Health-ISAC Hacking Healthcare 2-4-2020 -

TLP White: In this edition of Hacking Healthcare, we begin by examining a milestone in the integration of Artificial Intelligence/Machine Learning (AI/ML) into drug treatment development. Next, we brief you on new developments in Huawei’s ongoing saga to avoid a European ban and what it may mean for EU-US relations. Lastly, in continuing our coverage of the cyber insurance market, we look at what a new decision in favor of an email fraud victim might mean for the still evolving market.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

Welcome back to Hacking Healthcare.

1. AI Takes Prominent Role in Drug Development.

The implementation of AI/ML technologies into healthcare has primarily focused on streamlining business processes, analyzing information streams and data sets, and algorithmically detecting anomalies that would otherwise go overlooked. One AI/ML use case that holds significant promise though likely to draw heavy scrutiny, will be the deployment of AI/ML to aide in the development of treatments and medicines. Last week, this particular use case took a significant step forward when it was announced that a drug molecule “created by using algorithms” will begin human trials for the first time ever.[1]

Created by the British company Exscientia and Japanese company Sumitomo Dainippon Pharma, the drug is especially notable for its rapid development time. By incorporating AI/ML into the process, the developers managed to make it to human trials in 12 months whereas the various stages of drug development have previously taken upwards of 10 years before becoming available.[2]^{, [3]} Exscienta’s Chief Executive Professor Andrew Hopkins believes that the successful development of this drug molecule could lead to a revolution in how all drugs are developed. He goes as far to say that “This year was the first to have an AI-designed drug but by the end of the decade all new drugs could potentially be created by AI.”[4]

2. Europe and the UK Diverge with the US on Huawei.

The United States has spent considerable resources over the past many months to pressure its European allies to reject the incorporation of Chinese technology company Huawei into their national telecommunications infrastructure. Despite the longstanding skepticism of Huawei’s stated independence from the Chinese Communist Party, and notable engineering defects in their products, the EU and newly separated UK have both defied American pressure and will allow limited integration.[5] Depending on what happens next, there could be significant repercussions from such actions.

The EU, which can only make recommendations to its member states, did end up cautioning that steps should be taken to secure critical parts of their networks, and that “high-risk” entities like Huawei should be limited in their overall integration. Nevertheless, the decision will ultimately be up to individual member states to form their own policies. While some of these states, such as the Czech Republic and Poland, have already marked Huawei as a security threat, other states that have the most to gain from Chinese investment may be tempted to ignore such advice.[6]

3. AIG Forced to Cover Cyber Related Losses.

In our continuing coverage of the cyber insurance market, a ruling last Wednesday in the Southern District of New York stated that AIG wrongfully denied a claim by SS&C Technologies over a loss stemming from an email scam. Cyber-related insurance disputes continue to make headlines as the market tries to find equilibrium in a dynamic field that lacks sufficient actuarial data to help inform its policies.

The claim comes from 2016, when suspected Chinese fraudsters managed to pull off a business email compromise scam (BEC) against the fintech company SS&C. The fraudsters spoofed emails from an SS&C client that requested funds be transferred to accounts under their control and ended up costing the company $5.9 million. SS&C’s request to have that $5.9 million covered by AIG was denied on the grounds that they were not “covered in the case of a loss of a client’s funds.”[7] However, the judge determined that SS&C was covered because the employees who were duped believed they were transferring the funds appropriately at the request of their client.[8]

Congress –

Tuesday, February 4th:

– No relevant hearings

Wednesday, February 5th:

– Senate Committee on Finance: Hearings to examine the nomination of Sarah C. Arbes, of Virginia, to be an Assistant Secretary of Health and Human Services

– House Committee on Appropriations: Oversight Hearing on DOE’s Role in Advancing Biomedical Sciences

– Committee on Energy and Commerce – Subcommittee on Oversight and Investigations: Hearing: Vaping in America: E-Cigarette Manufacturers’ Impact on Public Health

– Committee on Foreign Affairs – Subcommittee on Asia, the Pacific and Nonproliferation: Hearing: The Wuhan Coronavirus: Assessing the Outbreak, the Response, and Regional Implications

Thursday, February 6th:

– No relevant hearings