Qatar Computer Research Institute (QCRI), a part of Hamad Bin Khalifa University, has introduced a number of innovative solutions to combat cyberattacks, especially on the healthcare systems, Gulf Times has learnt.

"Cyberattacks on healthcare systems are on the rise globally and amid the widespread disruption of the pandemic, cybercriminals have launched complex and co-ordinated attacks – from financial threats to those targeting privacy," according to Dr Ahmed Elmagarmid, founding executive director, QCRI.

“There is no silver bullet for the growing global cybersecurity challenges that we face today. Instead, we must analyse the unique challenges facing healthcare systems and adapt existing solutions or develop new ones to address each of them. To a certain degree, cybersecurity is becoming more of a data analytics problem.”

The new tools include QCRI’s ‘guilt-by-association’ tool used to identify suspicious domains or predict malicious attacks by analysing the previous movements of the domain address.

QCRI has built another tool to utilise enterprise data logs to identify dormant attackers and amplify low attack signals within the enterprise network.

A third invention offers actionable recommendations to take down attack sources based on the type of hosting infrastructure, while minimising the collateral damage to benign providers and customers. Another tool offers a new technology that identifies unwanted e-mails solely from their headers and enterprise communication patterns. The solution is valuable when end-to-end e-mail encryption is used, which restricts access to the full email content to the sender and receiver alone.

Through its ongoing project, SIHA (System for Integrated Health Analytics), in collaboration with Hamad Medical Corporation, Sidra Medicine, and others, QCRI is confronting many of the challenges facing the next generation of health solutions. SIHA (health in Arabic) combines data from wearables, smart health IoT devices, and medical devices with other sources to deliver predictive analytics using machine learning.

Dr Faisal Farooq, principal scientist and head of the Centre for Digital Health and Precision Medicine, QCRI, compared SIHA with typical enterprise health systems, “Systems like SIHA are connected to consumer devices over potentially multiple heterogeneous and open networks, making them vulnerable to cyberattacks and exposing protected health information in the public domain. To safeguard against this, QCRI deploys data encryption techniques, multilevel authentication mechanisms, and adherence to the stringent security standards of the health domain.”

Dr Elmagarmid says that the health sector has unique vulnerabilities, providing very large attack surfaces because of the number of diverse interacting entities, the fast adoption of the Internet of Things and remote connectivity. Insider breaches and compromised credentials also pose very real threats, as different entities access electronic medical records, often with conflicting interests.

He supports the zero-trust model adopted by Qatar, a holistic approach to cybersecurity involving several technologies and processes through which access to all resources can be authenticated and verified. The approach combines a "least privilege model" and access control, with logging and inspecting all activities performed using security analytics. Qatar has also launched the National Security Operations Centre, which logs and inspects activities, as well as applying regular authentication and security solutions.

Dr Issa M Khalil, principal scientist, QCRI, noted: “I agree that the solution to solving the problem of attack attribution is technical, but novel technical solutions have to go hand in hand with stakeholder collaborations, both nationally and internationally.”

Among these novel solutions, according to Dr Khalil, are private data sharing and analytics. Federated learning, searching encrypted data, and content-agnostic detection of indicators of compromise, combined with big data curation and advanced machine learning algorithms, can enable real-time monitoring, logging, and correlation of logs across different vantage points. Such a combined effort could help in connecting the dots and tracing attack actions to the infrastructure exploited an important step towards attribution.

“Ecosystems like those driving SIHA present unique security and privacy challenges that require further research and standardisation of protocols to instill trust in users – consumers and healthcare providers. Like other domains, it is impossible to ensure security attacks never happen in healthcare systems. What’s important is how we respond to such attacks. Healthcare systems need to be constantly monitored, so attacks can be detected on time and their impact mitigated,” Dr Elmagarmid said.