Why Is Cybersecurity So Hard for Healthcare?

Look into the matter at all, and you’ll see that the healthcare industry represents one of the most vulnerable sectors of the big data universe. That’s why, not long ago, I discussed blockchain for electronic health records, which is a good idea because about 70 percent of healthcare firms have no cybersecurity insurance. In comparison, about 24 percent of all firms lack cybersecurity coverage. Given the fact that healthcare data is some of the most valuable data for identity thieves, you would think healthcare firms would make cybersecurity priority number one.

At the risk of sounding cynical, perhaps healthcare firms don’t invest in cybersecurity insurance because it’s not where the money is. Quite simply, healthcare is mandatory for most, if not all Americans. Even the healthiest among us have to get a checkup once in a while. Healthcare firms may gamble with patient data because, even when there’s a breach, it doesn’t hurt their profits. And they need the profits a great deal because healthcare admin costs are the highest in the developed world, representing 8 percent of spend; overall, the U.S. spends the most on healthcare, at 16.9 percent of GDP.

DeVry reports that 85% of healthcare organizations view security as a business priority, yet, Healthcare has been slow to adopt cybersecurity measures. The discrepancy is blaring and it begs for an analysis of the market.

This is a market that saw cyberattacks increase by 320 percent from 2015 to 2016, yet 70 percent of organizations still don’t have cybersecurity insurance. One reason for the lack of cybersecurity could be the sheer velocity and ubiquity of technological advancement, including big data applications, IoT, and AI.

Healthcare Apps

Appnovation reports that 77 percent of Americans own a smartphone and in 2017 there were 325,000 mobile health apps on the market. In three years, from 2013 to 2016, the number of apps by pharmaceutical companies tripled. Overall, there were 3.2 billion downloads of mobile health apps in 2016. Demand this high could easily spark healthcare firms who want to create an app to forego cybersecurity in favor of quick results.

Internet of Medical Things

Meanwhile, the internet of medical things (IoMT) market could easily reach $136.8 billion by the year 2021. Currently, about 3.7 million connected devices send wellness-related data to healthcare firms. To keep this data secure, you need end-to-end encryption, as well as assurance that bad actors won’t tamper with devices.

As Security Intelligence points out, Mobile medical devices may contain firmware that can’t be updated or offers an easy way in for cybercriminals, such as stock login credentials. If remote troubleshooting is possible, that’s one of many ways a hacker could compromise a system. The IoMT is an emerging market with little regulation in place to ensure a common standard of security. Security must be baked into the design.

It’s not exactly regulation, but the FDA has been issuing guidance, to the effect that device manufacturers should incorporate security into connected devices. But Health IT Security reports that hospitals that receive data from devices don’t have to answer to the FDA until that data is compromised, at which point they have to report adverse effects. Even then, the FDA works with device manufacturers on securing devices, instead of working with both the hospital and the manufacturers on securing data. Hospitals are supposed to be able to secure data as per HIPAA, however it’s unclear whether they know how to secure the burgeoning streams of IoMT data.

AI for Security

IT executives, CISOs, and data security analysts hope that AI can help mitigate the risks to cybersecurity. AI can quickly analyze a network and incoming data streams in search of threats. Still, Reg Harnish, founder of GreyCastle Security and a fellow at the National Cybersecurity Institute, warns that AI is by no means a cure-all. Although AI security programs are tasked with answering the question as to whether there are network intrusions, We also have to monitor the quality of the decision-making around that question,” says Harnish. We must make sure AI is operating correctly.

Harnish urges anyone looking for an AI-powered security tool to do the following:

• Make sure it’s actually AI and not a branding ploy
• Identify the problems you’re trying to solve the vulnerabilities and risks to your network and choose a program based on your needs.
• Understand that AI introduces further complexity and therefore more vulnerability; monitor programs and apply updates accordingly.
• Double down by continuing to monitor systems manually even though AI is involved.

Harnish points out that AI code is still written by humans, meaning there’s plenty of potential for flaws and biases. What’s more, the sheer amount of code makes results unpredictable multiple algorithms working together can create anomalies, which is why human quality control is still necessary.

For now, AI for healthcare cybersecurity is going to create more, not less, demand for big data professionals. Healthcare data is at a critical crossroads as new technology creates unprecedented volumes of data. As the market continues heating up, humans are going to work alongside AI programs to make sure consumer health information remains safe.