A Blockchain-Enabled Severity-Aware Framework for Ransomware Resilience in Healthcare IoT

  • Authors

    https://doi.org/10.14419/egdvhq50

    Received date: December 24, 2025

    Accepted date: January 19, 2026

    Published date: January 24, 2026

  • Healthcare Internet of Things (HIoT); Ransomware Resilience; Blockchain Security; Severity-Aware Mitigation; Forensic Accountability

  • Abstract

    The growing adoption of Healthcare Internet of Things (HIoT) systems has improved patient monitoring and clinical efficiency. Still, it has ‎also exposed hospitals to ransomware attacks that can disrupt life-critical operations. Conventional intrusion detection systems (IDS) such ‎as Snort, Suricata, and Kitsune struggle to provide tamper-proof evidence or prioritize device-specific risks, limiting their effectiveness in ‎clinical environments. To address this gap, we propose a blockchain-assisted framework that integrates hybrid anomaly detection, Byzantine ‎fault-tolerant forensic logging, and severity-aware mitigation. Suspicious traffic is first evaluated using anomaly scoring with EVT-based ‎thresholding, then immutably recorded on a blockchain ledger via PBFT consensus, ensuring tamper-resistance. Smart contracts enforce ‎mitigation decisions based on severity scores that account for anomaly magnitude, device criticality, and network exposure, thereby guaran-‎teeing the rapid protection of life-support devices while minimizing unnecessary disruption to low-risk equipment. An experimental evalua-‎tion of the N-BaIoT, ToN_IoT, and CIC-IDS2017 datasets shows that the framework achieves a detection accuracy of up to 98%, a false-‎positive rate of 1.1%, and an average latency of 6.8 ms, outperforming baseline IDS solutions. Security analyses confirm resilience against ‎log tampering, obfuscation-based evasion, and denial-of-service flooding, while throughput scalability exceeded 2200 TPS across hospital ‎nodes. By combining blockchain accountability with clinically aware mitigation, this framework provides a robust, real-time defense against ‎ransomware in HIoT environments, advancing the state of cybersecurity for patient-centered healthcare systems‎.

