Security

Back to Basics: The Role of AI in Cybersecurity

As healthcare organizations consider the use of artificial intelligence to support clinical workflows, they also must consider its impact on security.

Mike Gregory

Mike Gregory is CDW's Healthcare Security Strategist and former Information Security Officer at Community Foundation of Northwest Indiana, Inc. He brings over 36 years’ experience in various information technology services, 16 years in healthcare. He has a great depth of understanding of information security and healthcare operations to drive initiatives in data protection, compliance and risk management, regulatory auditing and mature and privacy security programs.

Artificial intelligence and machine learning have featured heavily at healthcare technology conferences so far this year, building on public interest that has only grown since the end of 2022.

Most of the conversations have highlighted the potential benefits of AI/ML solutions for healthcare organizations. But AI-powered tools also come with some serious cybersecurity considerations for organizations.

Earlier this year, for instance, scammers used deepfake technology to create a bogus conference call in order to trick a finance employee at a multinational company in Hong Kong into paying out $25.6 million. Government agencies have also been warning everyday consumers about voice cloning scams.

Amid this rapidly evolving AI and cybersecurity landscape, what do healthcare organizations need to know to strengthen their own strategies and protect their patients and staff members?

Click the banner below to learn how to get the most out of your zero-trust initiative.

x-zerotrust-guidance-animated-2024-seewhat

AI Can Circumvent Cybersecurity Controls

Healthcare organizations are trying to become more adept at turning the vast amount of data that they collect, store and share into actionable insights. They’re using more meaningful analytics and turning to AI-powered solutions for clinical decision support. They’re also looking for ways to use AI to reduce the administrative burden on staff members and to streamline workflows.

All of that data is very attractive to cybercriminals, who are really going after business intelligence. So, they’re using AI to break through healthcare’s cybersecurity controls, and they’re not differentiating between small community hospital and large health systems. It’s all fair game to them.

There are several AI-related attacks that malicious actors will deploy. Commoditized AI-powered attacks rely on a kit or service: Malicious actors who don’t know much about how an algorithm works can simply buy a solution on the dark web and launch their own attacks. Some examples include data-intensive password cracking, assisted hacking and the use of deepfakes to improve social engineering attempts.

DISCOVER: Follow these best practices to improve cyber resilience in healthcare.

Some emerging AI-assisted cyberattacks include ransomware, advanced persistent threats and business email compromise. In each of these attacks, AI is being used to enhance the kits that exist on the dark web. In some ransomware cases, the use of an AI ransom negotiator could make the situation even more difficult.

AI-assisted APTs can be especially harmful because malicious actors are using AI to consistently attack the same health systems in different ways and looking for a window of opportunity to penetrate networks. These attacks can require months of close surveillance. The malware that is collecting information from a healthcare organization can remain undetected and start to exfiltrate sensitive information at a slow rate, evading security tactics.

Cyberattacks are going to become more sophisticated. C-suite personnel and other leaders will be favorite targets as malicious actors try to gain valuable information that affects multiple health systems.

AI Can Support and Strengthen Cybersecurity Defenses

A growing number of vendors are integrating AI into their cybersecurity solutions. Cisco recently unveiled HyperShield, a new security offering that uses AI. Google Cloud and Palo Alto Networks announced an expanded partnership to continue strengthening cybersecurity with AI.

So, while the use of AI by malicious actors is of serious concern, industry leaders such as Google CEO Sundar Pichai are also hopeful about the ways that AI can help organizations defend against cyberattacks.

AI solutions can help with data discovery and classification, offering visibility into where security gaps exist, justifying access privileges and creating business processes to protect data. When it comes to identity access, we must determine how and when to enforce profile policies. It’s really about understanding business value and workflow and what maintains viability. Organizations must treat cybersecurity as a business decision, not just an IT decision.

Next, AI response systems can help with infrastructure design. These are complete defense systems that can detect intrusions, since the telemetry is being read and acted upon in nearly real time. These platforms can process information intelligently within nanoseconds and can protect data as perpetrators try to gain access to the network. This robust analysis and speed to response is increasing with the help of AI in cybersecurity products.

Finally, AI will help with backup intelligence, or smart restoration orchestration. If a particular server or region is being attacked, that backup intelligence will be able to restore data. You may not even notice that the affected file has been removed and restored with a clean slate of data. This requires proactive monitoring. It will improve capacity planning, because now the backup system can better manage its storage consumption.

In the realm of cybersecurity strategy, the significance of the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 cannot be overstated. It illuminates the network of security within an organization, transcending the confines of the security operations center.

This revised framework fosters inclusivity, bringing diverse stakeholders into the fold and dispelling any notion of security being solely the concern of any one team. It facilitates coherent communication by standardizing terminology across IT, bridging the gap between executives and frontline security personnel. Enterprisewide application of the framework can broaden the spectrum of decision-makers, instilling a sense of confidence and ownership among all involved parties.

This article is part of HealthTech’s MonITor blog series.