AY Abdulai Yakubu
Back to Blog

Oct 2025 · 7 min read

Federated Learning Meets IoMT Security

How privacy-preserving AI can protect connected medical devices without sacrificing performance.

The Internet of Medical Things (IoMT) is transforming healthcare — from wearable ECG monitors to smart infusion pumps, connected devices are generating an unprecedented volume of clinical data. But this connectivity also creates an enormous attack surface. Traditional centralised machine learning approaches to intrusion detection require pooling sensitive patient data in one location, which introduces privacy risks, regulatory hurdles, and single points of failure.

Federated learning (FL) offers a compelling alternative: train AI models across distributed edge devices without ever sharing raw data. In this post, I'll explore why FL is particularly well-suited to IoMT security and what challenges remain.

The Problem with Centralised Security Models

A hospital network might deploy hundreds of IoMT devices across departments — each generating network traffic, telemetry, and sensor readings. To build an intrusion detection system (IDS), the conventional approach is to aggregate all this data in a central server, train a classifier, and push the model back to endpoints.

This centralised pipeline has three critical weaknesses:

  • Privacy exposure — Transferring raw patient-adjacent data to a central server risks violating HIPAA, GDPR, and other data protection regulations.
  • Bandwidth bottleneck — IoMT devices on hospital Wi-Fi or cellular networks cannot continuously stream high-volume data without degrading clinical operations.
  • Single point of failure — If the central server is compromised, the entire security model is exposed, along with the training data.

How Federated Learning Changes the Game

In a federated setting, each IoMT device (or a local edge gateway) trains a lightweight model on its own data. Only the model updates — gradients or weight deltas — are sent to a central aggregator, which combines them into a global model using algorithms like FedAvg or FedProx. The raw data never leaves the device.

For healthcare security, this architecture provides several advantages:

  • Data stays local — Patient vitals, device logs, and network traffic remain on-premises, satisfying regulatory requirements by design.
  • Diverse threat coverage — Each device sees different traffic patterns and attack vectors. Aggregating model updates (not data) allows the global model to learn from this diversity without exposing any single device's data.
  • Resilience — The system can continue learning even if individual devices go offline, which is common in hospital environments where devices are mobile or intermittently connected.

Real Challenges in Federated IoMT Security

1. Non-IID data distributions

IoMT devices are heterogeneous — a pulse oximeter generates fundamentally different data than a network-connected MRI machine. This non-IID (non-independent and identically distributed) data makes federated aggregation harder. Standard FedAvg can diverge when local data distributions are highly skewed. Techniques like personalised federated learning and clustered aggregation are active research areas addressing this.

2. Adversarial participants

What if a compromised device sends poisoned model updates to the aggregator? Byzantine-robust aggregation methods — such as trimmed mean, Krum, or norm-clipping — help filter out malicious contributions, but they add computational overhead and may reduce model accuracy when the number of honest participants is small.

3. Communication efficiency

Even sending model updates can be expensive for resource-constrained devices. Gradient compression, quantisation, and sparse updates are essential for making FL practical on devices with limited power and bandwidth. In our experiments, applying top-k sparsification reduced communication costs by over 80% with less than 2% accuracy loss on an IoMT anomaly detection task.

4. Post-quantum secure aggregation

Secure aggregation protocols ensure the central server cannot inspect individual model updates, only the aggregate. Most current implementations rely on classical cryptographic primitives (Diffie-Hellman, secret sharing). As quantum threats grow, these need to be replaced with post-quantum alternatives — an area where lattice-based schemes show particular promise due to their natural support for additive homomorphism.

Combining FL with Post-Quantum Authentication

An interesting convergence is emerging between federated learning and post-quantum security. Before model updates can be aggregated, devices must authenticate themselves — proving they are legitimate participants and not adversaries injecting poisoned gradients. Our work on RLWE-based mutual authentication (QRMA-IOMT) fits naturally into this pipeline: each device authenticates using a quantum-resilient protocol before participating in the federated round.

This creates a layered defence:

  • Layer 1 — Authentication: Post-quantum mutual authentication ensures only legitimate devices join the federation.
  • Layer 2 — Secure aggregation: Lattice-based secure aggregation protects model updates during transmission.
  • Layer 3 — Anomaly detection: The federated model itself detects intrusions and anomalies across the IoMT network.

Looking Ahead

Federated learning is not a silver bullet — it introduces its own complexity around convergence, fairness across devices, and trust management. But for healthcare environments where data privacy is non-negotiable and devices are distributed by nature, it's one of the most promising paradigms we have.

The next frontier is making these systems simultaneously privacy-preserving, communication-efficient, and quantum-resilient. That's a tall order, but the stakes — patient safety and trust — demand nothing less.