Ai Will Radically Change Healthcare Security

Artificial intelligence is becoming increasingly important in the defense of healthcare providers and patients, while the number and size of cyber attacks against the industry continues to rise to unprecedented levels. All this at a time when many of us are distracted by the current pandemic and in dire need of health services - perhaps now more than ever in our past, other than perhaps in times of kinetic military conflict.

Our outdated security tools and other controls simply cannot cope with sophisticated APTs - (advanced persistent threats) from pariah nation state military espionage units. Nor can it cope with a newly emboldened Eastern Mafia, where organized crime syndicates operate with impunity from behind the former Iron Curtain, seemingly immune from local law enforcement, prosecution, or deportation to the civilized world, where law and order still largely prevail.

Many of these attacks in fact, whether conducted by military officers or proxies, are nothing more than a form of cyber warfare in order to further the political and economic objectives of their host regimes. Destabilizing the more successful west has been an ambition of the USSR since the advent of the Cold War. Today cyber attacks and information warfare add a new dimension to achieve this lasting objective in the competition for global power. Indeed this cyber conflict has been carefully engineered to take advantage of the trickle technique, where on an ongoing trickle of seemingly innocuous minor attacks has been engineered to weaken the internals of other countries over time, careful not to cross a line in the sand that might cause a massive kinetic or other response from the nation being attacked. 

Mainland China's objectives appear to be similar to that of the Russian Federation in its goals of world domination, only less focused on fermenting internal division and more on obtuse power conflict and long term theft of any advantages other nations, including the Russian Federation may possess.

The fact it that as cyber defenders we need better tools to defend and protect against attackers and higher levels of automation since we are out-gunned and out-manned at least 5 to 1 attackers to defenders.

In my presentation below I talk about the rising tide of sophisticated well funded cyber adversaries, the advent of deepfakes, CEO Fraud or Business Email Compromise (BEC) as its also known, and how AI is making these scams even more convincing and difficult to detect. I talk about the need for us to develop and implement AI-based cyber defensive tools to inoculate our networks against attacks. I discuss the need to protect healthcare providers, staff and patients from attack that could result in patient harm or even death. Increased automation and machine intelligence will permit us to respond quickly and thoroughly, and to thwart attacks before patient safety and HIT system availability are impacted.

In healthcare, we need to up our game on the security front. We need to understand what we have connected to our healthcare networks and what risks they pose. We need better threat intelligence and we need better defensive tools to protect against attack. We also need to remove the need and delay for humans to intervene against attacks in process.

As healthcare continues to digitize for improved interoperability and efficiency, cybersecurity needs to be front and center in design considerations and budget allocation if more deaths are to be avoided. Watch my 30 minute presentation below for more on this subject.

Read More

Ai & Automation in Healthcare Security

An increasing reliance upon healthcare IT and IoT including thousands of medical devices and wearables to deliver health services is changing the balance of risk across the industry

There was a fine balance between health technology services, risk and security before 2020. Some would say that this balance was nothing of the sort and that the entire healthcare life sciences industry has been accepting far too many cybersecurity risks for far too long as exemplified by all the ransomware attacks against hospitals going back 5 or more years. Or the massive theft by a nation-state of Anthem's entire health insurance customer database in 2015. Most pharmaceutical and clinical research organizations have also been targeted by cyber attack and intellectual property theft for at least a decade and most recently by a number of nation-states all in search of data on COVID-19 cures. No matter how you view the evidence, the healthcare industry out-gunned and out-manned has not fared well against a well funded and highly motivated cadre of cyber thieves and extortionists.

Now enter COVID-19 this year and the massive digital transformation forced upon HDOs in order to spin-up telehealth and telemedicine plans to diagnose and treat patients from their homes rather than on-prem, and at the same time support a non-clinical workforce all working remotely from home.

The threat surface more then doubled over night and risks exploded, all at a time that healthcare CEOs were focused upon pandemic disease management, treating COVID patients, and keeping HDOs financially afloat without their lucrative elective procedures - A throw-back and lasting legacy of the "pay per service" model of US healthcare.

With furloughs of IT and in some cases security staff too, in order to stop the hemorrhaging HDOs suddenly became massively at risk of cyber-attack at precisely the worst possible time. Perpetrators quickly recognized their opportunity and the cyber attacks of 2020 bear witness to the perfect storm impacting healthcare today.

With a steady stream of new technologies to support telehealth, and the replacement of nursing staff with medical devices to monitor and manage patients remotely as far as possible, how are hospital security leaders possibly going to protect healthcare IT and IoT systems from attack and keep patients safe?

With limited budgets and security headcount (or the availability of additional security resources), automation and increased use of artificial intelligence is a CISO's only recourse. This was the subject of my panel discussion recently at the Denver AI & Automation Security Forum where I was privileged to moderate a panel of experts in the field including: 

• Dr. Benoit Desjardins, M.D., Ph.D, Associate Professor of Radiology and Medicine at the University of Pennsylvania, 
• Michael Archuleta, CIO at Mount San Rafael Hospital 
• Powell Hamilton, CISO at Centaura Health 
• Esmond Kane, CISO at Steward Health 
• Joe Searcy, CSO at Elemental Health

Watch the 30 minute video to hear what each of these experts had to say.

