September 12, 2018 By Mark Stone 3 min read

The emergence of artificial intelligence (AI) in healthcare is enabling organizations to improve the customer experience and protect patient data from the raging storm of cyberthreats targeting the sector. However, since the primary goal of the healthcare industry is to treat ailing patients and address their medical concerns, cybersecurity is too often treated as an afterthought.

A recent study from West Monroe Partners found that 58 percent of parties that purchased a healthcare company discovered a cybersecurity problem after the deal was done. This may be due to a lack of personnel with in-depth knowledge of security issues. As AI emerges in the sector, healthcare professionals who misuse these technologies risk unintentionally exposing patient data and subjecting their organizations to hefty fines.

What’s Driving the AI Arms Race in Healthcare?

According to Wael Abdel Aal, CEO of telemedicine provider Tele-Med International, healthcare organizations should take advantage of AI to address two critical cybersecurity issues: greater visibility and improved implementation. Abdel Aal’s background includes 21 years as a leading cardiologist, which enables him to understand AI’s impact on healthcare from a provider’s perspective.

“Although AI security systems perform sophisticated protection algorithms, better AI systems are being developed to perform more sophisticated hacks,” he said. “The computer security environment is in a continuous race between offense and defense.”

According to Abdel Aal, the ongoing transformation in the healthcare industry depends not only on AI, but also other game-changing technologies, such as electronic medical records (EMR), online portals, wearable sensors, apps, the Internet of Things (IoT), smartphones, and augmented reality (AR) and virtual reality (VR).

“The combination of these technologies will bring us closer to modern healthcare,” he said. Abdel Aal went on to reference several potential points at which a cybersecurity breach can occur, including remote access to wearables and apps owned by the patient, connectivity with telecom, health provider access, and AI hosting.

“The potential value that these technologies will bring to healthcare is at balance with the potential security hazard it presents to individuals and societies,” AbdelAal explained. “The laws need continuous and fast updating to keep up with AI and the evolving legal questions of privacy, liability and regulation.”

As innovative technologies proliferate within healthcare systems, cyberattacks and cybercrime targeting healthcare providers are correlatively on the rise. In May 2017, for example, notorious ransomware WannaCry infected more than 200,000 victims in 150 countries. In January 2018, a healthcare organization based in Indiana was forced to pay $55,000 to cybercriminals to unlock 1,400 files of patient data, as reported by ZDNet.

In these cases, it was faster and more cost-effective for the hospital to pay the (relatively) small ransom than it would have been to undergo a complex procedure to restore the files. Unfortunately, paying the ransom only encourages threat actors. Ransomware is just the beginning; as malicious AI advances, attacks will only become more devastating.

Why Mutual Education Is Critical to Secure AI in Healthcare

So how can security leaders educate physicians and other healthcare employees to handle these new tools properly and avoid compromising patients’ privacy? Abdel Aal believes the answer is bidirectional education.

“Security leaders need to understand and experience the operational daily workflow protocols performed by individual healthcare providers,” he said. “Accordingly, they need to educate personnel and identify the most vulnerable entry points for threats and secure them.”

While the utilization of AI in healthcare is indeed on the rise and is dramatically changing the industry, according to AbdelAal, the technology driving it hasn’t evolved as fast as it could. One of the most significant hurdles for the industry to overcome is employees’ overall aversion to new technology.

“Adoption of new technology was and always is a major deterrent, be that CT, MRI or, presently, AI,” he said. “Providers, whether doctors, nurses, technicians and others, usually see new technology as a threat to their job market. They identify with the benefits but would rather stay within their comfort zone.”

Abdel Aal also pointed to legal and regulatory factors as stumbling blocks that might prompt confusion about managing progress.

Thankfully, the American Medical Association (AMA) is prepared to address these changes. According to its recently approved AI policy statement, the association will support the development of healthcare AI solutions that safeguard patient privacy rights and preserve the security and integrity of personal information. The policy states that, among other things, the AMA will actively promote engagement with AI healthcare analytics while exploring their expanding possibilities and educating patients and healthcare providers.

Patient wellness will always be the first priority in healthcare, and this is not lost on threat actors. Just like any other industry, it is increasingly imperative for leaders to understand the progressive intertwining of their primary goals with cybersecurity practices and respond accordingly.

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today