Sep 01 2023

How AI Can Help Healthcare Organizations Bolster Patient Data Security

Healthcare needs to do a better job of safeguarding electronic protected health information. Artificial intelligence-powered platforms are key.

Healthcare organizations have been increasing their spending on preventive and reactive cybersecurity solutions amid a volatile threat landscape. The industry’s security spending is estimated to be $125 billion from 2020 through 2025.

Despite these efforts, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) regularly investigates hundreds of reported breaches of unsecured protected health information. A large majority of lost, stolen or breached patient data is from network file servers.

Breaches have devastating financial, operational, regulatory and reputational costs. The average cost of a healthcare data breach has reached a record of nearly $11 million and is growing exponentially, according to a 2023 IBM report. Hacking accounts for many of the breaches, the OCR has documented, with ransomware attacks on the uptick.

Healthcare organizations are particularly affected by cyberattacks because of the potential impact on life-saving operations. Healthcare IT and security professionals surveyed for a 2022 report from the Ponemon Institute and Proofpoint cited negative patient outcomes as a major consequence of cyberattacks.

It is clear that an outdated approach to healthcare cybersecurity is not working to reduce the impact of cyberattacks on a critical industry. A primary reason: The data that healthcare needs to protect cannot easily be seen or found by existing technologies.

Click the banner below to explore zero trust and its benefits for healthcare.

How Hospitals Can Gain Visibility Into Their Data

If organizations do not know where their data is or what it looks like, they cannot properly secure it. Finding patient information within an organization is not an easy task and often requires computer programming skills.

Outdated technologies that leverage rules-based pattern matching to identify whether something is protected health information are difficult at best to get working properly, and they are no longer sufficient to protect healthcare organizations from their greatest risks.

But advancements in artificial intelligence are powering solutions to identify and inventory electronic protected health information (ePHI). The power of deep learning allows AI models to mimic the ability of trained humans in identifying ePHI, without needing to undertake cumbersome programming tasks and continuously tweak, test and analyze large amounts of search patterns and detection rules. That process is old school and limits organizations that want to scale.

LEARN MORE: How AI is making healthcare smarter.

How Hospitals Can Meet Better Standardization and Compliance

The National Institute of Standards and Technology provides guidance and resources for implementing security measures that comply with the HIPAA Security Rule, which serves to better protect patient information and reduce the impact of cyberattacks by safeguarding ePHI held or maintained by HIPAA-regulated entities.

David Ting
Healthcare organizations can leverage AI-powered solutions to manage and identify ePHI, reducing risks and saving costs.”

David Ting Founder and CTO, Tausight

As stated in the NIST 800-66r2 document: “The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures.”

The document provides updated and crucial implementation guidance for HIPAA-regulated entities to proactively protect patient data and identify and manage ePHI risks. As the de facto standard for best practice, NIST 800-66r2 directs organizations to have an incident response plan for all areas in which ePHI is being used, stored or shared.

The first step to achieving this is to identify all of the places and so-called junk drawers of ePHI outside of the electronic health records system. Healthcare organizations can’t manage what they can’t see. They must first identify and inventory ePHI in order to protect this data from cyberattacks. That’s where a unified cloud-native applications protection platform can help.

Healthcare organizations seeking to modernize their cybersecurity approach should consider an AI-powered data security platform that can help identify and inventory ePHI. Traditionally, this is done by archaic rules-based systems made even more complex because over 80 percent of healthcare data is unstructured.

Healthcare organizations can leverage AI-powered solutions to manage and identify ePHI, reducing risks and saving costs. Those that have found success with such solutions report minimized risk against cyberattacks, fewer resources needed to manage data and lower cyber insurance premiums.

EXPLORE: Here five questions to ask about generative AI in healthcare.

SDI Productions/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.