Department of Health and Human Services Archives -

As the nation becomes increasingly interconnected through technology, industries are also utilizing new technology to meet patient expectations for quick diagnoses and access to results. However, when this technology usage includes personal or healthcare data that may be sensitive for patients or health systems, cybersecurity becomes paramount and necessitates the implementation of new cyber standards. The Healthcare Information and Management Systems Society (HIMSS), a global society focused on information and technology in the health ecosystem, held its annual HIMSS 2023 Healthcare Cybersecurity Forum in September. Here, industry professionals converged to innovate and discuss strategies for safeguarding the healthcare sector against cyber-attacks. To protect against breaches, the healthcare system must integrate and scale to achieve a more connected technological landscape across the industry to better serve patients.

Ransomware and Cybersecurity in Healthcare

By connecting and improving interoperability between healthcare systems/EHR platforms, overall patient service is improved; however, with features such as digital integration, migration to the cloud and the incorporation of remote workers, cyber vulnerability has simultaneously increased. Bad actors oftentimes target healthcare agencies with ransomware for hire. With the increased capabilities of artificial intelligence (AI), even inexperienced bad actors can create sophisticated and dangerous attacks. Due to the immense financial loss of these attacks, it is vital that agencies prioritize cybersecurity. Hospitals, other healthcare centers, and especially their third-party stakeholders, now face a new barrage of ransomware attacks and data breaches.

There are a couple of steps administrators can take to protect hospital systems, patients and stakeholders.

Implement ‘Security-by-Design,’ a strategy where providers ensure that all products are secure by design and default, with all IT solutions and enterprise environments.
Maintain pace with the evolution of artificial intelligence (AI) and utilize it to defend against bad actors.
Standardize a detailed incident response plan that includes a thorough business continuity plan.
Exchange defense strategies between stakeholders — a united front is stronger than trying to face threats alone.
Implement multi-factor authentication and zero trust on all end users so information is accessed by the parties that need to know.
Apply data encryption to systems to protect sensitive information against hackers.

AI in the Healthcare Industry

While bad actors have utilized the capabilities of AI, the healthcare industry can also use it to improve cybersecurity. AI does not need breaks, and therefore can run all day reducing the time needed to identify a security breach by analyzing large amounts of data in real time. On a similar note, AI can identify multiple devices and manage network endpoint detection for large networks. AI has been used to predict Domain Name System (DNS) attacks before occurrence, preventing and mitigating these attacks. It can implement Secure Access Service Edge (SASE), analyze identities and manage risk. With its strength of detecting patterns, AI can distinguish subtle patterns of attack that would otherwise go unnoticed by people.

Due to the nature of this new technology, the healthcare industry must carefully decide whether it wants to implement AI, and to what extent it will be used. In terms of cybersecurity, AI may be the answer to providing a secure standard for an interconnected healthcare industry.

Partnerships to Strengthen Cybersecurity in the Healthcare Industry

To provide the best security for patients and stakeholders in the healthcare sector, the federal government and technology industry have joined the battle against bad actors in healthcare. Several federal agencies including the Administration for Strategic Preparedness and Response (ASPR), will lend a hand in bolstering the cyber posture of the American health system. The ASPR is working alongside Cybersecurity and Infrastructure Security Agency (CISA) and private sector partners to analyze the cyber threat landscape of the healthcare sector. Over the next year, the agency hopes to create a cyber division, introduce a cyber risk identification tool, track cyber incident reports and gain resources and buy-in from senior leadership. Another agency, the Department of Health and Human Services (HHS) will strengthen cybersecurity by partnering with hospitals, health organizations and federal agencies, including CISA, that have additional information on cyber threats. Under the HHS, the Health Industry Cybersecurity Practices (HICP), a publication in response to the Cybersecurity Act of 2015, provides practical cybersecurity guidelines for the healthcare industry.

HICP covers several major threats that the industry faces, including:

Social engineering
Ransomware
Payment fraud
Loss or theft of equipment
Insider, accidental, or malicious data loss
Attacks against network connected medical devices

To counter said threats, the HICP has listed its top ten best cybersecurity practices. It advises to:

Protect email systems from phishing breaches
Implement endpoint protection systems to all hardware devices
Utilize identity and access management, regardless of the size of the health care organization
Check cyber posture to prevent data loss
Manage IT assets
Execute network management for wireless or wired connections before interoperating systems
Enact vulnerability management
Take advantage of incident response plans to discover network cyberattacks
Extend relevant cybersecurity practices to network connected medical devices
Establish and implement cybersecurity and governance policies^[1]

By enabling organizations to evaluate capability against cybersecurity attacks, HICP aims to protect patients and stakeholders from private data loss.

While cyber attacks are always growing in complexity, the healthcare industry can evolve and provide superior service for its patients through the use of tested security strategies, AI and federal aid.

Visit Carahsoft’s Healthcare Solutions Portfolio to learn more about improving cybersecurity practices in the healthcare sector.

Resources:

^[1] “HICP’s 10 Mitigating Practices,” Department of Health and Human Services, https://405d.hhs.gov/best-practices

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the HIMSS Fall Forum in September 2023.*

With the boom of consumer facing artificial intelligence (AI) through Chat GPT and other tools, the discussion of AI applications within healthcare has also become a priority with exciting new developments. Pre-COVID, there was some hesitancy with telehealth, whereas now it has become a highly valued, main offering within the healthcare ecosystem. Similarly, AI is becoming a key mobilizer for improved patient outcomes and more efficient provider processes. Through the power of the cloud and supercomputing, AI is opening doors for transformational results throughout all aspects of healthcare including personalized medicine, medical research and trials, treatment efficacy and more. Once healthcare organizations better understand the benefits that AI unlocks for all stakeholders, they can take the next steps to apply it to their individual health networks.

