We’re living through a period of unprecedented technological progress. Though the world of dial-up internet, cassette tapes, and huge CRT televisions seems like a distant memory, I have to remind myself that it was less than 25 years ago. Now, technology permeates every facet of our lives.
Historically, the healthcare industry has been slow to adopt new technology. I understand why. Lives are at stake, and extra caution is essential. But as the world around us moves at break-neck speed, pressure has grown on healthcare organizations to keep up the pace — not least when it comes to artificial intelligence (AI).
In the last few years, leaders in higher education and across healthcare research and governance have spent a lot of time and resources studying AI and its many different applications. Already, we’ve seen it have a profound effect on the industry, in areas such as medical imaging and diagnostics, predictive analytics and early intervention, personalized treatment plans, and virtual health assistants.
But what concerns me most is not the impact AI will have on the quality and delivery of healthcare; it's the impact it will have on the digital security of organizations and their data.
The healthcare industry is both at the forefront of innovation and on the brink of extreme vulnerability.
AI offers tremendous potential. That's what has caused the healthcare industry to abandon its cautious tendencies and swiftly adopt and integrate AI into their processes. As a result, progress has been made rapidly, but at what cost?
Many facilities have been squarely focused on the benefits of AI: how it can expedite appointments, improve the accuracy of diagnoses, and reduce the workload on burned-out staff. But in the process, they’ve lost sight of the adaptations required to accommodate AI securely, ethically, and compliantly. From my experience, I know it is essential that we as an industry, as well as individual healthcare organizations, develop and utilize boundaries and regulatory standards that govern our use of AI.
It will also be critical for facilities to reassess their cybersecurity needs. They must not only eliminate gaps in their security created by their adoption of AI, but also identify and combat ways AI may be harnessed against them. Malicious actors will continue to progress their usage of AI to write more realistic phishing emails and destructive code for the purpose of carrying out attacks. It’s a two-way street, though, and I'm also confident AI can be used as part of a cybersecurity strategy to counter these threats. It will play a pivotal role in:
- Bolstering threat detection and prevention.
- Mitigating malware.
- Safeguarding against phishing and social engineering attacks.
- Enabling swift incident response.
Although the healthcare industry is disproportionately targeted by cybercriminals, AI is a cybersecurity threat that can impact any organization, just like ransomware, supply chain attacks, phishing and social engineering, malware, and malicious software. However, there is one potential vulnerability that is unique to healthcare: the proliferation of network-connected medical devices.
Previously, a large percentage of medical devices were stand-alone. But now, operational technology (OT) — such as infusion pumps, pacemakers, imaging devices — has been introduced into the new always-connected world, increasing in connectivity and interoperability. This has created new vulnerabilities for malicious actors to exploit.
For healthcare organizations, a new level of vigilance is required. As facilities incorporate more technology into their systems and processes, the need to adapt their cybersecurity measures increases.
So, what’s been stopping them so far? Well, apart from the speed of adoption, which as I’ve mentioned has been unusually fast, there’s another looming problem — the scarcity of cybersecurity professionals. It’s a challenge that’s not limited to healthcare, but its impact is especially pronounced here. With healthcare dollars already being stretched thin, attracting and retaining qualified cybersecurity professionals is often difficult.
The shortage isn’t just a problem for HR departments; it’s a ticking timebomb. Organizations need to adapt to secure themselves against new vulnerabilities and innovative cyberattacks. I can tell you first-hand that the industry’s strict regulatory frameworks, such as HIPAA, also pose challenges that require expert attention.
These requirements, paired with the combination of limited finances and an absence of available cybersecurity experts, have left healthcare organizations gambling with their future. And with AI and technology causing more vulnerabilities to contend with, the stakes are only getting higher.
Our journey in healthcare cybersecurity is a dynamic dance between innovation and protection. We stand at the crossroads. We must understand our challenges, adopt best practices, and embrace emerging trends if we’re to pave the way to a resilient, secure healthcare future.
Tom Cunningham is an I.T. and cybersecurity expert and the Information Security Manager at CNECT’s parent company, Health Center Partners (HCP). He has been working in the industry for 25 years, 16 of which have seen him specialize in healthcare cybersecurity.