Building Resilient Health Systems Intelligence: Adapting Indicators of Compromise for the Cyber-Bionexus

Abstract

The health sector is an underutilized source of actionable health intelligence for responding to threats across the “cyber-bionexus,” defined as the convergence of threats from the biological and cybersecurity domains to produce harms with widespread societal consequences. The escalation of concerns about such threats—related to misinformation and disinformation; chemical, biological, radiological, and nuclear events; cyberattacks; natural disease outbreaks; and disasters of various kinds—places health system concerns squarely at the forefront of national critical systems and broader security imperatives. Events such as the COVID-19 pandemic have highlighted the dearth of systems available for generating real-time intelligence in relation to critical functions of health sector operations amidst an unfolding crisis. Drawing on principles from the field of cyberthreat intelligence, and building on existing scholarship in health security intelligence, we propose a model for applying health system indicators of compromise for cyberbio events. We further discuss the relevance of this approach within the broader landscape of the cyber-bionexus to signal new pathways for research, practice, and policy engagement.

Background

The weaponization of the cyber-bionexus is an increasingly important focus for defense and security actors.¹ Defined as the convergence of threats from the biological and cybersecurity domains to produce harms with widespread societal consequences, the cyber-bionexus has ascended as a critical terrain for hostile actors using both novel and traditional adversarial approaches. Paradigmatic examples of this concept include health sector cyber vulnerabilities and the exploitation of pandemics using misinformation and disinformation, which have exposed vacuums in intelligence architectures and the neglect of this domain within critical national systems. Health systems, including all aspects of medical and clinical care from community to tertiary and apex hospitals including ancillary components such as pharmacies, are increasingly targeted by hostile nation state actors and nonstate groups through physical attacks and coordinated cyber operations.² Natural events, such as pandemics and epidemics, also strain the integrity of the cyber-bionexus by exposing the vulnerabilities of systems already under stress and providing opportunities for their exploitation. Building resilient health services necessitates a more focused approach toward health systems intelligence that is able to address the full spectrum of cyberbio threats, whether they are natural or engineered outbreak events, targeted disinformation campaigns, or hostile cyber operations. The assurance of health system integrity amidst converging global strategic and security dynamics necessitates strong governmental and multilateral action to effectively respond to the evolving cyberbio threat landscape.

The COVID-19 pandemic has exposed the fragmented nature of health information architectures both within and between health systems.^3,4 Although health information is a fundamental pillar of the World Health Organization health system building blocks, it has become clear during the course of the COVID-19 crisis that intelligence from the health sector is a neglected source of real-time situational awareness to support an effective response to a health emergency. Clearly, COVID-19 has tested health systems globally, and the protection of services has been a major rationale for the implementation of nonpharmaceutical interventions such as lockdowns, travel bans, and quarantine measures, all of which have been implemented at considerable economic and social costs.^5,6 However, key omissions in response capabilities include the effective use of real-time information to predict the course of health system integrity (capacity and capability), and more broadly, the use of health sector information as a source of actionable intelligence to prevent, detect, and respond to unfolding pandemic events.⁷ Certain health phenomena arising during COVID-19, such as the sudden reduction in presentation of cancers and myocardial infarctions and sudden increases in acute bed occupancy, have been well recognized in retrospective studies globally; the conclusions gleaned from these trends are relevant not only for the specific disease burden involved, but they more broadly indicate health system compromise in the context of an unfolding crisis.^8,9 Systems for identifying and acting on these insights in real time are limited. Much of the real-time knowledge from these unfolding events is sited within professional groups working in often under-resourced health sectors, where there is no integrated system for gathering intelligence to feed into wider service planning and governance approaches.¹⁰