Benefits of AI in Healthcare

Patients

The potential uses for AI in the medical field are endless and apply to all levels of healthcare with improvements for patients, healthcare providers and healthcare administrators. When organizations invest in AI, it decreases wait times for patients, optimizes appointment availabilities and increases overall access. AI can also interpret imaging and detect illnesses faster which minimizes treatment delays. Through wearable technology and personalized medicine, AI is enabling patients to gather health data and manage treatment from home. This customizable capability is especially valuable for rural or low-income patients to level out the social determinants of health and offer treatment through telehealth while saving on costs for all involved.

Medical Providers

AI can significantly reduce the administrative burden for medical providers by automating routine tasks and increasing bandwidth for front line staff to complete other medical duties. A hallmark capability for AI is analyzing data which it can aggregate from wide pools of information to suggest electronic health record (EHR)-based interventions, predict possible future patient ailments and offer a more unified, comprehensive picture. In a post-COVID-19 world, AI healthcare data applications offer the extremely relevant and desired ability of anticipating future public health crises through research and analytics. These AI forecasts can accelerate understanding for policy creation, reinforce healthcare resources and provide precision public health.

Healthcare Administrators

Applying for grants can be a time-consuming process, but with AI evaluating grant proposals, healthcare administrators can quickly identify which grants to apply for and which to pass. AI can also detect potential fraud cases. It is currently being implemented at the Centers for Medicare and Medicaid Services to make sure that applicable citizens receive the proper care and services they deserve, and by the Department of Health and Human Services to analyze counterfeit drugs to prevent fraud and preserve the efficacy of vital medications.^[1]

Making AI a Reality for Individual Healthcare Networks

With these groundbreaking benefits, instituting AI is a clear case. Currently about 98% of healthcare organizations have or are planning to implement an AI strategy.^[2] To make this a reality, healthcare organizations must focus on three main areas:

Understanding the technology capabilities, requirements and use applications
Educating providers and building trust with patients
Instituting privacy and security policies

Understanding what AI can do, which applications to pursue for individual hospitals’ use cases and what it takes to operate the technology, needs to be a collaborative effort between all levels of a hospital system. Many clinicians are burned out and looking for tools that will ease their burden while also improving care. Through proactive conversations with medical providers and C-suite stakeholders, CIOs and management can present the investment benefits and ultimately increase full system buy-in and ability to scale effectively and efficiently.

Educating medical ecosystems and patients with the digital skills and knowledge to utilize the technology resources is also important for proper usage and increased adoption. Once providers understand the potential of AI and the practical ways it can improve their workflows, they can be confident in using the tools and clearly articulating the information to patients. Trust is a huge component of thriving, effective care. Clearly presented information establishes that rapport with patients and clinicians. Overall, training re-establishes for providers and administrators the priorities of patient safety, professional accountability and protection from reputational, legal and financial risk to ensure that the AI technology is used responsibly. Through proper education, patients also feel empowered with how AI is being implemented in their care and the commitment of their medical team to pursue the safest and best outcomes.

The last key element to establishing the use of AI in healthcare and maximizing its benefits is keeping privacy and security top of mind. Hospital management need to consider what policies and procedures they will institute to protect patients’ data and prevent bad actors from exposing personal information or disrupting care. Data integrity is also vital to keep AI algorithms’ predictions and assessments accurate. Healthcare network administrators will need to evaluate the best method to securely store that data whether through a cloud provider or building encrypted data storage on premises using private AI with an internal high computing platform specific to the individual hospital. These management policies and governance frameworks will not only offer standardization, they will also help build trust with patients while providing enough flexibility for AI innovation and growth.

Ultimately the partnership of AI with medical experts enables the perfect balance to deliver rapid, actionable insights and improvements while humans manage the usage of the technology to ensure quality care for each medical case. The future of healthcare is patients being able to take greater ownership of their health through aggregating additional data and applying AI to achieve better treatments. Providers and staff will be able to maximize their time through AI optimizations and provide more proactive care based on AI predictions. These advancements will revolutionize the healthcare industry as we know it and pave the way for a healthier society. Some are calling AI the next quantum leap in technology, and healthcare should be at the forefront of leveraging the resources to drive improvement, accelerate innovation and save lives.

To learn more about how Carahsoft is enabling healthcare organizations to achieve technology innovations such as AI, visit our Healthcare Technology and AI and Machine Learning solutions portfolios and speak to a representative who can help meet your solution needs today.

Resources:

[1] “HHS CIO Karl Mathias Details 3 Promising Applications of AI in Health Care Sector,” GovConWire, https://www.govconwire.com/2023/05/hhs-cio-karl-mathias-details-3-promising-applications-of-ai-in-healthcare/

[2] “AI Survey: Health Care Organizations Continue to Adopt Artificial Intelligence to Help Achieve Better, More Equitable and Affordable Patient Outcomes,” Optum, https://www.optum.com/about-us/news/page.hub.ai-survey-health-care-organizations-adopt-artificial-intelligence.html