WEF: How Digital Twins Bring Cyber Resilience to Healthcare

Cyber attacks remain most potent where the leverage for ransom is the highest. 

Nowhere are the stakes higher than in the healthcare sector, which, unsurprisingly, is one of the most targeted sectors. 

Research from the World Economic Forum's Centre for Cybersecurity reveals that, in addition to holding patient health and safety hostage, cyber attacks in the healthcare sector are among the most expensive, with average incidents costing US$7.42m. 

Authored by Michael Siegel, Principal Research Scientist and Director MIT, and Dr Sander Zeijlemaker, MIT Sloan Cybersecurity Research Affiliate and Managing Director at Disem Institute, the research looks into opportunities for cyber resilience as threats compound.

Emerging vulnerabilities with technology  

As the healthcare sector rapidly transforms through digital innovation, services that were previously fragmented are now being integrated into centralised hubs. 

Integrated digital health platforms which have recently gained popularity also follow this trend of centralisation, storing large quantities of data for advanced analytics that is used for personalised health care. 

These trends – in addition to improving healthcare – also heighten risk exposure. The report reads: "Supply chain dependencies and third-party vulnerabilities create new entry points for adversaries, as evidenced by the sharp rise in supply chain attacks.”

Like many other fields, healthcare is embracing robotics, AI diagnostics and advanced medical devices to enhance the quality of care. While delivering better care, these capabilities also bring complex risks. 

Far from theory, related attacks have already had more than disruptive consequences – even contributing to the death of a patient due to delayed blood test results due to an NHS Ransomware attack in the UK. 

Research confirms severe patient safety exposure, with nearly 70% of healthcare organisations reporting patient care disruptions after cyber attacks. 

More than half (56%) reported they had experienced delayed procedures and a quarter (28%) observed increased mortality risk putting the severe impact of cyber attacks in perspective.

Digital twins for cyber resilience

To prepare the healthcare sector against amplifying cyber threats, the MIT CAMS forum, in collaboration with Dutch national security and healthcare agency Z-CERT, as well as the European cyber and healthcare platform EU-Health ISAC, developed a strategic digital twin.

Digital twins help “mirror real-world hospital ecosystems by linking patient flows with enterprise architecture, staffing patterns and financial performance”.

In the intricately-interconnected ecosystems of healthcare, recognising interdependencies is critical to “refine cyber-risk management strategies”.

Dr Sander and Michael note: “This gives leaders a safe, strategic environment to evaluate untested strategies, pressure-test investment decisions and sharpen organisational judgment without disrupting real-world operations or patient care.

“Interdependencies become visible, showing how decisions ripple across departments, partners and clinical pathways, while a dashboard can show how different strategies and budgets can be combined to defend against sophisticated ransomware threats and their relevant trade-offs.”

The visualisation of threats through dashboards can help leaders make informed decisions that least affect patients, systems and healthcare operations. 

Further, digital twins help healthcare leaders and cybersecurity teams to develop much-needed cyber strategies by simulating various attack scenarios, which can be used to separate the most effective strategies from counterproductive ones. 

Dr Sander and Michael adds: "They enable executives to see how investment decisions cascade across the organisation through targeted simulations; to prioritise budgets for maximum impact, faster response and improved clinical capacity; and to identify counterintuitive strategies that transform cyber‑risk management into a value driver for patient safety and care delivery.”