19. FDA, "Cybersecurity in medical devices: Quality management system considerations and content of premarket submissions," U.S. Food and Drug Administration Guidance Document, Feb. 2026.
20. H. Wang and J. Liu, "Deep learning for real-time anomaly detection in IoMT gateways," IEEE Journal of Biomedical and Health Informatics, vol. 27, no. 5, 2023.