The escalating wave of cyber attacks targeting public and private sectors poses an unprecedented threat. This is readily apparent in healthcare, where securing patient data and building resilient systems is of the utmost importance. Across the UK, NHS trusts have repeatedly found themselves in the crosshairs of attackers, with dire consequences. A 2024 attack on an NHS supplier resulted in over 10,000 delayed appointments, almost 2,000 cancelled procedures, and real harm to patients in need of critical care, leading to an erosion of public trust.
This threat is only growing. Cyber criminals are growing bolder, sharing their knowledge to exploit vulnerabilities. In response, governments, healthcare organisations and technology firms, must rethink their approach to data security and collaboration. Only by securely sharing sensitive data using privacy-enhancing technologies (PETs) can companies build resilience against cyber threats while maintaining patient privacy, security and regulatory compliance. And PETs can also do so much more to enhance the field of medicine. They are the key to unlocking the power of data in healthcare without sacrificing privacy or security. From accelerating medical research to strengthening cybersecurity, PETs offer a future-proof solution for protecting sensitive information while driving innovation.
The fragmentation challenge in healthcare and the role of AI
The healthcare data ecosystem is fragmented across hospitals, research institutions, government agencies and the wider healthcare supply chain. This stifles efficiency, hinders patient care and limits medical breakthroughs, while also creating a rich set of targets for cyber criminals. AI and advanced analytics can transform healthcare and cyber security by unlocking critical insights, but only if trained on comprehensive, diverse datasets.
Solving this challenge requires a framework incorporating privacy, security, data sovereignty, and regulatory compliance. PETs – including homomorphic encryption, federated learning, and trusted execution environments – are a category of technologies that enable organisations to collaborate to generate insights from data without exposing it. By leveraging these technologies in healthcare, AI can deliver incredible outcomes without compromising privacy or security.
For instance, at Duality we worked with the Dana-Farber Cancer Institute in Boston to enable the use of PETs in collaborative work on cancer research, significantly improving patient outcomes. Dr Alexander Gusev from Dana-Farber notes: “Ongoing precision medicine studies can immediately benefit from these capabilities by enabling secure collaboration across clinical institutions… This technology can also empower patients to participate in research studies directly and receive personalised results knowing that their individual data will not be exposed.” Applied to cyber security, this approach enables the health data ecosystem to unite against cyber criminals while keeping data secure – a critical step towards building resilience.
Government-healthcare collaboration: The key to resilience
Strengthened resilience also hinges on collaboration between healthcare organisations and government agencies. Secure data-collaboration frameworks can enhance coordination during public health crises, improve disease surveillance and bolster emergency responses. This data is also siloed, and addressing this fragmentation through privacy-centric solutions is key to maintaining public trust.
By implementing these technologies, governments and healthcare institutions can balance security with innovation, ensuring that sensitive data remains protected while being utilised for the public good.
The cross-border healthcare data dilemma
In an increasingly interconnected world, international data collaboration is vital for medical research, patient care, and pandemic response. However, unharmonised data protection regulations create significant privacy and compliance challenges.
To address this, countries must establish frameworks for secure cross-border collaboration. The US-UK PETs Prize in 2023, sponsored by both governments, demonstrated how PETs can enable healthcare research. By embedding technology-driven privacy measures into international agreements, nations can foster a collaborative ecosystem that benefits both healthcare and cybersecurity.
Cyber criminals share data. So should we
One of the alarming realities of today’s cyber crime landscape is that cyber criminals share information. The dark web is rife with stolen medical records, lessons on ransomware techniques and data on network vulnerabilities, allowing attackers to stay ahead of security measures. The adage that “it takes a network to defeat a network” has never been more true.
By securely collaborating on threat intelligence, governments, healthcare providers and cybersecurity, firms can proactively identify risks and mitigate attacks. This requires trust between institutions and robust technological safeguards. PETs enable organisations to share cyber threat insights without exposing sensitive operational data, ensuring that intelligence flows freely while maintaining strict privacy controls.
Lessons learned: Secure data sharing in action
The Covid-19 pandemic highlighted the importance of secure data collaboration, from vaccine development to tracking the virus. As part of the response, we worked with the US Defense Advanced Research Projects Agency (DARPA) funded PET research, initially to study susceptibility to Covid-19 based on genetic data while preserving individual privacy. The same technology was then used to facilitate cyber threat intelligence sharing across sectors, and to train fraud and cyber detection models in financial institutions – resulting in models up to 300% more effective than those trained on isolated datasets.
All of which serve as proof points towards the versatility of PETs, and their vital role in strengthening resilience through enabling collaboration. The same technologies used to support public health also bolster cyber security, ensuring that data remains both usable and secure. Strengthening these capabilities will be key to responding to future crises effectively.
A future-proof solution
The fight against cyber crime in healthcare isn’t just about defending systems, it’s about protecting lives. Secure data collaboration between healthcare organisations, government agencies, and international partners is not “nice to have” – it is a necessity. However, this must be done responsibly, with privacy and security as foundational principles.
Privacy-enhancing technologies are a key part of this solution, enabling collaboration while ensuring compliance and trust. By combining PETs with strong governance and supportive legislation, governments and healthcare providers can build a resilient infrastructure that achieves three critical goals: safeguarding patient data, enhancing medical research and strengthening cyber security.
As cyber criminals continue their relentless attacks, the question is not whether organisations should collaborate securely, but how quickly they can adopt the right tools to do so. It’s better late than never – the time to act is now.
Ronen Cohen is vice president of strategy at Duality Technologies.
