Feb 27 2017

AI Helps Healthcare Sift Out Cyberthreats

Artificial intelligence is being implemented to help security systems learn how to outsmart evolving attacks.

Healthcare providers have been racing to understand and comply with the 2009 federal Health Information Technology for Economic and Clinical Health (HITECH) Act since its launch eight years ago. The HITECH Act aims to stimulate the adoption of electronic health records (EHR) and its associated technology.

As many providers enter the third and final stage of the act’s implementation this year, questions remain over how to maintain the privacy of patient records. Meanwhile, the administrative and technical heavy lifting involved in the transition to EHRs has pushed security concerns to the background for many providers. Luckily, another IT trend, artificial intelligence, is blossoming into a potential solution to those security concerns.

Cognetyx, a recent startup out of Houston founded by Amit Kulkarni, has developed a cognitive security technology (CST) solution that uses AI to tackle this industrywide problem.

“The big push to get hospitals onto electronic medical records presented us with this business opportunity,” explains Sean Burnett, product manager for Cognetyx. “In this rush, many providers are losing sight of security. So our objective is to meet this need that they didn’t have time to address.”

SIGN UP: Get more news from the HealthTech newsletter in your inbox every two weeks

Struggling to Keep Up with Attackers

With the cost of a lost medical record averaging $355 per record for healthcare providers to remediate, according to a recent IBM-sponsored report by Ponemon, financial liability should be top of mind for companies and vendors alike. Some breaches, in fact, have resulted in nearly 80 million patient records compromised, as reported by Healthcare IT News.

“When I started in this industry, I wasn’t aware of the prevalence of attacks and costs of a breach,” says David Smith, vice president of sales and business development for Cognetyx. “But, think about it: Once a breach is identified, it takes a year to mitigate. What does that cost a hospital? Every customer we talk to has an example to cite. And it’s understandable why hackers are going after these medical records. They’re worth about $50 to $100 on the black market.”

The healthcare industry, like many other industries, has been slow to keep up with the rapid evolution of cyberattacks. Perimeter-focused defenses are no longer effective in the era of phishing attacks and ransomware. This is a problem for the healthcare industry in particular. “In fact, healthcare breaches are, more often than not, an inside job,” shares Smith.

To protect inside a healthcare organization’s perimeter, many organizations are looking to more closely monitor network traffic through the use of security information and event management (SIEM) tools and network segmentation. But this approach also has its downsides: Sifting through too many security event notifications causes alert fatigue and often security is notified only after the breach has already occurred.

Turning to AI for Protection

But CST solutions that use AI, such as Cognetyx’s Ambient Cognitive Cyber Surveillance and IBM’s Watson for Cybersecurity, can offer advanced analytics and machine learning for cybersecurity incidents, remedying many of these issues.

Traditional SIEMs can typically only analyze structured data feeds, leaving out a large percentage of unstructured data that can prove critical to surfacing security incidents. Cognitive computing, however, is not a set-and-forget programming technology, but an approach that learns as it goes along, gaining insight as it builds experience. It can be applied to both structured and unstructured data, and be taught where and how to look for anomalies in the data.

“What we’re doing in healthcare is combining AI with a clinical context around how folks access patient records, and also common attack behavior,” explains Burnett. “This then provides our customers with good insights into privacy violation activities. Reduces false positives. And it quickly gets the best information in front of the right person.”

Smith adds that providers should be monitoring credentials.

“Credentials are necessary for access, so we’re using AI and machine learning to scrutinize their use more closely. We’re pulling behavioral benchmarks for each user, noting their typical network activity, and we run algorithms looking at that behavior. Then we can quickly alert the CISO to any key anomalies,” Smith says.

Still, AI won’t replace perimeter and signature-based security tools anytime soon, but healthcare organizations can expect to see AI augmenting their existing systems.

“There is no cybersecurity silver bullet. You need perimeter security. You need management systems. You need these tools,” says Smith. “What we’re doing is using AI and adding additional security inside the environment, working with these other technologies.”

ktsimage/iStock/Thinkstock Photo

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.