View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Darktrace
  1. Technology
  2. Cybersecurity
July 8, 2021updated 31 Mar 2023 9:10am

Protecting the cold chain: Why our health hinges on cyber resilience

The vaccination roll-out showed what can be achieved by world-leading expertise and technology, but also highlighted risks of cyberattack. AI must play a central role in optimising cold chain resilience.

By Pete Barden

In little over six months, more than two billion vaccines have been administered globally for a disease that emerged just 18 months ago.

Such speed of delivery is testament to the power of innovation and cooperation – from initial research by scientists, to production by manufacturing companies, storage and distribution by an extensive supply chain, and finally to local vaccine administration centres.

AI must play a central role in optimising cold chain resilience as the risk of cyberattack increases. (Photo by Apostle/Shutterstock)

Over the past several months, the global healthcare community has relied on this complex web of interconnectivity to deliver a critical way out of this pandemic: a safe and effective Covid-19 vaccine.

This has been no easy feat. Several of the vaccines available require extremely cold storage to remain viable, and underpinning the vaccine’s “cold” supply chain at every stage has been sophisticated technology.

Whether it is sensitive IP stored in the cloud and within emails, pharmaceutical manufacturing equipment producing the doses, or IoT sensors handling temperature controls, technology plays a critical role. But while every effort has been taken to ensure the security of this process, thousands of potential cyberattack vectors have emerged – with many still latent and unknown.

Throughout the pandemic, cybercriminals have continued to attack organisations across industries – including healthcare – capitalising on the fear and uncertainty brought by Covid-19. In addition, there has been a sharp increase in sophisticated supply chain attacks, targeting the underbelly of organisations through their suppliers and third parties, and even causing unintentional, yet far-reaching collateral damage – as seen recently following the devastating attack on Kaseya.

Even as the light at the end of the tunnel emerges, with more than 50% of Americans fully vaccinated, attackers will almost certainly pivot to new areas of the supply chain to exploit healthcare organisations. The key question is, what’s next?

Cold chain resilience only as strong as the weakest link

In the short term, vaccine ‘cold chains’ will likely continue to be a target of cyberattacks. According to the World Health Organisation, improper storage already results in the waste of 50% of global vaccines each year, and given the scale of the Covid-19 pandemic, this could mean the damage and waste of one billion vaccines

Hackers deliberately target the healthcare industry because they know that these organisations cannot afford to experience downtime – or worse, temperature and chemical manipulation. The breach of a Florida water treatment facility earlier this year demonstrated that cybercriminals can even gain remote access to digital infrastructure and systems – and often it’s only an obvious mistake on the part of the attackers which leads to the discovery of the threat. The consequences of a similar attack on a cold chain could be catastrophic.

However, despite the sophisticated technology involved in the medical cold chain, it’s frequently the simplest forms of entry that allow these attackers in, such as a phishing email or hacked password.

We have already seen state-sponsored attackers targeting Covid-19 supply chains. In September 2020, organisations across six countries were sent targeted malicious emails purporting to be from Haier Biomedica, a member company of the Cold Chain Equipment Optimization Platform (CCEOP) needed to keep vaccines at the low temperatures necessary for storage.

In this instance, the point of entry was a malicious email. The malicious communication, which appeared genuine, came with requests to participate in the CCEOP and contained attachments that displayed requests for security credentials under the guise of encrypted files.

Whether or not this malicious campaign had any impact is unclear, however, it demonstrates the very real threat that just a single point of entry could pose to an entire organisation.

In this new era of cyberattack, healthcare organisations must acknowledge a new reality where the question is not if, but when supply chains will be targeted, and indeed, whether an attacker could already be inside vital systems. Ten years ago, resilience meant having back-up files somewhere in the office – today it means being able to continue when cyberattacks strike not just your business but your suppliers too.

Cybersecurity must be top-of-mind for company boards, regulators, and security teams alike – with all links of the cold chain being held to the highest standards to ensure resilience.

Advancing with AI

With supply chain attacks on the rise, critical infrastructure including hospitals, medical facilities, and research centres could easily become targets, if not collateral damage. The extent of the escalating situation has proven that this is no longer a human scalable problem. Today’s attacks are outpacing even the most experienced defenders in their complexity, speed, and scale.

The solution is to deploy technologies that can respond autonomously to these threats when humans cannot. Technologies like AI are uniquely capable of learning how users and devices within an organisation’s digital environment behave, and all the connections between them. It can also use this understanding to detect the most subtle anomalies that other tools miss – all without relying on static rules, signatures, and lists of CVEs which, by design, can only surface historical threats.

But detection is half the battle. It’s all very well knowing that your organisation has been attacked, but being able to remediate it in real time is the key challenge – and one that can be solved with a unique solution – AI that learns ‘self’.

Self-learning AI can stop novel and highly targeted attacks in seconds – with minimal disruption to normal business operations. Proportionate and machine-speed response – known as autonomous response technology – ensures that hospitals and healthcare institutions can maintain regular operations, even when they or their suppliers are under attack.

The future of cold chain resilience

With the potential for supply chain compromise presenting an existential threat to national health, executives need to consider that advanced technologies like AI are not only critical against the escalating challenge of cyber-threats, but also fundamental enablers of national resilience.

With the clock ticking on in-progress threats, several security teams already leverage autonomous response time and time again to get ahead of attacks and ensure that vital medical treatment can go ahead with confidence – from the Covid-19 vaccine roll-out, to lung transplants, and IVF.

Now more than ever, artificial intelligence will be essential to protecting the cold chain as the healthcare sector battles against increasingly advanced threats.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.