Emerging cybersecurity threats in healthcare Special Report
pppppppppppSPOTLIGHT ppExperts warn about the growing dangers of criminals using AI and deepfakes to target hospitals and healthcare organizations ppHundreds of cyberattacks involving healthcare organizations have been reported this year and theres still more than a quarter of the year remainingppMore than 400 data breaches involving private health information have taken place since the start of 2023 according to the US Department of Health and Human ServicesppAnalysts project this could be a recordsetting year in terms of the number of victims More than 40 million Americans were affected by breaches during the first half of the year according to Critical Insight a cybersecurity firm More hospitals have been victims of ransomware attacks including large systems such as HCA Healthcare and CommonSpirit HealthppEven with those dire signs about the dangers of cyberattacks experts warn that health systems will face new and emerging threats in the years to comeppSeveral cybersecurity leaders who spoke with Chief Healthcare Executive point to the development of artificial intelligence as a looming danger They point to AI in the development of more sophisticated phishing emails and technology to impersonate executivesppSteve Cagle the CEO of Clearwater a cybersecurity firm is among those who see AI as an emerging dangerppI think were at the very early stages of what were going to see from a cybersecurity perspective Cagle saysppExperts predict other looming threats are on the horizon and they stress the importance of healthcare leaders focusing on cybersecurity in the coming years Bad actors will employ new technology and new tactics especially if they see previous approaches prove to be less successfulppCybersecurity experts discuss emerging threats in this video The story continues belowppGenerative AIppMike Britton chief information security officer of Abnormal Security says hes concerned about cybercriminals using generative AI to go after hospitalsppI think the rise of AI and generative AI is absolutely a looming threat not just for healthcare but for all organizations Britton tells Chief Healthcare ExecutiveppBritton says that criminals can use AI to send automated emails and AIgenerated responses can pull more information from people or systems that they are targeting Eventually those AIresponses can eventually coax victims into providing private information including bank account informationppAt that point the live person comes on takes your money and the scam is over Britton saysppMany attackers continue to use emailbased attacks which can yield high returns with relatively low effort he says But while Britton says AIenabled attacks arent widespread they arent theoretical eitherppWere not seeing it on a large scale but we do see generative AI messages being used by attackers Britton says So its there its happeningppAt a panel during the HIMSS Global Health Conference Exhibition in April cybersecurity experts said hospitals will need to prepare for AIpowered cyberattacksppAdam Zoller chief information security officer for the Providence health system said at the conference that he thinks its inevitable that criminals will use AI to attack hospitals and healthcare organizationsppWithin the next couple of years were gonna see AIoperated ransomware AIoperated malware that automatically gets into your systems and automatically finds exploitable vulnerabilities Zoller saidppCybersecurity leaders say theyre concerned with bad actors using AI tools that can probe an organizations vulnerabilities and can learn from mistakesppTheres certainly opportunities for threat actors to use artificial intelligence to advance their own attacks Cagle says So they can use it to generate code for malware They can use it to learn the defenses of a security program and adjust accordingly And they can use it to execute phishing attacksppAt the same time Cagle and cybersecurity experts point out that hospitals and healthcare organizations can utilize AI to improve their own defenses identify vulnerabilities and repel intrudersppArtificial intelligence has been used by cybersecurity vendors and technologies for quite some time now to help in improving defense by becoming more efficient more agile Cagle saysppBut he notes that AI is a doubleedge sword creating new opportunities for improved defenses and more sophisticated attacksppIts going to be a bit of a battle as time goes on to see who can win the AI race Cagle saysppDeepfakesppCybersecurity experts point to the possibility of attackers using deepfakes to impersonate executives and leadersppPotentially actors could send fake audio or even video of an executive telling employees to send money to a specific account among other disturbing possibilitiesppThe federal government issued a warning about the growing threat of deepfakes earlier this month The advisory cited a host of fake videos including one depicting Ukrainian President Volodomyr Zelenskyy telling his nation to surrender to RussiappAll these technologies that are able to fake peoples voices and are able to fake peoples images and so on I think thats going to be a major problem says Limor Kessem a senior cybersecurity consultant for IBM SecurityppJohn Riggi the American Hospital Associations national advisor for cybersecurity and risk said health systems need to be mindful of the threat of deepfakesppAt this time there does not appear to be widespread use of deepfakes targeting health care but we should maintain vigilance and promote awareness in the workforce Riggi said in a statement earlier this monthppLee Kim senior principal for cybersecurity and