A study into data analysis and visualisation to increase the cyber-resilience of healthcare infrastructures

In May 2017, a global ransomware campaign adversely affected approximately 48 UK hospitals. Response to the WannaCry cyber-attack resulted in many hospital networks being taken offline, and non-emergency patients being refused care. This is a clear example that data behaviour within healthcare infrastructures needs to be monitored for malicious, erratic or unusual activity. There is a perceived lack of threat within healthcare organisations with regards to cyber-security. Hospital infrastructures present a unique threat vector, with a dependence on legacy software, medical devices and bespoke software. Additionally, many PCs are shared by a number of users, all of whom use a variety of disparate IT systems. Every healthcare infrastructure configuration is unique and a one size fits all security solution cannot be applied to healthcare. Existing cyber-security technology within hospital infrastructures is typically perimeter-focused. Once a malicious user has compromised the boundary through a backdoor, there is a lack of security architecture monitoring active potential threats inside the network. Therefore, this paper presents research towards a system, which can detect unusual data behaviour through the use of advanced data analytics and visualisation techniques. Machine learning algorithms have the capability to learn patterns of data and profile users' behaviour, which can be represented visually. The proposed system is tailored to healthcare infrastructures by learning typical data behaviours and profiling users. The system adds to the defence-in-depth of the healthcare infrastructure by understanding the unique configuration of the network and autonomously analysing.