Recognizing the health sector as a critical national system requires developing robust intelligence methods to anticipate as early as possible the impacts on health system integrity—such as the impact of overwhelming acute bed capacity in intensive care units and the indirect impact of nonpharmaceutical interventions on nonpandemic-related healthcare. We propose applying health indicators of compromise (IOCs), defined as pieces of data that indicate potentially malicious activity, as an early warning system for cyber-bionexus events. Identifying health IOCs used in conditions that constrain or threaten ordinary and effective service function can connect real-world phenomena with the governance platform effected during situations of crisis. These conditions are wide-ranging, including pandemics; chemical, biological, radiological, and nuclear events; cyberattacks; and terrorism.¹¹ Undervaluing the health sector within the national security infrastructure has also left it uniquely vulnerable to external threat actors working at all points of the cyber-bionexus.² The health security agenda recognizes the importance of health system strengthening within global health programs, but an elicitation of vulnerabilities across the spectrum of low- and high- income settings has received limited attention. Learning to value the centrality and importance of the health system has been a painful lesson for populations and governments, especially as governments recognize that the post-pandemic future requires improving information architectures to derive early and actionable intelligence from the plurality of health systems to preserve the foundations of global order.¹²

Building on the concept of a cyber-bionexus, we developed a set of health system IOCs (see example in Table) to (1) create a taxonomy of systems that indicate significant compromises of the healthcare system that might lead to vulnerabilities in response capabilities; (2) bridge the gap between human intelligence collection methods and healthcare worker and patient behavior as it pertains to health service integrity and all-cause health metrics including mortality, morbidity, and health-seeking behaviors; and (3) identify avenues for applied research to use these IOCs within early warning systems for critical events.

Table 1.

Example Set of Health Indicators of Compromise

Category	Indicator of Compromise
Clinical	Sudden or significant rise in presentation rates of a singular or convergent conditions (eg, pneumonia), or key syndromic indicators (consider high-risk classification of signs and symptoms such as cough, dyspnea, tachycardia, pyrexia, miosis, lacrimation, rash, vomiting)
Clinical	Unique or unusual clinical presentation in unexpected numbers
Presentation	Sudden or significant increase in all-cause case volume
	Sudden or significant case increase in “sentinel” areas (eg, AMU, ED, ICU, trauma)
	Increase in all-cause out-of-hospital deaths
	Sudden or significant reduction in other-cause case presentations (eg, cancers, myocardial infarctions, cerebrovascular accidents, pediatric emergencies, obstetric emergencies)
	Sudden or significant decrease in outpatient attendances
	Sudden increase in general practitioner service burden (eg, appointment requests, home visit requests)
Availability	Overcrowding in sentinel areas (eg, AMU, ED, ICU, trauma)
	Sudden or significant increase in staff sickness and absence rates
	Sudden or significant utilization rates of critical equipment or shortages
	Delays in reporting of radiology or pathology specimens due to pathway overflow
	Sudden or significant increase in per patient bed days (eg, pattern of heavy admissions vs discharges)

Abbreviations: AMU, acute medical unit; ED, emergency department; ICU, intensive care unit.

Why Does Healthcare Need an Intelligence System?

The health sector, and its constituent units in primary, secondary, and tertiary care settings, sits at the interface between public health measures and a population at risk. The term “frontline” has frequently been used to describe clinical settings and their workers, and despite some criticism of this term, its value may be to aid the conceptualization of healthcare services as a threshold between policy and practice, which is crucial for increasing situational awareness. Developing a health intelligence system requires expertise to extract relevant information on the ground that can be fed into government and multilateral institutions to prevent, detect, and respond to threats. Governments have placed a significant focus on the behavioral sciences to complement their response to the pandemic, which has been largely based on modeling.^13,14 In the United Kingdom, the Independent Scientific Pandemic Insights Group on Behaviours has been a prominent voice feeding into pandemic policy through a number of other analytical groups including the Scientific Advisory Group for Emergencies (SAGE). Understanding the role of people's behavior is clearly vital to understanding and supporting their adherence to government measures; however, this pandemic has revealed a disconnect between systems for deriving behavioral insights and the complexity behaviors related to healthcare engagement and frontline health staff.

