The security of IT/OT/IoT infrastructures in medical facilities today is entirely based on monitoring, detection of non-standard conditions, and in the best case, statistical analysis of data flows. The concept, which is starting to gain traction abroad, is based on the cooperation of these standard "monitoring-based" approaches with predictive analysis of data from the web environment, social networks and the Darknet/Darkweb. The contribution aims to inform and draw attention to this neglected area and to present a concept of possible solutions.