AI provides an urgent solution to evolving ransomware threats facing healthcare

Artificial intelligence that can quickly identify patterns of risky behavior may be the only viable solution to protect health systems against an influx of ransomware attacks.

The use of AI in the clinical environment has been well-documented as more health systems are turning to machine learning to improve oncology care, fight physician burnout, boost patient engagement and even reverse diabetes. But healthcare needs to use the power of machine learning to combat cybersecurity threats, according to a report (PDF) released by the Institute for Critical Infrastructure Technology.  

RELATED: Cybersecurity—What 2016 taught the healthcare industry

James Scott, a senior fellow at ICIT who authored the report, didn’t mince words regarding the urgent need to protect patient information against cyberattacks, particularly ransomware, which has emerged as a critical threat to the industry over the past year. Scott noted that the healthcare industry “demonstrates lackadaisical cyber hygiene, finagled and Frankensteined networks, virtually unanimous absence of security operations teams and good ol’ boys club bureaucratic board members flexing little more than smoke and mirror, cybersecurity theatrics as their organizational defense.”

At a cybersecurity conference in Boston last week, FBI Director James Comey said healthcare has become a high-value target, advocating for a collaborative approach between the public and private sector.

RELATED: Lessons from the MedStar Health ransomware attack

Scott also argued that the industry’s current approach to cybersecurity—that includes training staff to recognize phishing emails and insufficient monitoring solutions—is ineffective when dealing with constantly evolving, low-cost threats that can have serious consequences. Instead, machine learning can track multiple IP addresses used by hackers and identify risky behavior in real time. Additionally, AI can augment the notable talent gaps within the cybersecurity industry.

“The automation and implementation of these functions will allow healthcare networks to deploy qualified personnel and sophisticated defense systems to smaller hospitals and healthcare sites within the network,” Scott wrote. “As a result, each healthcare network will be protected downstream, smaller and less resourced facilities will be secured against targeted lateral attacks, and the cybersecurity of the sector will vastly improve.”

Government experts have said providers must be “defensive” against ransomware attacks, advocating for better training access controls. In July, the Office of Civil Rights issued guidance indicating that most ransomware attacks are considered a breach and must comply with HIPAA’s breach notification provisions.