Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems

The growing use of Internet of Things (IoT) technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT (mIoT) devices exposes patient data to cyber threats. This study investigates such vulnerabilities through a real-time Man in the Middle (MITM) attack simulation and evaluates lightweight AES-128 encryption on low-cost devices.A prototype mIoT device was built with a NodeMCU ESP8266 and sensors for heart rate and temperature. In controlled lab conditions simulating local healthcare networks, unencrypted data transmissions were intercepted and altered using common tools (Bettercap, Wireshark). After AES-128 encryption was applied, all transmissions became unreadable and tamper attempts failed, demonstrating its effectiveness.Performance costs were modest, latency rose from 80 ms to 125 ms (56.25 percent increase) and CPU use from 30 percent to 45 percent, but system stability remained intact. Device cost stayed under 18,000 NGN (about 12 USD), making it feasible for Nigeria's resource constrained facilities.A survey of healthcare professionals showed moderate awareness of IoT-related risks but strong support for encryption and staff training. Barriers included limited budgets and technical complexity.The study concludes that lightweight AES-128 encryption provides practical, low-cost protection against common attack vectors while maintaining operational efficiency. Feedback from professionals highlights the urgency of improving security awareness and establishing guidelines for clinical deployment.