HCCNet

Cyber attacks on health systems, including data breaches, ransomware, and total account takeovers, among many others, have increased exponentially over the last few years. Healthcare organizations suffered approximately 1,426 attacks per week in 2022, a 60% increase over the previous year. While the average cost of data breaches across all industries is $4.45 million, health sector breaches cost about $10.93 million to resolve in 2023, increasing 8.2% from 2022 and by more than 53% from the previous three years. This places enormous strain on already fragile and resource constrained health systems. 

A study by IBM concluded that 95% of cybersecurity breaches (systems, networks, devices etc.) are because of employee error. A second study from Stanford University found that human error enabled 88% of data breaches (sensitive data and information). 

Cyber attacks on health infrastructure directly impact human lives and the death toll as a result, is increasing. Ransomware attacks - losing access to vital medical records and service delivery systems deter providers from delivering critical care. A 2021 study from Proofpoint and the Ponemon Institute found that of more than 600 health care facilities surveyed, mortality rates increased at a quarter of the facilities following a ransomware attack. 

The nature of cyber attacks on health infrastructure is also evolving and becoming more sinister. Through modification attacks, cyber criminals are making changes to vital records which affect the care administered by practitioners. One report outlined how hackers can change the dosages of drugs delivered to patients and change the display to indicate that the safe amount was administered. In 2022, a 5-year old boy was administered five times the prescribed dosage of his medication because of a cyber attack. 

The last ten years ending in 2022, saw more than 385 million patient records impacted from cyber attacks. So far this year (Nov, 2023), more than 40 million have been impacted.

Cyber criminals are becoming more sophisticated and are utilizing Artificial Intelligence (AI) and Machine Learning (ML) to improve their methods. Phishing attacks are becoming more successful because of how detailed and targeted they are, using information about users to craft emails and scams that are difficult to identify as illegitimate. Additionally, they are using AI to rapidly generate malware, automate attacks, and for social engineering. 

Cybersecurity is a deeply unsexy field which is often overlooked, especially in health. Yet, it is critical to the functioning of any modern healthcare system. We intend to change that. 

HCCNet takes a bold and daring approach to reducing cyberattacks on  health systems, in ways that existing solutions have not been able to, most of which have proven to not be effective. As a result, the number of attacks are increasing. 

HCCNet encompasses a comprehensive suite of solutions, powered by AI, that learns from the tactics and methods - both historical and current, used by cyber criminals, to develop personalized and targeted tools for users. LLM models are trained on comprehensive databases of attacks, to identify the characteristics of the range of methods used by criminals - from malware code to social engineered phishing scams. Important to note, while the United States is subjected to majority of the cyber attacks directed at health systems, the malicious actors, including foreign state-sponsored cyber criminals, operate outside of the country. Their tactics and methodologies are also carefully crafted by penetrating health systems in other countries, prior to their attack on U.S.-based systems. This means that international intelligence sharing and a comprehensive global database of attacks, specific to health threats, are needed, but do not yet exist.

1) Social Engineering and Phishing Simulations: cyber criminals use information collected about individuals, to engineer scams requiring them to take some action. Our solution uses bleeding-edge data scraping techniques to gather personal information and automates the creation of phishing scams.  This allows us to map users' strengths and weaknesses, and develop personalized trainings to identify even the most legitimate looking attempts and what actionable steps should be taken. 

2) Personalized Cybersecurity Awareness Training: working in tandem with the personalized phishing simulations is our awareness training. HCCNet use the results from the simulations and data from the tactics of cyber criminals to develop training modules that are current and delivered through a gamified experience that is reward-based, iterative, and personalized to reinforce learning. 

3) Email Client Threat Identifier - Most email filtration and threat detection systems simply warn users of emails from outside of their organizations or block passage of potential threats from delivery into their inbox. Cyber criminals have become incredibly adept at bypass techniques to ensure delivery of phishing emails containing bugs. Our email client tool, trained on global data sources that are sector specific, will recognize threat characteristics and be better equipped to minimize any potential for user interactions.

4) Web Browser Extension: Our browser extension provides a convenient way for users to gain personalized detection. The plugin is platform-independent and not only detects threats, but provides detailed recommendations for users who want more than a yes/no answer.