Because the United Kingdom did not have a health intelligence system, it was unable to identify and mitigate the significant impacts of nonpharmaceutical interventions on non-COVID-19 healthcare. For example, we now know that between January and September 2020 there was an 18.2% reduction in new cancer diagnoses compared with 2019, and a 3.9% increase in advanced stage presentation.¹⁵ In cardiovascular medicine similar patterns have been seen around the world including delayed presentation of myocardial infarction.^16,17 Consequences of these delays have included higher mortality and late presentation with cardiac phenomena, which are rarely seen due to the evolution of pathological sequelae typically prevented by timely intervention.¹⁸ Similar findings exist for stroke and pediatric and obstetric emergencies, which have resulted in higher rates of ICU admission and increases in mortality.^19-21 Lengthy scientific publication cycles mean that we are able to examine data only several months after these events; however, these phenomena were recognized in real time by professionals working in these fields, and provided early indications of the potential collapse of health systems. Sudden alterations in presentations were immediately identified by medical professionals worldwide who shared insights in ad hoc ways on social media, messaging services, and in clinical hubs.²² Without systems to connect relevant on-the-ground information to a central hub for potential rapid action, certain health trends are replicated globally without effective remedial measures; however, such measures could be delivered through behavioral science insights, strategic communications, and public health advocacy.

In the United Kingdom, the deployment of nonpharmaceutical interventions has been rationalized to the public by the slogan “Stay home. Protect the NHS. Save lives.” Preserving the health sector has been the government's primary objective, and preventing services from being overwhelmed has underpinned government responses at all stages of lockdowns and continuous restrictions. In response to surges of new COVID-19 cases, significant health sector reorganization has taken place, much of which is driven by pandemic modeling.^23,24 Discussions among UK leaders regarding the reliance on modeling have highlighted some of the contextual limitations and difficulties faced by individual health facilities that need to reorganize based on modeling data alone.^25,24 A greater diversity of tools is required to increase situational awareness related to health system functioning. A recent retrospective study conducted at King's College London has shown that by using syndromic analysis of clinical information systems, it is possible to identify early warning indicators that provide a 4-day advance alert of hospital surges.²⁶ However, syndromic data is only part of the picture. The real value is being able to parse clinical and syndromic data with human intelligence of specified IOCs, which offers the most dynamic and responsive platform for delivering detailed context-led health intelligence. There is considerable potential to harness the experiential knowledge of health professionals to enhance modeling insights; this intelligence could generate validated early warnings and indicators of service surges and system strain.

The use of human intelligence in the health sector has been massively undervalued. Using multisource indicators from clinical data, professional perceptions, and population behavior interfaces to detect early warning signals provides an opportunity to deliver real-time situational awareness. The strength of intelligence-led approaches is their ability to offer early and continuous multisource threat assessment in complex operating environments.^27,28 Health professionals are ideally placed to collect the first signs of health system strain and provide an early warning system for decisionmakers to detect and potentially act on critical system failures. Although individual healthcare professionals do not possess the full picture, a human intelligence system could aggregate nuanced situational awareness. The relevance of human intelligence in outbreak response capabilities is increasingly recognized, and recurrent failures in applying this intelligence to outbreaks of concern from Ebola to West Nile Virus have been well documented.^29,30,31 Embedding intelligence processes within health systems can strengthen the resilience of postpandemic systems to ensure their responsiveness to diverse threats.^32,33

Applying Indicators of Compromise to Health Systems Intelligence

Developing intelligence requirements is a crucial first step in directing the process of any intelligence operation.³⁴ Identifying a set of IOCs for the health sector enables ongoing monitoring of critical parameters to provide actionable intelligence on health system integrity. The focus on IOCs introduces the notion of threat actors targeting identified vulnerabilities and provides concrete routes for threat assessment in dynamic contexts. For example, previous research conducted by the authors on structural requirements of health intelligence systems include a proposed framework for a national health intelligence system.²⁷

The term “indicators of compromise” is widely used in cybersecurity and broadly indicates unusual behaviors on a network, which could be related to malicious activity such as unusual network traffic, unusual activity in privileged accounts, tampered file and registry configurations, or large amounts of compressed data in unused system areas.³⁵ More specifically, IOCs are “pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.”³⁶

