Trustworthy and Ethical AI for Intrusion Detection in Healthcare IoT (IoMT) Systems: An Agentic Decision Loop Framework

The rapid expansion of Internet of Medical Things (IoMT) ecosystems has intensified cybersecurity challenges in healthcare settings, where network disruptions can compromise clinical safety and operational continuity. Traditional intrusion detection systems (IDS) often achieve high classification accuracy but remain vulnerable to unsafe behaviors, including false escalations, excessive blocking, and inconsistent threat triage. This study proposes a trustworthy and ethically aligned multi-agent IDS framework for healthcare environments, integrating a calibrated supervised detector, a Deep Q-Network (DQN) triage agent, and a governance layer grounded in the NIST AI Risk Management Framework. The framework is evaluated using the CIC-IoMT 2024 dataset for in-domain training, the CSE-CIC-IDS2018 dataset for domain-shift testing, and contextual clinical indicators derived from the MIMIC-IV database. To comprehensively assess ethical and operational reliability, the study introduces four novel governance metrics: Ethical Compliance Rate (ECR), Governance Compliance Index (GCI), False Escalation Rate (FER), and Cross-Domain Adaptation Score (CAS). Experimental results demonstrate strong performance, with an accuracy of 0.983, a weighted F1-score of 0.978, an ECR of 0.990, and a FER of 0.021, indicating high compliance with safety and proportionality constraints. Compared to baseline classifiers, including standard Random Forest and gradient boosting models, the proposed framework exhibits superior adaptability and governance alignment under domain shift conditions. These findings underscore the value of embedding ethical oversight and operational context into reinforcement learning to enable safer, more resilient, and transparent intrusion detection in real-world healthcare IoT deployments. The implementation code is publicly available at: https://doi.org/10.6084/m9.figshare.30686600.