 

Read More

The growing need for Artificial Intelligence in healthcare

Healthcare needs AI and ML.

The author and other experts, discuss the growing need for Artificial Intelligence in healthcare for everything from clinical decision support to administration / revenue cycle and cybersecurity. 

Machine learning algorithms are already transforming healthcare and security tools like Cylera MedCommand, but there’s an arms race with cyber-criminals where having the right tools to identify and block an attack is becoming critical.



See the full HIMSS AsiaPac Interview


See also The Impact of AI and HIoT Related Threats from the HIMSS Show Daily

See also AI Will Radically Change Healthcare Security my keynote from HIMSS AsiaPac19

Read More

AI Will Radically Change Healthcare Security

The massive recent growth in cyber-attacks has become a huge concern for just about everyone all around the world. This includes individuals, business, industry, and governments. Most alarmingly this also seems to include a myriad of critical infrastructure services like healthcare which is firmly in the cross-hairs of perpetrators. Healthcare presents an easy and lucrative target for cyber-attackers for the value of PII, PHI and IP but also, for the extortion value of holding sick patients or their medical data to ransom.

The criminal underworld that is behind many of the current cyberattacks is not just highly organized and specialized, its syndicated, heavily networked across geographic and political boundaries and now forms a giant cartel - a criminal underworld of cyber crime, where the buying and selling of exploits, stolen data, and the laundering of dirty money is as business-like as the 24/7 customer service these groups provide to victims.

 

Just as South American drug lords dominate the manufacture and supply of illegal narcotics sold in the United States, the Russian Mafia and its off-shoots dominate the cyber criminal theft and extortion racket that attacks the United States, Europe and Asia. Thanks to their location in the former USSR  which lacks extradition treaties with the rest of the world, most of these perpetrators are immune from prosecution in the countries where they inflict damage. Their locations also typically lack robust local or national law enforcement, and police officers can be easily paid off to look the other way. In other words cyber criminals can act and ply their trade with impunity unlikely ever to be brought to justice. 

 

Then there are the nation-state actors, who have vast units of military intelligence cyber operatives used to attack and weaken other countries for political and economic advantage. They often push up against the boundaries of acceptability and cyber war, carefully calculating that their actions will not cause a kinetic, or major economic or diplomatic response from those attacked and injured. China leads the ranks with hundreds of thousands of PLA cyber warriors, while the Russian GRU, and FSB, are not far behind. Not without mention are also Iranian state actors or groups operating out of China on behalf of the Kim dynastic regime of North Korea.

Together, these nation states, their proxies and plain and simple opportunistic criminal cartels present a formidable foe for anyone defending a government, a nation's critical infrastructure services or any business. But cyber-attacks are increasingly becoming automated using AI to get past cyber defenses by removing the human constraint factor that causes an attacker to pause for consideration. ‘Offensive AI’ mutates itself as it learns about its environment to stealthily mimic humans to avoid detection. It is the new cyber offensive weapon of choice and will automate responses to defensive measures rather like playing chess with a computer – it learns as it goes! Anyone who has seen the movie 'War Games' a 1983 American Cold War science fiction techno-thriller, will soon realize that this assumed intelligence can be dangerous, as computers lack human reasoning, empathy or broader understanding and could easily take an attack too far.

The author presenting how AI will radically change healthcare security at the HIMSS AsiaPac19 
Annual Conference in Bangkok, Thailand.

 

Deepfakes

We are all used to critically evaluating an image to look for the tale-tale signs of photoshopping or other image manipulation before believing what we see. The same is true for audio recordings – was that really the President saying that or was it an impersonator? What we are not used to is video manipulation – this is new territory for our brains to critically process and evaluate for truth and accuracy. AI is increasingly being used in sophisticated technology to create ‘deepfakes’ where a face is superimposed on someone else’s body or the entire video is computer generated.

Deepfakes

Data Integrity

AI’s intent is not just to steal information but to change it in such a way that integrity checking will be difficult if not impossible. Did a physician really update a patient’s medical record or did ‘Offensive AI’? Can a doctor or nurse trust the validity of the electronic health information presented to them? Ransom of patient lives may not be too far away – especially at times of heightened global tensions.

Defensive AI

But AI is already being used very effectively for cyber defense across healthcare and other industries. Advanced malware protection that inoculates the LAN and responds in nano-seconds to anomalous behavior patterns. Biomedical security tools that use AI to constantly manage and secure the rising number of healthcare IoT devices as they connect and disconnect from hospital networks. AI-powered attacks will outpace human response teams and outwit current legacy-based defenses. ‘Defensive AI’ is not merely a technological advantage in fighting cyber-attacks, but a vital ally on this new battlefield and the only way to protect patients from the cyber criminals of the future. 

More Resources

See also The Impact of AI and HIoT Related Threats from the HIMSS Show Daily

See also my LiveStream TV Interview from HIMSS AsiaPac19

Read More