While there is no official categorization of IOC behaviors, they are often broadly placed in 3 categories—confidentiality, integrity, and availability—all of which can be applied to the health sector. These 3 categories align with the scoring metric for the Common Vulnerabilities and Exploits (CVE) database, in which CVEs are given a vulnerability score to indicate their severity, based on their impact in terms of confidentiality, integrity, and availability. IOCs are artifacts left by potentially malicious activity, whereas CVEs are the vulnerabilities already present within a network or program that can be exploited by threat actors. These artifacts, gathered by security operations center (SOC) analysts during an intrusion, or gathered by cyber incident response teams following a confirmed attack, provide evidence of a network compromise (ie, that malicious threat actors have exploited weaknesses in the system and “compromised it”). After an intrusion, IOCs can often be linked to a threat actor or malware, which enables analysts to not only attribute the attack to a specific actor, but also to predict the actor's subsequent activity (based on their previous attacks) and take action to mitigate them. Built within this model of detection, attribution, and mitigation is the notion of cumulative IOCs and critical functions (previously known as critical economic functions). Critical functions are the people, processes, and technologies required to deliver a core service,³⁷ which are subject to higher security standards. The notion of cumulative IOCs builds to a system collapse; mapped against the extended Kill Chain, the more IOCs that are present against each phase, the more likely it is that an attack is underway. In this model, the cumulative value for IOCs identified that affect critical functions have a higher value, allowing analysts to prioritize threat hunting and attacks.

Health sector IOCs, as outlined in this article, are distinct from existing IOC systems. IOC systems purely in support of health sector cyber networks are in principle common to all critical sectors including energy, defense, or communications. This analysis is focused on a new approach that applies the processes and systems of cybersecurity to the unique and newly defined landscape of the cyber-bionexus. In this paradigm the health sector is reinforced as a critical sector with critical service functions, upon which malicious activity can leave specific forensic artifacts that indicate harmful activity. In this context, malicious activity has a wider connotation than its definition in cybersecurity; in health security intelligence it signifies the harmful consequences of health system shocks such as epidemics or cyberattacks upon an underlying system architecture. These artifacts might be recognized as biological phenomena occurring in specific patterns, such as unique pathophysiological conditions or altered syndromic burdens. While the compromise may not be the intent of a malicious actor—but rather an infectious disease, economic, or supply crisis or shift in structural organization that could lead to the collapse of critical functions—the principle is the same. The health system is similar to an organizational network in that it has dependencies, critical functions, and vulnerabilities, all of which can be mapped and monitored in real time. Specific IOCs that encompass core service functions, alongside necessary and potentially unique capabilities for specific system threats, can therefore determine system strain. IOCs would be updated continually as new information on the system and its potential “attackers” changes. As such, establishing a multilayered series of IOCs specific to a health system would allow analysts to identify potential compromises, weaknesses, and attacks (ie, incidents that could lead to a wider collapse). The utility of this approach is its broad application to diverse threats—such as the Novichok attacks in Salisbury, COVID-19 crises alongside power outages in Texas, and prevalent vaccine disinformation campaigns—and its primary goal to protect critical health sector functions. An essential property of IOCs are their ability to adapt to local factors and unique system characteristics. For example, a set of IOCs for a London teaching hospital will differ in important ways from a rural US primary healthcare network; however, the overriding approach to information gathering and threat assessment will be the same.