privacy at HIMSS said in a December interview with Chief Healthcare Executive that she sees growing potential for the use of deepfakes as more leaders meet virtually or connect with their teams via videoppDeepfakes I predict will make a significant entry point into healthcare as well as other industries Kim saidppFocusing on recordsppCriminal groups are also changing some of their strategies recently analysts sayppInstead of trying to penetrate a hospital or medical group some bad actors are focusing on getting access to electronic health records Theyre trying to get into insurers or other companies that work extensively with health organizations Such an attack could yield private health information on millions of peopleppTheyre going to a hospital chain or a service provider that serves up records so that they can minimize that effort Hamilton says And theyre starting to be very successful doing thisppA cyberattack on MCNA a dental insurer affected more than 88 million Americans according to the US Department of Health and Human Services A pharmacy services firm PharMerica said in a statement it was hit with a cyberattack in March and the breach has affected more than 58 million AmericansppHamilton said there are more attacks aimed at insurers and other vendorsppThe combination of healthcare and fintech makes those especially juicy targets Hamilton saysppHealth systems are vulnerable to attacks aimed at their vendors Nick Hyatt the practice manager for Optivs Global Threat Intelligence Center says hospitals should be asking their vendors about their cybersecurity capabilitiesppWhen youre bringing on a new vendor or when youre bringing on a new piece of software what does their security look like I think people forget to ask those questions sometimes Hyatt tells Chief Healthcare ExecutiveppEven if the breach involves a vulnerability outside the hospitals control thats of small comfort Youre on the hook for whatever happened So you do have to start asking those tough questions Hyatt saysppOther threatsppThe confluence of state actors activists and criminal groups is worth watching says Mike Hamilton chief information security officer of Critical InsightppGeopolitically the world is really weird right now And its really hard to determine who is who And so theres nationstate activity thats hiding behind either the criminal or the activist guys There are actual activists out there that will just take something down for a cause he saysppHamilton said recent layoffs in cybersecurity companies could create future problemsppWhen you create a whole bunch of unemployed people with skills they might go to the dark side Hamilton says So you know thats a situation I think we need to watchppSome hospitals and healthcare organizations have said theyve struggled to recruit and retain talented cybersecurity professionals because other sectors offer better payppMore organizations have defenses aimed at blocking phishing emails and are using multifactor authentication such as asking for users to utilize a password and another step such as a code sent to their phone So attackers arent simply relying on emails experts sayppSome attackers are sending text messages with links hoping for a response Hamilton notesppMore than ever healthcare leaders must be focusing on cybersecurity and ensuring that it is a top priority throughout their organizations experts sayppHospital organizations also need to understand that just as bad actors are evolving they need to constantly look to improve their cybersecurity defenses Hospitals need to consider the risk to patients and the cost of cyberattacks both financially and to their reputationppBritton of Abnormal Security says defenses that may have proven effective in the past are probably not going to succeed today or in the futureppWhat got you here is not whats going to carry you forward because technology tactics have changed Britton saysppppImproving heart failure care beyond the hospital AHA Scientific SessionsppHealthcare leaders stressed the importance of taking a more proactive approach to improving care before patients end up in the hospital for a lengthy and costly stayppWellSkys Lissy Hu talks about the challenges in postacute care Data Book podcastppIn the latest episode she talks about using technology to improve care transitions trends in postacute care and the changing desires of patientsppHospital financial woes Lagging volume more claim denials and debt concernsppAnalysts say the recovery remains slow Health systems are seeing higher costs due to battles with payers and more leaders are worried about meeting debt obligations ppUsing AI to help clinicians understand their patients Data Book podcastppChristine Swisher of Project Ronin talks about the work to give doctors more data and insights to improve cancer care
ppRebuilding a strong and healthy nursing workforce ViewpointppHealthcare organizations must identify strategies to retain nurses while cultivating a robust pipeline to meet future demandsppNonprofit hospitals should see more revenue in 2024 Moodys projects ppThe investors service projects a stable outlook for hospitals in the next year but says high costs will remain a trouble spotpp2 Clarke Drive Cranbury NJ 08512pp6097167777p
ppRebuilding a strong and healthy nursing workforce ViewpointppHealthcare organizations must identify strategies to retain nurses while cultivating a robust pipeline to meet future demandsppNonprofit hospitals should see more revenue in 2024 Moodys projects ppThe investors service projects a stable outlook for hospitals in the next year but says high costs will remain a trouble spotpp2 Clarke Drive Cranbury NJ 08512pp6097167777p