Cybersecurity in Healthcare – Comparing 5 AI-based Vendor Offerings

Kumba Sennaar

Kumba is an AI Analyst at Emerj, covering financial services and healthcare AI trends. She has performed research through the National Institutes of Health (NIH), is an honors graduate of Rensselaer Polytechnic Institute and a Master’s candidate in Biotechnology at Johns Hopkins University.

Cybersecurity in Healthcare - Comparing 5 AI-based Vendor Offerings

The healthcare industry is evolving into an increasingly digital environment, and as a result cybersecurity continues to be a top priority for protecting sensitive data such as financial records and patient medical records.

Market research firm Grand View Research estimates that the global healthcare cybersecurity market will reach $10.85 Billion by 2022. Grand View Research also estimates the annual economic impact of cyber attacks on hospitals and healthcare systems is $6 billion per year.

Healthcare has become an attractive market for companies developing AI cybersecurity solutions. In this article we’ll explore 5 representative examples of cybersecurity companies that serve the healthcare industry. The majority of the firms we cover serve multiple industries, and do not have a specific focus on healthcare alone.

The majority of current and emerging use cases appear to focus on protecting healthcare system data and records. Specifically, machine learning is used to help identify and predict cybersecurity threats.

In this article, we have organized the companies using a set of 5 quantifiable factors (e.g. funds raised, target user, etc…) which we thought would be of particular interest to readers. The companies are ranked based on total funds raised.

We’ll conclude by discussing the potential value and future implications of these applications.


  • Total funds raised: $179.5 million
  • Year founded: 2013
  • HQ location: Cambridge, United Kingdom
  • Number of employees: 501-1000
  • Target industry: Multiple sectors

Darktrace claims that it uses machine learning and AI algorithms to identify and respond to cybersecurity threats through the company’s platform.

The company’s AI algorithms are trained on large data sets such as categories of end users and the devices connected to a client’s network. The company does not provide specific examples of data sources on its website but claims that the algorithms analyze raw network traffic of an organization to gain a unique profile of the environment. Ideally, if the platform gains an understanding of the ‘normal’ environment and how it may fluctuate, potential threats can be more quickly identified.

In the 1:52 minute video below, Doug Topalovic, VP of Information Technology for the Heritage Education Fund, discusses how the platform helps protect the Toronto-based company against cybersecurity threats.

According to the Darktrace’s LinkedIn page, the company has 606 associated professionals but specifies it has over 650 employees in the company description. In an April 2017 press release, the company reports $150 million in total contract value and 30,000 identified threats across 2,400 deployments.

In a case study, Darktrace claims that it helped Swope Health Services, a Kansas City-based healthcare system servicing 40,000 patients, employing 500 individuals and hosting medical information for 200,000, improve its cybersecurity operations.

“Before Darktrace, we only had visibility on activity entering and exiting the network at the end user level. We had questions about our networks and our existing tools weren’t providing the answers. We needed a self-configuring and self-learning technology that could provide rare internal visibility and also give real insights into the complexity of our network infrastructure.”  -Brian Thomas, CIO, Swope Health Services.

However, specific quantifiable measures were not included in this case study. We were not able to find such data in other case studies presented on the company’s website.



  • Total funds raised: $177 million
  • Year founded: 2012
  • HQ location: Irvine, California
  • Number of employees: 501-1,000
  • Target industry: Multiple sectors

Cylance claims that is uses AI and machine learning to predict and identify cybersecurity threats using its cloud-based platform.

Cylance trains that its algorithms are trained on a large data sets drawing from Windows, Mac, and Linux frameworks and composed of millions of both safe and unsafe files and events. The firm claims that millions of characteristics are analyzed based on the fundamental components of these files.

Examples of file elements include file size, imports, headers and directories. These elements are subsequently clustered into groups of similar properties and the machine learning model can learn which are safe and which may be malicious (see: Anomaly detection).

The company claims that it prevented a malware threat (CVE-2014-1761) and it was discovered and quarantined in March 2014. This occured one month before it was identified and posted on, a malware analysis and research platform. The threat was reportedly “detected by only 4 of 51 antivirus engines.”

To provide context, in a 2017 survey conducted by HIMSS Analytics, a global healthcare research firm, 78 percent of respondents reported that malware or ransomware played a role in cybersecurity attacks, mainly via email, within the past 12 months.

“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats.” – Bryan Fiekers, Sr. Director, HIMSS Analytics.

In the 5:08 minute demo below, the company demonstrates how its CylanceOPTICS platform predicts and identifies security threats:

According to the Cylance LinkedIn page, there are 911 professionals currently associated with the company and a search for “machine learning scientists” produces approximately 161 hits.

Cylance does not provide a specific number of total clients, but claims it serves hundreds of enterprises, organizations and government institutions across the globe. Examples of healthcare clients include Phoenix Children’s Hospital, Genetec, and La Jolla Institute for Allergy and Immunology.

Cylance provides a case study of a healthcare client, however, all company details are anonymized. This is to be expected for cyber security applications, which often are unable to name their client companies.


  • Total funds raised: $54.4 million
  • Year founded: 2011
  • HQ location: Austin, Texas
  • Number of employees: 101-250
  • Target industry: Healthcare

ClearDATA claims to leverage machine learning for healthcare-specific solutions for payers, providers and healthcare technology organizations. ClearDATA’s algorithms are trained on large data sets of patient and provider data such as electronic health records.

For example, the firm analyzes patient stored in the cloud for known security threats, it then compares that with data access norms from all of its client companies to determine if a client’s data is at risk. If a high risk is identified, a client user will receive a notification of the potential risk, in addition to simple suggestions.The platform aims to support HIPAA compliance across systems.

