[BreachExchange] Innovation in healthcare: A hacker’s dream and CISO’s nightmare?

Thu Jul 12 19:37:18 EDT 2018

https://www.helpnetsecurity.com/2018/07/11/healthcare-
innovation-security-risk/

It’s hard not to be excited about artificial intelligence and machine
learning in pure technology terms, but applying these innovations to the
healthcare sector has the potential to do truly great things for humanity.
Just imagine if these technologies could help us to diagnose and treat some
of the world’s most pressing health crises.

Ground-breaking work in the field of healthcare AI is already being
undertaken. For example, researchers at Stanford University last year
announced that they had successfully trained a deep learning algorithm to
identify skin cancer with an accuracy that matches leading dermatologists.

What’s more, these innovations have a role to play from early disease
detection and diagnosis right through to improving the patient experience
itself. The health budgets of even some of the world’s most developed
nations are stretched, so AI and deep learning technologies have the
potential to help lead us towards the holy grail of universal access to
quality care.

In this sense, we stand to see benefits not just to individual patient
health, but also to healthcare systems themselves through cost savings and
more efficient and secure storage of data. For both of these reasons, there
have been calls from prominent industry figures for greater investment and
application of AI in healthcare over the coming years. A recent review by
surgeon and former health minister Lord Darzi called for the “full
automation” of health and social services, claiming it would give staff
more “time to care” for patients and could save the NHS almost £13bn a year
– a tenth of its budget.

The healthcare industry is also facing a skills shortage, with the system
in the US facing a shortfall of 120,000 physicians by 2030. While AI
technology will not directly fill this gap – robot GPs are still some way
off – the idea is that by automating certain admin-based processes (like
prescription requests), doctors’ time while be freed up for more vital
tasks that will have a direct impact on patient wellbeing.

However, ground-breaking technology inevitably comes with associated risks,
and it is particularly important in the current climate to weigh up the
benefits of innovation with the potential cyber threats. Medical data is a
valuable commodity for cyber criminals and healthcare has seen the largest
increase in cyber attacks of any industry over the last year, with the
number of cyber threats targeting this sector every second doubling.

Healthcare organisations have even emerged as viable and attractive targets
for state-sponsored cybercrime groups such as Hidden Cobra. This trend is
particularly worrying given the complex and elusive tactics employed by
these gangs.

Luckily, there are steps that healthcare organisations can take to mitigate
these threats. While there is justifiably excitement about the potential
for next-generation technology to transform services, on a wider scale this
must also be accompanied by a strong security posture that is embraced at
all levels of the organisation. Similarly, any rollout of AI technology
must include an increased focus on bringing in cyber security talent
externally, but also on promoting awareness and educating the existing
workforce. After all, the insider threat – whether deliberate or not – is
the most dangerous risk to any organisation’s cyber security.

It is also crucial that security is built in from the outset with robust
processes. This should incorporate the ability to detect threats as soon as
they arise and, once targeted, correct systems quickly to minimise
disruption to patients and the workforce.

While the key currency is money in what we would traditionally consider the
conventional economy, in the “second economy,” it’s trust – and trust is
the prime casualty of cyber conflict. Trust is particularly important when
dealing with people’s most sensitive information – or data that really does
mean life or death to a patient. Damage to patient trust and brand
reputation can be profound, long-lasting and difficult to reverse.

Protecting the “second economy” requires organisations to evolve both their
technology and organisational culture, while the best defence means a more
cohesive, platform-oriented technology solution.

Healthcare organisations must first and foremost recognise the value of the
data they protect, and therefore its appeal to cyber criminals. It is
important to emphasise that security concerns should not be a reason to
avoid or stymie innovation and improvement, but any step to implement new
technologies must consider security from the outset to keep data secure and
maintain patient trust.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180712/71854e3d/attachment.html>