  • References

    1. I. U. Haq and S. Raza, “Ransomware threats to healthcare IoT: Attack trends and mitigation strategies,” IEEE Access, vol. 11, pp. 56314–56327, 2023.
    2. S. Agrawal, R. Kumar, and H. J. Lee, “Defending against ransomware: A systematic survey,” IEEE Access, vol. 9, pp. 437–456, 2021.
    3. A. K. Sood and R. J. Enbody, “Targeted cyberattacks: A superset of advanced persistent threats,” IEEE Security & Privacy, vol. 17, no. 1, pp. 16–25, Jan.–Feb. 2019.
    4. J. M. Such, A. Gouglidis, W. Knowles, C. Misra, and A. Rashid, “Information security in the Internet of Things: A systematic literature review,” ACM Computing Surveys, vol. 53, no. 6, pp. 1–55, 2021, https://doi.org/10.1145/3417990.
    5. A. Javaid, M. K. Khan, I. Ali, and A. Hameed, “Cybersecurity for healthcare IoT: A survey of trends, technologies, and future challenges,” IEEE Access, vol. 11, pp. 78965–78985, 2023.
    6. S. Tuli, R. Mahmud, and R. Buyya, “FogBus2: A lightweight and distributed blockchain-based framework for edge and IoT applications,” IEEE Transactions on Industrial Informatics, vol. 18, no. 8, pp. 5476–5487, 2022.
    7. Y. Meidan et al., “N-BaIoT: Network-based detection of IoT botnet attacks using deep autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12–22, 2018, https://doi.org/10.1109/MPRV.2018.03367731.
    8. N. Moustafa, B. Turnbull, and K.-K. R. Choo, “An ensemble intrusion detection technique based on feature reduction and LSTM recurrent neural networks,” Information Fusion, vol. 41, pp. 145–160, 2018, https://doi.org/10.1016/j.inffus.2017.09.004.
    9. I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in Proc. ICISSP, 2017, pp. 108–116. https://doi.org/10.5220/0006639801080116.
    10. Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An ensemble of autoencoders for online network intrusion detection,” in Proc. NDSS, 2018, https://doi.org/10.14722/ndss.2018.23204.
    11. M. Roesch, “Snort—Lightweight intrusion detection for networks,” in Proc. USENIX LISA, 1999, pp. 229–238.
    12. S. A. R. Shah and B. Issac, “Performance comparison of intrusion detection systems and application of machine learning to Snort,” Future Genera-tion Computer Systems, vol. 80, pp. 157–170, 2018, https://doi.org/10.1016/j.future.2017.10.016.
    13. S. K. Lo, Q. Lu, and C. Wang, “Blockchain for cybersecurity in IoT networks: Current trends and future directions,” IEEE Internet of Things Mag-azine, vol. 5, no. 1, pp. 42–47, 2022, https://doi.org/10.1109/IOTM.001.2100078.
    14. M. S. Raj, V. Chamola, and D. N. Kumar, “Blockchain-assisted forensic frameworks for ransomware mitigation,” IEEE Access, vol. 11, pp. 89451–89463, 2023.
    15. M. Qi, Y. Zhang, and X. Chen, “Privacy protection for blockchain-based healthcare IoT systems,” IEEE/CAA Journal of Automatica Sinica, vol. 11, no. 4, pp. 985–1002, 2024. https://doi.org/10.1109/JAS.2022.106058.
    16. H. Al-Balasmeh, “Blockchain-enabled cybersecurity and data privacy solutions for smart cities,” in Proc. IEEE ICETAS, Bahrain, 2024, pp. 1–9, https://doi.org/10.1109/ICETAS62372.2024.11120069.
    17. H. Hindy, E. Bayne, and X. Bellekens, “A taxonomy of machine learning in cybersecurity,” IEEE Access, vol. 9, pp. 113–145, 2021, https://doi.org/10.1109/ACCESS.2021.3123565.
    18. P. Coles, An Introduction to Statistical Modeling of Extreme Values. Springer, 2001. https://doi.org/10.1007/978-1-4471-3675-0.
    19. M. Castro and B. Liskov, “Practical Byzantine fault tolerance,” in Proc. OSDI, 1999, pp. 173–186.
    20. K. Scarfone and P. Mell, “The WannaCry ransomware attack: Lessons learned in healthcare,” IEEE Security & Privacy, vol. 17, no. 5, pp. 72–78, 2019.
    21. A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computing for the Internet of Things: Security and privacy issues,” IEEE Internet Compu-ting, vol. 21, no. 2, pp. 34–42, 2017. https://doi.org/10.1109/MIC.2017.37.
    22. L. Xiao, Y. Li, G. Han, G. Liu, and W. Zhuang, “PHY-layer spoofing detection with reinforcement learning,” IEEE Transactions on Vehicular Technology, vol. 65, no. 12, pp. 10037–10047, 2016. https://doi.org/10.1109/TVT.2016.2524258.
    23. R. Roman, J. Lopez, and M. Mambo, “Mobile edge computing, fog et al.: A survey and analysis of security threats,” Future Generation Computer Systems, vol. 78, pp. 680–698, 2018. https://doi.org/10.1016/j.future.2016.11.009.
    24. A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in Internet of Things: Challenges and solutions,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 2731–2763, 2018.
    25. X. Xu et al., “A taxonomy of blockchain-based systems for architecture design,” IEEE Access, vol. 7, pp. 184856–184881, 2019.
    26. Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities: A survey,” International Journal of Web and Grid Ser-vices, vol. 14, no. 4, pp. 352–375, 2018. https://doi.org/10.1504/IJWGS.2018.095647.
    27. R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Computing Surveys, vol. 46, no. 4, 2014. https://doi.org/10.1145/2542049.
    28. M. Conti, S. Kumar, C. Lal, and S. Ruj, “A survey on security and privacy issues of blockchain technology,” IEEE Communications Surveys & Tu-torials, vol. 20, no. 4, pp. 3416–3452, 2018. https://doi.org/10.1109/COMST.2018.2842460.
    29. A. Reyna et al., “On blockchain and its integration with IoT: Challenges and opportunities,” Future Generation Computer Systems, vol. 88, pp. 173–190, 2018. https://doi.org/10.1016/j.future.2018.05.046.
    30. H. Dai, Z. Zheng, and Y. Zhang, “Blockchain for Internet of Things: A survey,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8076–8094, 2019. https://doi.org/10.1109/JIOT.2019.2920987.
    31. M. Abomhara and G. M. Køien, “Cyber security and the Internet of Things: Vulnerabilities, threats, intruders and attacks,” Journal of Cyber Secu-rity and Mobility, vol. 4, no. 1, pp. 65–88, 2015. https://doi.org/10.13052/jcsm2245-1439.414.
    32. A. Behl and K. Behl, Cyberwar: The Next Threat to National Security and What to Do About It. Oxford Univ. Press, 2017.
    33. E. G. Learned-Miller et al., “Anomaly detection in network traffic: A survey,” IEEE Communications Surveys & Tutorials, vol. 23, no. 3, pp. 1889–1934, 2021.
    34. K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016. https://doi.org/10.1109/ACCESS.2016.2566339.
    35. U.S. Food and Drug Administration (FDA), “Medical Device Overview and Classification,” FDA, Silver Spring, MD, USA, 2023. [Online]. Avail-able: https://www.fda.gov/medical-devices/overview-device-regulation/classify-your-medical-device.
    36. International Electrotechnical Commission, IEC 80001-1:2010, “Application of risk management for IT-networks incorporating medical devices,” IEC, Geneva, Switzerland, 2010.
    37. J. Lin et al., “A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications,” IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1125–1142, 2017. https://doi.org/10.1109/JIOT.2017.2683200.
    38. Y. Meidan et al., “ProfilIoT: A machine learning approach for IoT device identification based on network traffic analysis,” in Proc. ACM SAC, 2017. https://doi.org/10.1145/3019612.3019878.
    39. N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection,” Military Communications and Information Systems Conference, 2015. https://doi.org/10.1109/MilCIS.2015.7348942.
    40. R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” IEEE Symposium on Security and Privacy, 2010. https://doi.org/10.1109/SP.2010.25.
    41. R. Sommer and V. Paxson, “Enhancing byte-level network intrusion detection signatures with context,” ACM CCS, 2003. https://doi.org/10.1145/948143.948145.
    42. G. Gu, R. Perdisci, J. Zhang, and W. Lee, “BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detec-tion,” USENIX Security Symposium, 2008.
    43. E. Bertino and N. Islam, “Botnets and Internet of Things security,” Computer, vol. 50, no. 2, pp. 76–79, 2017. https://doi.org/10.1109/MC.2017.62.

  • Downloads

  • How to Cite

    Al-Balasmeh, H. (2026). A Blockchain-Enabled Severity-Aware Framework for Ransomware Resilience in Healthcare IoT. International Journal of Basic and Applied Sciences, 15(1), 136-147. https://doi.org/10.14419/egdvhq50