The emergence of artificial intelligence (AI) in healthcare is enabling organizations to improve the customer experience and protect patient data from the raging storm of cyberthreats targeting the sector. However, since the primary goal of the healthcare industry is to treat ailing patients and address their medical concerns, cybersecurity is too often treated as an afterthought.
A recent study from West Monroe Partners found that 58 percent of parties that purchased a healthcare company discovered a cybersecurity problem after the deal was done. This may be due to a lack of personnel with in-depth knowledge of security issues. As AI emerges in the sector, healthcare professionals who misuse these technologies risk unintentionally exposing patient data and subjecting their organizations to hefty fines.
What’s Driving the AI Arms Race in Healthcare?
According to Wael Abdel Aal, CEO of telemedicine provider Tele-Med International, healthcare organizations should take advantage of AI to address two critical cybersecurity issues: greater visibility and improved implementation. Abdel Aal’s background includes 21 years as a leading cardiologist, which enables him to understand AI’s impact on healthcare from a provider’s perspective.
“Although AI security systems perform sophisticated protection algorithms, better AI systems are being developed to perform more sophisticated hacks,” he said. “The computer security environment is in a continuous race between offense and defense.”
According to Abdel Aal, the ongoing transformation in the healthcare industry depends not only on AI, but also other game-changing technologies, such as electronic medical records (EMR), online portals, wearable sensors, apps, the Internet of Things (IoT), smartphones, and augmented reality (AR) and virtual reality (VR).
“The combination of these technologies will bring us closer to modern healthcare,” he said. Abdel Aal went on to reference several potential points at which a cybersecurity breach can occur, including remote access to wearables and apps owned by the patient, connectivity with telecom, health provider access, and AI hosting.
“The potential value that these technologies will bring to healthcare is at balance with the potential security hazard it presents to individuals and societies,” AbdelAal explained. “The laws need continuous and fast updating to keep up with AI and the evolving legal questions of privacy, liability and regulation.”
As innovative technologies proliferate within healthcare systems, cyberattacks and cybercrime targeting healthcare providers are correlatively on the rise. In May 2017, for example, notorious ransomware WannaCry infected more than 200,000 victims in 150 countries. In January 2018, a healthcare organization based in Indiana was forced to pay $55,000 to cybercriminals to unlock 1,400 files of patient data, as reported by ZDNet.
In these cases, it was faster and more cost-effective for the hospital to pay the (relatively) small ransom than it would have been to undergo a complex procedure to restore the files. Unfortunately, paying the ransom only encourages threat actors. Ransomware is just the beginning; as malicious AI advances, attacks will only become more devastating.
Why Mutual Education Is Critical to Secure AI in Healthcare
So how can security leaders educate physicians and other healthcare employees to handle these new tools properly and avoid compromising patients’ privacy? Abdel Aal believes the answer is bidirectional education.
“Security leaders need to understand and experience the operational daily workflow protocols performed by individual healthcare providers,” he said. “Accordingly, they need to educate personnel and identify the most vulnerable entry points for threats and secure them.”
While the utilization of AI in healthcare is indeed on the rise and is dramatically changing the industry, according to AbdelAal, the technology driving it hasn’t evolved as fast as it could. One of the most significant hurdles for the industry to overcome is employees’ overall aversion to new technology.
“Adoption of new technology was and always is a major deterrent, be that CT, MRI or, presently, AI,” he said. “Providers, whether doctors, nurses, technicians and others, usually see new technology as a threat to their job market. They identify with the benefits but would rather stay within their comfort zone.”
Abdel Aal also pointed to legal and regulatory factors as stumbling blocks that might prompt confusion about managing progress.
Thankfully, the American Medical Association (AMA) is prepared to address these changes. According to its recently approved AI policy statement, the association will support the development of healthcare AI solutions that safeguard patient privacy rights and preserve the security and integrity of personal information. The policy states that, among other things, the AMA will actively promote engagement with AI healthcare analytics while exploring their expanding possibilities and educating patients and healthcare providers.
Patient wellness will always be the first priority in healthcare, and this is not lost on threat actors. Just like any other industry, it is increasingly imperative for leaders to understand the progressive intertwining of their primary goals with cybersecurity practices and respond accordingly.