With large-scale incidents of identity theft, more insecure connected devices such as mobile phones and smart watches, and increasing storage of patient data in the cloud, cybersecurity is becoming a major concern in the healthcare industry.
The amount of sensitive patient data in hospitals and healthcare organizations creates security vulnerabilities, and medical equipment like insulin pumps and pacemakers have multiple points of entry for hackers.
In 2018, healthcare data breaches affected 11.5 million patients. Each record costs a hospital or healthcare organization around $380, 2.5 times the global average. Grand View Research predicts that the global healthcare cybersecurity market will reach $10.85 billion by 2022.
Today, innovations in Artificial Intelligence (AI) and Machine Learning (ML) can help hospitals improve their efficiency and cut security costs through behavioral modeling and automated data analysis at scale.
AI is a process by which a machine can learn how to think like a human. Machine learning is an application of artificial intelligence where a system can learn from past experience and make new decisions without additional programming. AI and machine learning can avoid human errors, automate routine tasks, mine big data sets for actionable insights, and predict future trends.
When applied to the healthcare industry, here are some ways that trending technologies like AI and machine learning can improve the quality of patient care through increased security:
Machine learning systems can identify and pre-empt suspicious hacker behavior much more efficiently than traditional reactive methods of fixing vulnerabilities post-attack. Security Information and Event Management (SIEM) software products indicate when multiple devices or unknown users are requesting Electronic Health Record (EHR) access.
Over 40% of healthcare breaches result from criminal activity like ransomware and phishing. Phishing and other sophisticated attacks can circumvent anti-virus software and systems with rule or signature-based access, so healthcare organizations need to rely on deep learning systems that can absorb new information and intuitively recognize patterns, thereby outsmarting their opponents. Deep learning is a subfield of machine learning where supervised, semi-supervised or unsupervised learning occurs through artificial neural networks.
Almost 20% of cybersecurity attacks in healthcare involve Internet-of-things (IoT) devices. In the past, hospitals and device manufacturers have not upheld stringent guidelines on security standards. It is also difficult to implement security controls into critical devices because many have outdated operating systems and proprietary code. A report by TripX revealed three devices - a blood gas analyzer, a picture archive and communications system, and an X-ray system - where malware infections leaked into other parts of the healthcare network. AI can help quickly identify malware threats before they turn into cyberattacks.
Traditionally, healthcare organizations have protected systems and devices by strengthening passwords, patching (fixing security vulnerabilities), and segmenting networks. Today, many time-consuming tasks can be simplified with AI automation.
For organizations that need to comply with HIPAA, patient data privacy is top of mind. AI and machine learning solutions can work with large algorithms and datasets like EHRs to protect health data. They compare new data access requests with those from client companies and flag suspicious behavior through big data analysis.
Artificial intelligence can complement blockchain technology and create secure digital transactions housed in the cloud.
The Department of Health and Human Services recently piloted a new blockchain-machine learning initiative, where machine learning algorithms cleanse contract-writing system data for tracking through blockchain technology. The project then analyzes historical pricing data to negotiate better contract prices. This is anticipated to lead to $720 million in cost savings per year.
Improving security in the healthcare system has life-changing repercussions. Each second a system is down, patient lives are at risk and there is little access to drug histories, care logs, and instructions for surgery. The imperative for intelligently identifying threats and thwarting attacks is leading to more and more organizations turning to artificial intelligence.
Some of the barriers to large-scale adoption of improved cybersecurity are that machine learning apps may need to train on large datasets protected by HIPAA regulations and that hospitals are not used to investing in expensive cybersecurity tools (they invest less than 6% of budget in cybersecurity, much lower than the federal budget for cybersecurity). Additionally, employees at all levels of the healthcare organization need to constantly be reminded to enforce security protocols and take precautionary measures. This may require the introduction of gamification, game mechanics or competitive elements housed within a system or application, to change workplace norms.
By conducting research into different AI and machine learning systems and how automation can work with existing data and processes, hospitals can be more confident in their ability to focus on providing high-quality patient care and patient safety for people in need, without worrying that malicious users are taking advantage of their work for easy financial gains.