Used effectively, proper IOC monitoring presents a multilayered, all-source, cross-network method of monitoring a system for indications of malicious activity or compromise, both as part of normal monitoring activity and as part of incident response activity or threat hunting. IOCs are largely stored on publicly accessible databases, and there are a significant number of open-source tools available to import IOCs into a functioning network security system, which enables automation of IOC detection. Crucially, IOCs are shared between organizations and entities, meaning that the list is continually updated, allowing for more effective mitigation. Health sector IOCs should have the following key attributes:

All-source, representing both tangible and behavioral indicators

Specific and unique (cannot be replicated by chance or coincidence)

In possession of specific mitigation or response mechanisms

Able to be sequenced to indicate a larger conclusion

In possession of a timely reporting mechanism

Crucial to the functioning of a valid IOC system is the presence of a security operations center (SOC). The SOC is the central cyber security component of an organization, in which analysts parse a variety of data—of which the IOC system represents an important facet—and produces intelligence that can identify potential system compromise or collapse. While the SOC's central role is to protect system IT assets, its responsibilities are wide-ranging and include monitoring, threat hunting, threat intelligence, security information and event management, information assurance, incident response, and information risk management. To ensure that SOCs are gathering high-quality actionable intelligence that effectively feed into IOC parameters, pathways for gathering intelligence across the health sector require strengthening. Existing internal information sharing streams can be leveraged to create mechanisms for collecting intelligence, for example through daily occurrences such as departmental handovers, situation report meetings, and professional discussion groups. Ensuring that information is collected from a variety of professional cadres, from primary to tertiary care, is vital to delivering the highest-quality intelligence.

The vulnerability of health services to cyberattacks has been described in the academic literature, but the applicability of threat intelligence principles to health system integrity across a diverse threat landscape, including cyber and natural and deliberate pathogenic threats, is still a field in its infancy.^1,2 Health systems must perform activities analogous to those of a cyber SOC, including hunting and monitoring threats, responding to health events or system collapse, and looking at real-time data generated by health system networks, which is a version of security information and event management.

Defining Health System Indicators of Compromise

A national health system is a complex entity with constituent elements that address the healthcare needs of a population. Healthcare professionals, from primary to tertiary care, engage with populations in many ways, including emergency presentations, chronic disease management, and social care. These services are the primary ways that the population interacts with healthcare professional. It is essential to understand the complexity of a health service structure and its role in producing intelligence in order to deliver adaptable responses tailored to the setting and population. An effective set of IOCs must necessarily incorporate key clinical areas across the health sector, and we have identified “sentinel” zones—specifically, emergency department, acute medical unit, intensive care unit, and trauma services—where rapid changes in patient presentation indicate wider service strain, and where real-time intelligence would offer a significant improvement in situational awareness. Where a clinical setting is not specified, we assume the IOC applies across primary care and hospital settings, while acknowledging that the intelligence associated with the IOC may generate varied responses depending on its site setting. Alterations in form and stage of specific clinical presentation burdens such as myocardial infarction, cerebrovascular accidents, and cancer are selected as sentinel conditions indicative of altered patient behaviors. Most of these conditions are associated with a short prodrome for which there is a proven case for immediate intervention (eg, the time between onset of chest pain and primary percutaneous intervention at a designated coronary center). The rationale for immediate intervention is the relationship between relatively short delays in presentation time (eg, hours to days) and significant amplification in disease severity that would ultimately have an impact on the critical functions of a health service. Other conditions manifesting significant delays in presentation such as cancer are important indicators of presentation behaviors, in particular within primary care settings.

The internal clinical functions of patient flow in hospitals are crucial to the maintenance of service integrity; for example, radiology and pathology services are critical functions that can be over-burdened by patient surges and produce bottlenecks in diagnosis, treatment, and discharge. Increasingly health services are reporting on their experiences managing surge capacity during the COVID-19 pandemic and discussing the challenges they have faced as convergent conditions strain specific investigation modalities.^38,39 Top-heavy admissions discharge patterns—where hospital admissions greatly outnumber discharges—are likely to indicate a strain on at least 1 critical domain of service functioning, requiring further attention by intelligence operators.

The purpose of IOCs is to protect system operations, so they are categorized in terms of confidentiality, integrity, and availability; health system IOCs should also be categorized in terms of the system operations they protect. As such, we propose 3 categories of health IOCs: clinical (unique, pathognomonic, or novel clinical presentations of disease), presentation (the presentation pattern of cases), and availability (the availability of services).