5) Cybersecurity Game: The interactive game teaches through simulation, how to protect sensitive data and make it nearly impossible to break passwords. The game introduces ransomware, malware, and system vulnerabilities to test users’ skills and enables applications of cyber hygiene best practices to lock down security flaws before hackers exploit them. The action intensifies by level, where users leverage all their newly acquired skills to defeat a business-crippling attack.

Most health systems and organizations are overburdened and resource constrained. The cost of resolving data breaches and other cyber attacks places additional strain on these entities who need to divert precious resources to rectify the outcomes from the attacks. Healthcare organizations are also required to adhere to six federal mandates governing their cybersecurity. While everyone will need access to health care at various points in their lives, a paper in Nature Medicine outlined that the elderly and minority populations are most affected by cyberattacks because they are most targeted.  Additionally, access to sound healthcare is primarily available in urban centers, making it challenging for those who live in rural areas and those who are socioeconomically challenged, from accessing critical care. 

In recent years, there has been a sharp increase in telemedicine and telehealth, in part due to the pandemic, as providers sought alternative solutions to provide care to those who are unable to access those services, either because of distance, lack of financial resources, or because they are too fragile to travel. According to a report from the NIH, telemedicine use increased 766% in the months after the pandemic, up from just 0.3% of all interactions in 2019. The increase in cyberattacks on health infrastructure opens up new vulnerabilities on telehealth systems, thereby affecting those who need it most. 

HCCNet's suite of tools targets both the demand and supply side of healthcare. Our simulations and trainings can be used by healthcare workers and users of the services. Because we use generative AI to develop personalized training modules and simulations based on user information, the end product and the specific trainings will depend on whether the user is an employee or patient. This is important because the ability to create distinct trainings is critical for threat mitigation. The methods used by cyber criminals to attack employees are different from the ones used on users. No current training solutions make those distinctions.

Our solution is aimed at healthcare organizations who must protect their resources and in particular, those who have too few resources to weather the effects of successful cyber attacks and the users of the healthcare systems. 

Development of our solution requires proximity to both the providers of health services and the communities of people who utilize them, including those most at risk. We have worked and continue to work directly with the professionals in healthcare - physicians, executives, administrators, chief information and security officers - who have expressed frustration at the challenges they are up against and the solutions that are currently available. Our work with large multilateral organizations like the World Health Organization, where we lead the "AI for Health - Outbreak Detection" Topic Group, has positioned us to gain insight into those challenges at a global level and to contribute to possible solutions. This relationship is critical as we work toward the establishment of a global database of cyber threats. 

Similarly, our work in the US is hyperlocal, offering granular insights into the challenges health care workers face from the ground up. This is critical to overcome the challenge of completion, which many AI tools face. That is, they were not trained on comprehensive data which includes the characteristics and nuances of all the people they intend to serve. As a result, their solutions are bias. One project we have been working on with city leaders seeks to establish community data infrastructure specifically to improve health outcomes. Through this work, we have been actively engaged with both healthcare professionals and the communities that they serve. This has been invaluable as we learn and navigate systematic challenges and regulatory hurdles. Positively, it has made the move to establish specialized data sharing infrastructure for cybersecurity in health, more feasible. 

Both of these channels have been vital to our product validation and market analyses. We have identified a real need, worked with users on both the demand and supply sides to understand the challenges they face and what kinds of solutions make the most sense, and with their continued input, are building with them. 

Our solution will complicate life for cyber criminals in ways that have not been done before. The application of AI introduces a dynamic and adaptive layer of defense, addressing the evolving nature of cyber threats in healthcare. The solution takes a whole or systematic approach to the problem by establishing an ecosystem of tools targeting all possible entry points by cyber criminals, to mitigate their affects and powered by AI. 

Adaptive Threat Detection: using behavioral analytics, we can can analyze the behavior of users, devices, and networks to identify anomalies and potential security threats.

Continuous Monitoring and Real-Time Analysis: our AI-powered suite of tools enables real-time threat intelligence and continuous monitoring to enhance detecting and responding to emerging cyber threats.

Pattern Recognition and Anomaly Detection: we use machine learning algorithms to recognize patterns in our comprehensive datasets of cyber attacks in health, enabling the identification of anomalous activities indicative of cyber threats and the learning capabilities of the AI make them adaptable to new and evolving cyber threats, limiting the need for manual updates.

Phishing and Social Engineering: we are using Natural Language Processing to analyze and detect phishing attempts by scrutinizing the content and context of emails, messages, and communications. This works with user behavior analyses to identify patterns associated with social engineering attacks.

