UniNewsletter - Logo
Login/Register as an

Building Cyber Resilience in Healthcare Cyber-Physical Systems Using Causal Bayesian Inferencing

Building Cyber Resilience in Healthcare Cyber-Physical Systems Using Causal Bayesian Inferencing

Cyberattacks on healthcare systems are no longer isolated events, they are a growing global threat. Hospitals, once seen as safe havens, now operate in a digital battlefield where malicious actors target critical systems for profit, disruption or even geopolitical leverage. As a surgical clinician in the UK’s National Health Service (NHS) and a PhD researcher at Imperial College London, I have witnessed first-hand the delicate balance between technology, patient safety and service continuity.

Healthcare’s vulnerability has been exposed time and again. A historical precedent was set by the 2017 WannaCry ransomware attack , which disrupted operations across the NHS. More recently, the Synnovis ransomware attack shut down pathology services in Southeast London and marked the first patient death in the NHS directly attributed to a cyberattack. Meanwhile, the 2024 cyberattack on Ascension disrupted clinical services across 19 U.S. states. Even more severe was the breach of Change Healthcare , a subsidiary of UnitedHealth Group, which halted billing and prescription processing nationwide, with economic losses estimated at nearly $2.5 billion. The 2021 cyberattack on Ireland’s Health Service Executive (HSE) brought its IT systems to a halt for weeks, costing an estimated €100 million in recovery and causing massive service backlogs. And in 2020, a ransomware attack on Düsseldorf University Hospital in Germany was linked to a patient death, one of the first known fatalities associated with a cyber incident.

These examples highlight a critical truth: healthcare is an attractive, high-value target, yet its resilience planning often lags behind other critical sectors like finance or energy. Unlike those industries, hospitals cannot simply “shut down” systems for upgrades or testing; lifesaving care must continue, often under extreme constraints.

As a result, cybersecurity initiatives across the NHS have evolved with increasing focus. The UK’s newly elected Labour Government has proposed a Cyber Security and Resilience Bill aimed at fortifying the nation’s critical digital infrastructure, including health services. These developments signal a growing recognition of the NHS’s cyber vulnerabilities at the highest levels of government.

In this context, my research examines the resilience of cyber-physical systems (CPS) in healthcare, exploring the question: If a cyberattack disrupts a single device or CPS component, how might that failure cascade through a hospital’s interconnected equipment, and what implications would this have for patient safety?

CPS in the healthcare infrastructure integrates digital computing, networking and physical medical devices into a tightly connected ecosystem that supports patient care. Examples include networked infusion pumps, surgical robots and remote patient monitoring systems, where both the software and physical components must work flawlessly to ensure safety and effectiveness.

In my PhD, I model NHS service resilience during cyberattacks, mapping how disruptions cascade through clinical, infrastructural and logistical layers. This involves building a Bayesian network model to quantify risk pathways, identify single points of failure and test intervention strategies. Resilience is not just about restoring systems quickly; it’s about ensuring that core functions such as emergency surgeries, intensive care and diagnostics can continue even when digital systems fail. And more so, lessons must be learned so the system can resume its operations post-disruption with enhanced performance compared to pre-disruption.

My approach uses probabilistic modelling, like causal Bayesian inferencing to simulate “what if” scenarios. The idea is to compute both the likelihood of different types of failures and the potential knock-on effects across a network of systems. This lets us estimate not just whether a device might fail in a cyberattack, but how that failure might ripple through the ecosystem and ultimately impact patients.

My supervisors at Imperial College London Dr. Mireille El-Hajj, Dr. Saira Ghafur and Dr. Jose Escribano bring expertise from healthcare cybersecurity, systems modelling and mathematics. Together, we’re aiming to produce a tool that NHS trusts and policymakers can use to make more informed decisions about resource allocation, device procurement and contingency planning.

The urgency is clear. Cyberattacks on healthcare are increasing in frequency, scale and sophistication. The financial cost is staggering, but the human cost is incalculable. My aim is to provide evidence-based strategies that take a probabilistic view of cyber-physical risks, not just locking down devices and IT systems, but modelling how disruptions ripple through care pathways ¾ with patients’ safety as the primary focus. By framing resilience in terms of clinical priorities, and by demonstrating how probabilistic modelling can inform decisions about where to invest in defences, the work can encourage stronger clinical buy-in and alignment between technical teams and medical leadership. A significant future application envisioned through my work is the strategic deployment of Bayesian inference models. These advanced statistical frameworks will be instrumental in training sophisticated models to analyze and interpret vast datasets, particularly in the domain of cyber-physical breaches. This critical application extends to various sectors, with a particular focus on medicine and healthcare.

By leveraging the predictive power of Bayesian inference, these models will be able to identify patterns, detect anomalies and forecast potential vulnerabilities within complex cyber-physical systems. The insights gleaned from such analyses will be crucial for informing better decision-making processes. In the context of medicine and healthcare, this translates to enhanced security protocols for medical devices, patient data, and critical infrastructure. The ability to predict and mitigate cyber-physical threats will safeguard patient safety, maintain data integrity and ensure the uninterrupted delivery of essential healthcare services, thereby solidifying the resilience of this vital field.

This study is as much about resilience as it is about cybersecurity. It’s about recognizing that in the 21st century, patient safety depends on both surgeons and servers, both anesthetists and algorithms and that securing cyber-physical systems must start from the question, “What keeps our patients safe?” rather than only “What keeps our systems online?” By learning from the failures and successes of the past, and by bridging clinical insight with cyber risk modeling, we can build a healthcare system ready to withstand the digital storms of the future.