Artificial intelligence (AI) and machine learning may provide one of the best defenses against cybercrime in healthcare—and do a better job of it than the incident response strategies currently in place, a new report warns.
According to a white paper from the Institute for Critical Infrastructure Technology, the healthcare industry “demonstrates lackadaisical cyber hygiene, finagled and Frankensteined networks, virtually unanimous absence of security operations teams and good ol’ boys club bureaucratic board members flexing little more than smoke and mirror, cybersecurity theatrics as their organizational defense,” writes ICIT senior fellow James Scott.
The best hope for getting ahead of would-be attackers, argues Scott, is implementing machine learning and artificial intelligence solutions—which vendors have ready to go—but upon which providers need to act quickly and decisively. Scott writes that with AI and machine learning, healthcare organizations have a rare and brief advantage over cyber thieves.
“However, that advantage will not last. Currently, machine learning and artificial intelligence solutions are the only sophisticated defense against ransomware and tailored malware attacks. Adversaries have an economic incentive to weaponize any and every emerging technology against healthcare and other organizations that are inadequately securing vast treasure troves of sensitive PII, PHI, proprietary data, and other valuable information,” the report states.
Machine learning assists prevent cyber crimes, according to one use case cited in the report, by helping to identify anomalous behavior of individuals accessing healthcare infrastructure and applications, and then identifying patterns of normal usage and alerting or flagging events that are unusual. Machine learning can be leveraged to calculate a risk score for specific events as they happen based on the similarity or not to the normal behavior observed for the user performing the specific events.
“Once the risk score has been determined in realtime, the system can use this during a login event to either grant the access for a low-risk event or to challenge for Multi Factor Authentication [MFA] or possibly block the access for high-risk events,” the report states.
The report warns that C-level executives who choose to ignore the merits of these methods will “doom their organizations to be ‘lower-hanging fruit’ than competitors who invest in these innovative solutions now.”
The full report, which offers visual examples of what health data looks like when it’s offered for sale on the dark web, can be downloaded here.