The example set of IOCs outlined in the Table is particularly applicable to the conditions of pandemic events as encountered during the COVID-19 pandemic. Nevertheless, these indicators could be similarly applicable to other conditions that place strain on services. For example, chemical, biological, radiological, and nuclear events may produce cumulative IOCs, firstly appearing in the clinical category, and progressing through the presentation and availability categories within specific health sector networks. Cyberattacks conversely might initially produce IOCs in the availability category, before also including the presentation category; this trend was seen during the 2017 WannaCry Ransomware attack, which caused the failure of elements of critical services such as radiology and operating theater equipment and outpatient services, costing the UK government up to £92 million (approximately US$127 million).⁴⁰ No single set of IOCs will be fully applicable to the range of potential cyber-bionexus threats facing the health sector, but defining appropriate sets of IOCs for specific threats enables the development of preparedness approaches that generate early warning signals and actionable intelligence across the spectrum of cyber-bionexus concerns. Significant work has gone into creating a model for a health intelligence SOC, its necessary inputs and outputs, and potential sources.²⁷ However, further research is needed to create a target operating model, which replicates in detail the daily functions of SOCs in terms of outputs, integration with the wider health system, and models that are responsible, advised, consulted, and informed.

Conclusion

Significant events in the recent past have demonstrated the neglect of health systems within public health and security-focused approaches. The boundaries between these 2 domains are nevertheless becoming less distinct, and therefore the calls for building effective platforms to embed resilience across the health sector grow more urgent. COVID-19, disinformation operations, and escalating chemical, biological, radiological, and nuclear threats are just some of the converging issues driving the evolution of the cyber-bionexus. Prior failures can be explained in part by the absence of health system intelligence systems, whereby rich sources of information in the health sector have been neglected within the wider platform of domestic security and response capabilities. The relevance of this approach builds on existing research from scholars and practitioners working on broader issues of health intelligence in varied health emergencies. As national governments explicitly state their intention to integrate health security issues within their defense strategies—such as the UK review on security, defense, development, and foreign policy⁴¹—novel techniques will be required to bring to bear broad-based expertise on the complex challenges facing governance actors.

The cyber-bionexus concept aids the development of approaches that bridge sectoral divisions and open up pathways for scholarship and focused programmatic work. One such pathway is the adaptation of IOCs specific to health systems, for increasing real-time situational awareness among decisionmakers operating at the interface of the health sector and active threats. Embedding and testing these approaches through wargaming and tabletop exercises at the highest levels of decision making should be a pressing priority. New capabilities such as advanced genomic surveillance have profoundly altered governmental responses to the COVID-19 pandemic⁴²; harnessing the insights of intelligence-led approaches amplifies these gains by condensing biological information with operational knowledge crucial to the protection of the health sector. Future challenges emerging from the cyber-bionexus will demand focus on the synergies and cross-disciplinary insights arising from this evolving threat landscape.

Footnotes

Acknowledgments

This research was funded through UK Research and Innovation as part of the Global Challenges Research Fund; Research for Health in Conflict in the Middle East and North Africa (R4HC-MENA) project, grant number ES/P010962/1 and National Institute for Health Research (No. 131207), Research for Health Systems Strengthening in Northern Syria (R4HSSS).

References

Bernard

, Bowsher

, Sullivan

, Gibson-Fall

. Disinformation and epidemics: anticipating the next phase of biowarfare. Health Secur. 2021; 19(1):3-12.

Bernard

, Bowsher

, Sullivan

. Cyber security and the unexplored threat to global health: a call for global norms. Glob Secur Health Sci Pol. 2020; 5(1):134-141.

Lal

, Erondu

, Heymann

, Gitahi

, Yates

. Fragmented health systems in COVID-19: rectifying the misalignment between global health security and universal health coverage. Lancet. 2021; 397(10268):61-67.

