In this two-part series, we look at the challenges of managing cybersecurity, the impact on healthcare AI adoption, and potential solutions that could remove the barriers health systems face in harnessing the power of AI.
Series Part 1: Prioritizing cybersecurity to enable healthcare AI
An epidemic of cyberattacks emerged this past year as hospitals were grappling with the COVID-19 pandemic. 2020 broke records for both the number of cyberattacks on health systems that occurred and the volume of data lost due to security breaches.
It took health systems an average of 280 days to identify and contain a data breach. That’s just 85 days shy of a year!
In 2020, ransomware alone resulted in the exposure and theft of protected health information (PHI) for at least 18,069,012 patients. That’s more people than the combined populations of Alaska, DC, Delaware, Hawaii, Idaho, Maine, Montana, Nebraska, New Hampshire, North Dakota, Rhode Island, South Dakota, Vermont, West Virginia, and Wyoming.
With the growth of artificial intelligence and the need for data to fuel machine learning, cybersecurity is one of the most significant challenges faced by the healthcare industry in adopting AI.
A different sort of lockdown
Yikes… ‘network outage…’
The cyberattack that led to a network outage at Scripps Health in San Diego, California is one of the latest examples of healthcare’s immense cybersecurity vulnerabilities. In early May of 2021, cybercriminals stole data on nearly 150,000 patients. The data breach ranged from names and addresses to clinical information, treatments, social security numbers, patient account numbers, and more. To prevent continued data breaches, Scripps suspended access to its IT applications and underwent a 3-week outage. This forced clinicians to go old school and operate with paper records, significantly impacting the quality of patient care. As of June 2021, Scripps is now being sued by its patients as well. A similar cyberattack on Universal Health Services saw a $67M loss — not to mention the HIPAA fines yet to come.
Cyber Attackers are ruthless; despite — or rather because of — the pandemic, hackers quickly recognized that health systems are sitting ducks ripe for an attack. They are high revenue, high-impact organizations with archaic security practices that remain 20 years behind the modern technology used by criminals.
Many health systems have responded by building walls and moats around their current technology to deal with this cyber threat. What they should be doing is modernizing and updating their tech stack to build tools based on present-day technology languages and platforms.
One example of health systems clinging to the past is the use of MUMPS, a programming language developed nearly 60 years ago and still used today in electronic health records. Mitigating the short-term risk at the expense of long-term viability is short-sighted at best. Building a wall and moat isn’t very effective when your enemies have drones, helicopters, and fighter jets.
75% of healthcare insiders are concerned that AI
could threaten the security and privacy of patient data.
Essentially, our healthcare is based on a fragile network of brittle, poorly supported systems. Of particular concern are AI applications, where health systems are being asked for access to population-scale patient data by a growing number of AI companies. A recent survey from KPMG highlights both sides of the situation, with 91% of healthcare insiders believing AI is increasing access to care, but at the same time, 75% fear AI could threaten the security and privacy of patient data.
Developing an AI strategy has become a universal component of health system operations in a tech-forward effort to improve the quality of patient care. When it comes to implementation, health systems must first invest in improving their cybersecurity practices before they can establish AI infrastructure that relies on a continuous and reliable flow of patient information.
Facing healthcare AI and cybersecurity issues at your hospital? Drop us a note, we can share best practices and things we’ve learned along the way.
Watch for the second part of the series, Managing cybersecurity in healthcare AI: what could a solution look like?
Pelu Tran
Pelu is a serial healthtech entrepreneur; he studied both medicine and engineering at Stanford University and was four months away from receiving his MD when he dropped out to start his first company.