Dynamic Threat landscape Adaptability: our AI models will adapt to new and emerging threats by continuously learning from the evolving threat landscape, making them more resilient against zero-day attacks and previously unseen vulnerabilities.

As described in the previous question outlining our solution, Information and Security managers around the world are requesting solutions that are targeted and based on individual user profiles in the same way that cyber criminals are targeting them with personalized scams. Our models follow a similar strategy, to produce trainings and detection tools based on user profiles and having learned from criminal tactics. 

By moving in this direction, we are working to change the culture around how practitioners and users interact with and respond to cyber threats to reduce risk. The hope is that other suppliers in the space will take a similar approach, as well as contribute to our databases of health cyber threats. 

Finally, as simple as this sounds, it is not currently being done - providing real-world incentives for users of cybersecurity awareness training. Our gamified platform contains a store through which partnerships with companies, allows users to redeem collected "tokens' for completed modules, for real and exciting products. This helps to build engagement, a serious issue with current training platforms. 

Health care organizations are unable to provide critical services needed to ensure good health and well-being of individuals if they are under constant attack by cyber criminals and need to divert their precious few resources to resolve the outcomes of cyber breaches. 

We are contributing to establishing sustainable and resilient healthcare systems by bolstering the security, reliability, and resilience of healthcare systems through:

• Data Security to help protect health data
• Ensuring the continued availability of health services
• Maintaining trust in health systems
• Mitigating risk of system and data compromises

Our solution involves a combination of AI elements and techniques:

Machine Learning Algorithms for analyzing patterns of system and user behavior and detect anomalies that may indicate cybersecurity threats. Supervised learning is used to recognize and classify known types of cyber threats, improving the accuracy of threat detection.

Deep Learning Models including Neural Networks and Feature Learning are used for tasks such as image analysis, pattern recognition, and sequence modeling in cybersecurity, as well as extracting relevant features from large and complex datasets.

Natural Language Processing techniques are used for extracting relevant features from large and complex datasets. It is also used for understanding and analyzing natural language patterns in user communications to identify potential security threats.

Predictive Analytics for threat intelligence and risk assessment

We are working to use privacy-preserving techniques like homomorphic encryption to analyze encrypted data without decrypting it

A key differentiator of our solution is the use of AI on data from cyber attacks and not personal information. This adds an additional layer of security and privacy. Our AI tools are trained to recognize the digital footprint of threats, not the individuals perpetrating the attacks nor their targets. 

We are also exploring the best privacy-preserving techniques to protect our data.

Importantly, team members have contributed to significant scholarship on the use of AI in health in published academic papers, through my nonprofit organization, the Institute for Technology and Global Health, an applied research organization:

• Ethics Principles for Artificial Intelligence–Based Telemedicine for Public Health
• The AI Ethics Principle of Autonomy in Health Recommender System
• Beyond Bias and Discrimination: Redefining the AI Ethics Principle of Fairness in Health

With several more research studies in the pipeline. 

The principles outlined in the above papers guide our practice as we shape our solution. That said, we do anticipate some amount of personal data to be included in our databases eventually. We have plans to develop risk mitigation and management frameworks but will need to first complete the development process and see how they are performing. 

Operationally, over the next year, we intend to: 

• Establish databases, network of data contributors, and education programming (The utility of this is outlined in solution overview)
• Access historical data on cyber attacks to begin training our models to detect threats
• Complete development of MVP solution suite
• Launch and pilot non-generative AI training modules for testing of gamification features
• Work with a minimum of ten health care organizations to test solution suite

These activities will take up significant bandwidth. However, direct impact on health outcomes will come from the sharing of information on current cyber attacks through our education programming network, which partner organizations' information security personnel could use to preempt cyber attacks.

In five years, we anticipate significantly scaling our solution, based on engagements with partners and the need for alternative solutions to what is currently available. We are confident that we can significantly reduce the number of successful cyber attacks on healthcare infrastructure, reduce the cost to resolving the attacks and saving resources in the process, which can be used to improve and expand care to those who need it. 

Two full-time, one part-time, and three contributors  

Developing the products since 2023, however, the background work including scientific research in the field, market analyses, and product validation, since 2022. 

As a minority founder, diversity, equity, and inclusion is central to our mission for several reasons. The ability to provide critical and inclusive solutions means engagement with diverse populations, whose concerns and challenges are built into the development of any solutions, so that they too are able to benefit and not be victims of technology bias. 