In a case study on the company’s website, ClearDATA claims to have increased productivity and reduced monthly costs for the Benson Area Medical Center, which hired the company to update their EHR system. However the specific costs that were cut as a result of the ClearDATA system was not specified.

In the 3 minute video, John Walsh CTO, of Horizon Blue Cross Blue Shield of New Jersey, describes how ClearDATA’s platform improved business operations for his healthcare organizations.

The company’s Crunchbase profile states that there are 350,000 healthcare professionals who utilize its services.

Agari Data, Inc.

  • Total funds raised: $44.7 million
  • Year founded: 2009
  • HQ location: Foster City, California
  • Number of employees: 51-200
  • Target industry: Multiple sectors

Agari claims that its cybersecurity platform leverages machine learning to mitigate email attacks.

The company claims that its algorithm is trained on 2 trillion emails per year from email hosting platforms such as Yahoo, Google and Microsoft and inbound email. However, details or examples of how the emails are accessed are not currently available on the company’s website.

Specific characteristics such as sender and email type are extracted from these emails and are subsequently analyzed and classified into categories. This information is then used to analyze new emails for evidence of potential fraud and to assess the level of risk.  

In the 4:34 minute video below, Wes Dobry, Principal Security Architect at Agari, provides a demo of the company’s platform and discusses how it helps prevent phishing emails.

According to Agari’s LinkedIn page, there are 137 professionals associated with the company and data scientists include professionals with graduate-level training from Stanford and Duke University.

Healthcare clients include Aetna and Blue Shield of California as evidenced by a case study where Agari claims that it improved “prevention of phishing on domains” and “reduced consumer fraud/support costs related to email.” However, details on cost savings were not specified.


  • Total funds raised: $7.9 million
  • Year founded: 2012
  • HQ location: Columbus, Ohio
  • Number of employees: 11-50
  • Target industry: Multiple sectors

Wiretap claims to leverage AI for its healthcare cybersecurity solutions to such as its Aware platform.

The firm claims its Aware platform develops its algorithms by drawing data from various components of a company’s network including private messages, content files, as well as content from internal and external users of programs such as Facebook, Slack and Microsoft Office.

When a client user implements the platform, the system analyzes the social media norms of the organization in comparison to all its client companies. Then the platform can proactively manage risk and alert the client user of potential threats.

The company website provides case studies pertaining to its security solutions and also includes healthcare as a target industry. However, case studies specific to Wiretap’s healthcare applications are not currently available.

In the 1 minute video below, Wiretap CEO and co-founder Jeff Schumann explains how the platform learns the behavior of a system and gains proficiency in identifying security threats:

Wiretap’s LinkedIn page lists 35 professionals associated with the company and a data engineer in machine learning with graduate-level training is listed among staff.

Concluding Thoughts on Healthcare Cybersecurity

AI-based cybersecurity companies providing solutions for the healthcare industry have the potential to improve patient record protection, network security, and to strengthen patient and provider confidence and trust.  

Cybersecurity breaches are not only dangerous to patient privacy they can also present significant cost implications. The Protenus Breach Barometer, a publication of disclosed breaches impacting the healthcare industry, reports that an estimated 32.9 million patient records were breached between 2016 and 2017. The cost of a healthcare data breach has been estimated at $380 per record.

Additionally, cybersecurity attacks also negatively impact branding and patient confidence in the hospitals and/or healthcare systems where these events occur. Jasson Casey CTO of SecurityScorecard, a New York-based security risk company provides context and insights from a company report evaluating 1,200 healthcare companies.  

“Last year [2017] took a toll on the overall cybersecurity confidence in healthcare organizations, with dozens of ransomware attacks, and data breaches. It’s no surprise that our research team found healthcare organizations are behind in proper network and endpoint security protocols. As we move through 2018, healthcare organizations need to get back to the fundamentals of good cybersecurity hygiene by keeping up with patching schedules and outfitting the organization with enough personnel to accomplish this goal.”

It is also important to understand specifically why the healthcare industry is such a prime target for these cybersecurity breaches. In an interview with Emerj, Daniel Nigrin, MD, Senior Vice President and CIO at Boston Children’s Hospital, provides important context as to why the healthcare industry is at high risk.

“There’s no question that healthcare certainly evolved over the course of the last several years as a super tantalizing target for hackers who are after data and that’s largely because healthcare and patient-related data is just more valuable on the black market unlike common credit cards.

The healthcare data that we protect within our systems can be used for all kinds of illicit activities online and because they represent things that are unchanging for people, unlike in credit cards where the number can change periodically, patient’s date of birth, social security number, etc. are immutable. Because of that, it represents much more compelling data for cyberattackers to go after.”-Daniel Nigrin, MD

The ability of AI to predict when a cybersecurity breach may occur provides a useful advantage over competitors not utilizing AI. Machine learning helps monitor client systems continuously to detect a security threat before it can cause damage.

As companies in this sector learn from what works effectively and identify areas for improvement one important consideration will be accruing and maintaining robust data that is used to train the algorithms driving these platforms. While most of the largest ML-based security providers (like Cylance and Darktrace) service many industries, we suspect that more healthcare-specific providers (like ClearDATA) will emerge to handle sector-specific security concerns in healthcare.


Header image credit: HealthBlawg

Stay Ahead of the AI Curve

Discover the critical AI trends and applications that separate winners from losers in the future of business.

Sign up for the 'AI Advantage' newsletter: