Innovation in healthcare: A hacker’s dream and CISO’s nightmare?

It’s hard not to be excited about artificial intelligence and machine learning in pure technology terms, but applying these innovations to the healthcare sector has the potential to do truly great things for humanity. Just imagine if these technologies could help us to diagnose and treat some of the world’s most pressing health crises.

Ground-breaking work in the field of healthcare AI is already being undertaken. For example, researchers at Stanford University last year announced that they had successfully trained a deep learning algorithm to identify skin cancer with an accuracy that matches leading dermatologists.

What’s more, these innovations have a role to play from early disease detection and diagnosis right through to improving the patient experience itself. The health budgets of even some of the world’s most developed nations are stretched, so AI and deep learning technologies have the potential to help lead us towards the holy grail of universal access to quality care.

In this sense, we stand to see benefits not just to individual patient health, but also to healthcare systems themselves through cost savings and more efficient and secure storage of data. For both of these reasons, there have been calls from prominent industry figures for greater investment and application of AI in healthcare over the coming years. A recent review by surgeon and former health minister Lord Darzi called for the “full automation” of health and social services, claiming it would give staff more “time to care” for patients and could save the NHS almost £13bn a year – a tenth of its budget.

The healthcare industry is also facing a skills shortage, with the system in the US facing a shortfall of 120,000 physicians by 2030. While AI technology will not directly fill this gap – robot GPs are still some way off – the idea is that by automating certain admin-based processes (like prescription requests), doctors’ time while be freed up for more vital tasks that will have a direct impact on patient wellbeing.

However, ground-breaking technology inevitably comes with associated risks, and it is particularly important in the current climate to weigh up the benefits of innovation with the potential cyber threats. Medical data is a valuable commodity for cyber criminals and healthcare has seen the largest increase in cyber attacks of any industry over the last year, with the number of cyber threats targeting this sector every second doubling.

Healthcare organisations have even emerged as viable and attractive targets for state-sponsored cybercrime groups such as Hidden Cobra. This trend is particularly worrying given the complex and elusive tactics employed by these gangs.

Luckily, there are steps that healthcare organisations can take to mitigate these threats. While there is justifiably excitement about the potential for next-generation technology to transform services, on a wider scale this must also be accompanied by a strong security posture that is embraced at all levels of the organisation. Similarly, any rollout of AI technology must include an increased focus on bringing in cyber security talent externally, but also on promoting awareness and educating the existing workforce. After all, the insider threat – whether deliberate or not – is the most dangerous risk to any organisation’s cyber security.

It is also crucial that security is built in from the outset with robust processes. This should incorporate the ability to detect threats as soon as they arise and, once targeted, correct systems quickly to minimise disruption to patients and the workforce.

While the key currency is money in what we would traditionally consider the conventional economy, in the “second economy,” it’s trust – and trust is the prime casualty of cyber conflict. Trust is particularly important when dealing with people’s most sensitive information – or data that really does mean life or death to a patient. Damage to patient trust and brand reputation can be profound, long-lasting and difficult to reverse.

Protecting the “second economy” requires organisations to evolve both their technology and organisational culture, while the best defence means a more cohesive, platform-oriented technology solution.

Healthcare organisations must first and foremost recognise the value of the data they protect, and therefore its appeal to cyber criminals. It is important to emphasise that security concerns should not be a reason to avoid or stymie innovation and improvement, but any step to implement new technologies must consider security from the outset to keep data secure and maintain patient trust.