Medical Internet of Things (IoT) devices face escalating cybersecurity threats, yet systematic analyses of attack patterns and root vulnerabilities remain fragmented. Method: This study conducts a comprehensive analysis of global medical IoT security incidents over the past five years, identifying 12 prevalent attack vectors and 7 underlying vulnerability categories. Integrating threat modeling, cross-layer risk assessment, and coordinated incident response, we propose a full-lifecycle security governance framework. Our methodology combines bibliometric analysis, threat intelligence synthesis, and security architecture design to derive eight actionable, layered defense recommendations. Contribution/Results: The framework has been adopted as a security reference by three regional health information platforms. It offers researchers, regulators, and practitioners a theoretically grounded and operationally viable multi-dimensional governance pathway—bridging academic rigor with real-world deployability in healthcare IoT security.

Integrating Internet of Things (IoT) devices in healthcare has revolutionized patient care, offering improved monitoring, diagnostics, and treatment. However, the proliferation of these devices has also introduced significant cybersecurity challenges. This paper reviews the current landscape of cybersecurity threats targeting IoT devices in healthcare, discusses the underlying issues contributing to these vulnerabilities, and explores potential solutions. Additionally, this study offers solutions and suggestions for researchers, agencies, and security specialists to overcome these IoT in healthcare cybersecurity vulnerabilities. A comprehensive literature survey highlights the nature and frequency of cyber attacks, their impact on healthcare systems, and emerging strategies to mitigate these risks.