2) We do not believe that women are not technology proficient. Having ran a STEM summer program on digital health, we were never short of brilliant, female applicants, who after participating in our program, went on to successful careers and top academic programs. Our methods of recruitment and facilitation from that program carries through in our search for inspired partners.

3) Half of our small team are women, which also includes black and mixed race women.  

3) Diverse teams are ALWAYS more fun! More fun = better culture = happy employees = more productivity = solving more complex challenges = better health outcomes and society = living our best lives! 

Homogenous teams are so 2010! 

We need to establish two comprehensive databases on which to train our models. How we make this happen is as follows:

1) We currently work with the UN's global initiative on "AI for Health," a joint program between the World Health Organization, International Telecommunications Union, and World Intellectual Properties Office, where we lead the group on AI for Outbreak Detection. We are working to establish a new group within the initiative on AI for cybersecurity in health. This will enable us to establish a global database for cyber crime in health and have the global reach needed, through the organizations' extensive network.

2) For the US database, we are currently working on city level projects to develop infrastructure for data sharing to improve health outcomes, through a program at the Harvard Kennedy School. One dimension of the data to be collected is on cyber crime against health care systems and organizations. We currently have four cities working on this effort: Washington DC, Baltimore, Baton Rouge, and Denver, with more expressing interest. 

This activities are significant because it helps us overcome what would otherwise be a significant barrier to developing our solution, which is getting the data and ensuring that it is the right type of data. Through this work, we are uniquely positioned to develop these databases. 

Most of our effort currently is on partner (not "customer") development. Because we are working with partners to understand their challenges, get their input on what solutions make sense, and precisely how any solution would need to work in their respective systems, they have become champions of what we are developing, which will eventually evolve into our implementation pipeline. 

Internally, our work is split between:

Engineering - building the technology

Product development - developing the tools: awareness training modules, phishing simulations, email client integration, browser extension

Partner discovery: Developing our network of partners, building our programming for engagements, building an implementation pipeline

Funding: Applying for grants and awards for near term funding to cover operational needs

Having recognized the urgent need for cybersecurity innovations applied to health, there are several open calls for funding, ranging from government agencies, venture capitalists, academic institutions, foundations, and technology companies. For our first two years we anticipate applying for funding from some of these institutions to cover our low operational and development costs. In our second year of operations, we anticipate some sales of two products in our solution suite - cybersecurity awareness training and phishing simulations. These two products are included in the risk strategy of our partners and almost every healthcare organization, as a line of defense against cyber threats. They are heavily requested and are excited for our distinguishing features, outlined previously.

We have turned down venture capital funding for two reasons:

1) We have a bold vision that we intend to execute and are not interested in limiting the scope of that vision in the interest of near-term sales. 

2) We are not interested in diluting our equity pool within the first two years of operations

Beyond year three, we intend to rapidly scale our solution and will raise investment capital. We are also engaged in active discussions with federal agencies who are excited about our solutions, which could lead to government contracts by then.

In the long-run, our revenue pipeline will consist primarily of B2B sales and long-term government contracts. It is important to note that there exists six federal mandates on security that health organization must adhere to and there are over 20,000 accredited and certified health care organizations in the United States.

These costs are based on contractual agreements for the first year of operations and average costs of typical business expenses:

Development costs: $22,000

Human Capital: $55, 000

Business Expenses (Legal, supplies, etc.): $5000

Travel and Miscellaneous expenses: $5000

Total: $87,000

We are requesting $90,000 to continue our work over the next year. Our undertaking is bold but we are not discouraged. This estimate comes from the current market rates for development and other operational needs, as itemized above, and the cost of international travel to begin work on setting up a global database of cyberthreats at an upcoming convening of the WHO's initiative on AI for Health.

These are all invaluable to our startup. The funding and mentorship is an exciting prospect because it would help alleviate the cost burden, while the opportunity to learn from experienced executives who have built successful ventures could provide foresight and wisdom to avoid the typical mistakes founders make. Further, having a team space (in NYC!!) is exciting because of the proximity to the incredible innovations in health technologies taking place in the city and the receptivity of health care organizations to support bold ideas and solutions. 

Being in the NYC ecosystem of health technology startups provides unique opportunities for networking and partnerships. The energy from people working toward shared goals in a supportive environment could breed unforeseen innovations.