How healthcare organisations are tackling cybersecurity challenges

In 2017, a Russian malware attack disabled 30,000 of Merck & Co’s computers and stopped its operations for two weeks. Merck estimated the damages at $1.4 billion. NotPetya, the malware employed in the attack, penetrated Microsoft systems that lacked a security patch.  

The damages included a loss of approximately $260 million in global drug sales in 2017, as Merck could not fulfill orders for products in certain markets. Expenses related to manufacturing and remediation efforts totaled $285 million in 2017. Additionally, the company’s 2018 drug sales were negatively impacted by approximately $200 million due to a residual backlog of drug orders.  

Merck was also unable to meet the demand for Gardasil 9, a vaccine against the human papillomavirus, due to the temporary production shutdown. As such, it borrowed Gardasil 9 from the US Center for Disease Control and Prevention’s (CDC’s) Pediatric Vaccine Stockpile. Merck replenished some of the borrowed doses in 2017, costing the company $125 million.  

Merck’s cyber insurer, Ace American, refused to cover the breach because the attack was part of an “act of war”, as the malware was created by the Russian military in 2017 to target Ukraine. Merck sued its insurance companies, and the New Jersey Superior Court ruled in Merck’s favor in December 2021. The company received a $1.4 billion payout. In early January 2024, Merck settled with other insurers. 

Many healthcare insurers have consequently updated their clauses around cyberattacks and acts of war.

In 2023, Palo Alto Networks, a US cybersecurity company, launched its zero-trust security solution for medical devices, Medical IoT Security. Zero trust is a cybersecurity framework and approach that removes the assumption of implicit trust in an organization. Employees must validate their credentials at multiple stages of digital interaction with a company’s applications. Zero trust always assumes an entity is untrustworthy until its credentials are verified. Zero trust adoption is increasing, and many view it as a long-term solution for organizations to protect themselves against cybersecurity breaches.   

The solution is intended to help healthcare organizations deploy and manage connected devices safely and easily. It uses ML to allow healthcare facilities to develop rules to monitor devices for behavioral anomalies, ultimately initiating the proper response. It automates zero trust policy recommendations for medical devices while also allowing the organization to access the software bill of materials (SBOM) for each medical device and map them to common vulnerability exposures. The solution further offers the risk profile of each device, including the end-of-life status, recall notifications, default password alerts, and potential for unauthorized communication with external websites. Healthcare facilities can visualize the connected devices and ensure that each is positioned in the appropriate network segment.   

Palo Alto Networks medical IoT tool aims to address the increasing cybersecurity demands within the medical devices sector by incorporating intelligence. The ultimate goal of this solution is to improve the patient and practitioner experience and bring devices into compliance with rules and regulations, such as HIPAA. The solution can be used with various healthcare information management systems to ensure use across multiple connected devices.

Milton Keynes University Hospital NHS Foundation Trust wanted to improve its cybersecurity approach, as attacks against hospitals were becoming increasingly sophisticated and common. The 2017 WannaCry ransomware attack on the NHS systems caused widespread disruption by encrypting patient data and rendering computer systems unusable, showcasing the need for cybersecurity in hospitals.  

The Milton Keynes Hospital decided to work with UK cybersecurity vendor Darktrace. The company offers unsupervised AI as part of its cybersecurity solutions, specifically in its Enterprise Immune System. Unsupervised AI refers to a type of ML algorithm that analyzes and clusters unlabeled datasets to discover hidden patterns or data groupings without human intervention.  

Unlike supervised learning, which uses labeled input and output data, unsupervised learning algorithms do not require pre-determined outputs and instead find similarities, patterns, or data groupings between data points. 

This system uses unsupervised ML to analyze normal work patterns across a client's digital environments, including the cloud, email, and IoT devices. It continuously monitors data flow across various platforms and learns on the job from everyday data, allowing it to identify and thwart cyber threats before they become a crisis.  

There are significant advantages to using Darktrace's unsupervised AI approach compared to traditional methods that rely on rules, signatures, and blacklists. Traditional methods often require prior set-up and can only detect known threats that they have been trained to recognize.  

However, Darktrace's unsupervised AI approach can combat novel cyber threats by establishing a baseline of normal behavior and identifying any anomalies without relying on pre-labeled data. This allows the system to detect and respond to emerging threats at the earliest stages, reducing the organization's downtime and resources required for IT security.   

By decreasing digital downtime, hospitals could improve patient care, increase operational efficiency, and reduce the risk of medical errors. Furthermore, the capacity that Darktrace’s system has to constantly be on watch has increased the capacity of the hospital’s security team, which can now be dedicated to other activities.