Hoxha

, Hung

, Irwin

, Grépin

. Understanding the challenges associated with the use of data from routine health information systems in low- and middle-income countries: a systematic review. Health Inf Manag. June 30, 2020. doi:10.1177/1833358320928729

Ferguson

, Laydon

, Nedjati-Gilani

, et al. Impact of non-pharmaceutical interventions (NPIs) to reduce COVID-19 mortality and healthcare demand. Imperial College London WHO Collaborating Centre for Infectious Disease Modelling. Published March 16, 2020. Accessed October 7, 2021. https://www.imperial.ac.uk/media/imperial-college/medicine/sph/ide/gida-fellowships/Imperial-College-COVID19-NPI-modelling-16-03-2020.pdf

Garcia

, Henry

. The hidden costs of regional lockdowns. Lancet Reg Health Eur. 2021; 2:100035.

Lal

, Ashworth

, Dada

, Hoemeke

, Tambo

Optimizing pandemic preparedness and response through health information systems: lessons learned from Ebola to COVID-19. Disaster Med Public Health Prep. October 2, 2021. doi:10.1017/dmp.2020.361

, Ma

, Peppelenbosch

, Pan

. Potential association between COVID-19 mortality and health-care resource availability. Lancet Glob Health. 2020; 8(4):e480.

Tangcharoensathien

, Bassett

, Meng

, Mills

. Are overwhelmed health systems an inevitable consequence of covid-19? Experiences from China, Thailand, and New York State. BMJ. 2021; 372:n83.

10.

Rubinson

Intensive care unit strain and mortality risk among critically ill patients with COVID-19—there is no “me” in COVID. JAMA Netw Open. 2021; 4(1):e2035041.

11.

Townsend-Drake

, Harvin

, Sellwood

. Bioterrorism: Applying the Lens of COVID-19 Report 2021. London: Counter Terrorism Preparedness Network; 2021. Accessed October 12, 2021. https://www.resiliencefirst.org/sites/default/files/2021-03/CTPN%20Bioterrorism%20Report%20%28Double%20Spreads%29.pdf

12.

G7. G7 Carbis Bay Health Declaration. Accessed July 20, 2021. https://www.g7uk.org/wp-content/uploads/2021/06/G7-Carbis-Bay-Health-Declaration-PDF-389KB-4-Pages.pdf

13.

Bavel

JJV

, Baicker

, Boggio

, et al. Using social and behavioural science to support COVID-19 pandemic response. Nat Hum Behav. 2020; 4(5):460-471.

14.

Krpan

, Makki

, Saleh

, Brink

, Klauznicer

. When behavioural science can make a difference in times of COVID-19. Behav Public Policy. 2021; 5(2):153-179.

15.

Purushotham

, Roberts

, Haire

, et al. The impact of national non-pharmaceutical interventions (‘lockdowns’) on the presentation of cancer patients. Ecancermedicalscience. 2021; 15:1180.

16.

Aldujeli

, Hamadeh

, Briedis

, et al. Delays in presentation in patients with acute myocardial infarction during the COVID-19 pandemic. Cardiol Res. 2020; 11(6):386-391.

17.

Shah

, Tang

, Ibrahim

, et al. Surge in delayed myocardial infarction presentations: an inadvertent consequence of social distancing during the COVID-19 pandemic. JACC Case Rep. 2020; 2(10):1642-1647.

18.

Kitahara

, Fujino

, Honda S, et al. COVID-19 pandemic is associated with mechanical complications in patients with ST-elevation myocardial infarction. Open Heart. 2021; 8:e001497.

19.

Mitra

, Mitchell

, Cloud

, et al. Presentations of stroke and acute myocardial infarction in the first 28 days following the introduction of State of Emergency restrictions for COVID-19. Emerg Med Australas. 2020; 32(6):1040-1045.

20.

Lynn

, Avis

, Lenton S, et al. Delayed access to care and late presentations in children during the COVID-19 pandemic: a snapshot survey of 4075 paediatricians in the UK and Ireland. Arch Dis Child. 2021; 106(2):e8.

21.

Goyal

, Singh

, Shekhar

, Agrawal

, Misra

. The effect of the COVID-19 pandemic on maternal health due to delay in seeking health care: experience from a tertiary center. Int J Gynaecol Obstet. 2021; 152(2):231-235.

