Abstract: Despite the significant benefits that the Internet of Healthcare Things (IoHT) offered to the medical sector, there are concerns and risks regarding these systems which can delay their wide deployment as they handle sensitive and often lifecritical medical information. In addition to the IoHT concerns and risks, there are security constraints which include hardware, software, and network constraints that pose a security challenge to these systems. Therefore, security measures need to be deployed that can overcome the concerns, mitigate the risks, and meet the constraints of the IoHT. For these reasons, a subclasses intrusion detection system for the IoHT is proposed in this research work based on a novel variation of the standard one-class support vector machine (OSVM), namely, deep subclass dispersion OSVM (Deep SDOSVM), which considers subclasses in the target class, i.e., normal class, in order to minimize the data dispersion within and between subclasses, thereby improving the discriminative power and classification performance of the intrusion detection system. A deep clustering model is used for subclasses generation in the proposed Deep SDOSVM approach, namely, the dynamic autoencoder model (DynAE), to overcome the drawbacks of the classical clustering algorithms and further enhance the classification performance of the intrusion detection system. The proposed deep clustering subclasses intrusion detection system was evaluated on the real-world TON_IoT data set and compared to other state-of-the-art one-class classifiers. Experimentation results have shown that the proposed approach outperformed the other relevant one-class classifiers for network intrusion detection.