22.

Downey

Clinicians told they can use WhatsApp to share data in face of COVID-19. Digital Health. March 19, 2020. Accessed July 20, 2021. https://www.digitalhealth.net/2020/03/clinicians-told-they-can-use-whatsapp-to-share-data-in-face-of-covid-19/

23.

Birrell

, Blake

, van Leeuwen

, Gent

, De Angelis

. Real-time nowcasting and forecasting of COVID-19 dynamics in England: the first wave. Phil Trans R Soc Lond B Biol Sci. 2021; 376(1829):20200279.

24.

Wenham

Modelling can only tell us so much: politics explains the rest. Lancet. 2020; 395(10233):1335.

25.

Sridhar

, Majumder

. Modelling the pandemic. BMJ. 2020; 369:m1567.

26.

Teo

JTH

, Dinu

, Bernal

, et al. Real-time clinician text feeds from electronic health records. NPJ Digit. Med. 2021; 4(1):35.

27.

Bowsher

, Bernard

, Sullivan

. A health intelligence framework for pandemic response: lessons from the UK experience of COVID-19. Health Secur. 2020;(6):435-443.

28.

Bowsher

, Sullivan

. Why we need an intelligence-led approach to pandemics: supporting science and public health during COVID-19 and beyond. J R Soc Med. 2021; 114(1):12-14.

29.

Bernard

, Sullivan

. The use of HUMINT in epidemics: a practical assessment. Intell Natl Secur. 2020; 35(4):493-501.

30.

Wilson

, McNamara

. The 1999 West Nile virus warning signal revisited. Intell Natl Secur. 2020; 35(4):519-526.

31.

Ostergard

Jr . The West Africa Ebola outbreak (2014-2016): a health intelligence failure?. Intell Natl Secur. 2020; 35(4):477-492.

32.

Lentzos

, Goodman

, Wilson

Health security intelligence: engaging across disciplines and sectors, Intell Natl Secur. 2020;35(4):465-476.

33.

Smith

, Walsh

. Improving health security and intelligence capabilities to mitigate biological threats. Int J Intell Secur Public Aff. 2021; 23(2):139-155.

34.

Phythian

, ed. Understanding the Intelligence Cycle. Abingdon, UK: Routledge; 2013.

35.

Trend Micro. Indicators of compromise. Accessed July 10, 2021. https://www.trendmicro.com/vinfo/us/security/definition/indicators-of-compromise

36.

Gragido

Understanding indicators of compromise (IOC) part 1. Published October 3, 2012. Accessed October 12, 2021. https://web.archive.org/web/20170914034202/https://blogs.rsa.com/understanding-indicators-of-compromise-ioc-part-i/

37.

Bank of England. CBEST Intelligence-Led Testing: Understanding Cyber Threat Intelligence Operations. Version 2.0. London: Bank of England; 2016. Accessed July 10, 2021. https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf

38.

British Society of Thoracic Imaging. Rationale for CTPA in Covid-19 patients, January 2021. Accessed November 10, 2021. https://www.bsti.org.uk/media/resources/files/Rationale_for_CTPA_in_Covid_considerations_F.pdf

39.

Nair

, Rodrigues

JCL

, Hare

, et al. A British Society of Thoracic Imaging statement: considerations in designing local imaging diagnostic algorithms for the COVID-19 pandemic. Clin Radiol. 2020; 75(5):329-334.

40.

UK Cyber Security Policy. Securing Cyber Resilience in Health and Care: Progress Update October 2018. London: UK Department of Health & Social Care; 2018. Accessed March 22, 2021. https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-october-2018-update

41.

HM Government. Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy. London: Her Majesty's Stationery Office; 2021. Accessed October 19, 2021. https://www.gov.uk/government/publications/global-britain-in-a-competitive-age-the-integrated-review-of-security-defence-development-and-foreign-policy

42.

Horton

Genomic sequencing in pandemics. Lancet. 2021; 397(10273):445.