• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Expect AI-powered cyberattacks targeting health systems | HIMSS 2023

Article
Conference|HIMSS

A panel at the HIMSS conference says artificial intelligence will be used to produce more sophisticated malware and phishing. But AI offers new potential in protecting organizations.

Chicago – As technology leaders predict that artificial intelligence will be used in healthcare and research, cybersecurity experts say healthcare organizations must brace for AI-powered attacks on their systems.

Cybersecurity leaders in healthcare say it’s coming, and it’s likely going to be a threat that organizations will be dealing with in the not-too-distant future.

In a panel discussion at the HIMSS Conference, cybersecurity experts discuss the likelihood that AI will be used by criminals to attack organizations. (Photo: Ron Southwick)

In a panel discussion at the HIMSS Conference, cybersecurity experts discuss the likelihood that AI will be used by criminals to attack organizations. (Photo: Ron Southwick)

Salwa Rafee, global managing director of Accenture Security, moderated a panel discussion on cybersecurity in healthcare Wednesday at the HIMSS Global Health Conference & Exhibition. While expressing her own enjoyment of ChatGPT, she asked panelists how AI would change the cybersecurity landscape.

Adam Zoller, chief information security officer for the Providence health system, said criminals will use AI to attack hospitals and healthcare organizations.

“I think within the next couple of years, we're gonna see AI-operated ransomware, AI-operated malware that automatically gets into your systems and automatically finds exploitable vulnerabilities,” Zoller said.

“That's an inevitability,” he said.

Some attackers will be using ChatGPT to craft more convincing or authentic emails to entice people to click on links, giving them access to the organization’s systems.

“It’s already being used to craft better phishing lures for your people,” Zoller said. “So training and education and awareness are paramount to your organization.”

John Riggi, national adviser for cybersecurity and risk for the American Hospital Association, said he expected to see AI used by bad actors. Just as millions of Americans are using ChatGPT for writing, research, or simply having fun, ransomware groups will be using the technology for their own purposes.

Concurring with Zoller, Riggi said he expected to see phishing emails and malware being written with ChatGPT. “I think you will see an acceleration of attack cycles,” Riggi said.

Greg Maher, chief information officer of Allymar Health, said he hoped that the “good guys” will stay ahead of the bad actors when it comes to utilizing artificial intelligence.

“I do trust the fact that it takes a large organization to build something like that,” Maher said.

While Maher said anyone can get an algorithm, he said to build the data and have the smarts behind technology such as ChatGPT “takes a pretty large budget to do something like that.”

While the panelists projected that artificial intelligence will be used in attacks on health organizations, Zoller also pointed to an encouraging development: AI can be used to defend health systems against bad actors.

Microsoft recently released a cybersecurity product, Copilot, that utilizes AI to help build smarter defenses, he said. “These technologies give us a tremendous advantage over our adversaries,” Zoller said.

“Companies like Microsoft are developing tools like Copilot that are going to enable us as security leaders in the industry to fill a critical knowledge gap,” Zoller said.

“I know you know, for those in the room that are cybersecurity leaders, on cybersecurity teams for hospital systems, I'd be willing to bet that it's pretty tough to train, hire, recruit top cybersecurity talent,” he added.

Vasu Jakkal, corporate vice president of Microsoft Security Business, talked about Copilot at last month’s ViVE Conference. She said the Copilot’s artificial intelligence is going to be constantly learning and can defend against emerging threats. And she said it could help organizations struggling to find top cybersecurity talent.

“For the first time in a very long time … I feel like defenders are going to be fundamentally ahead of attackers and we’re going to change the game,” Jakkal said at ViVE.

During the panel discussion at HIMSS, Rafee said AI offers intriguing possibilities in “automated threat detection.”

While AI models can be used to find and exploit vulnerabilities, Zoller said he is encouraged by the chance that it can be used to improve defenses.

“The same technologies can be used to find vulnerabilities to fix vulnerabilities,” he said.

Riggi also noted another encouraging development: the recent drop in ransomware attacks. He said that hospitals and health systems have increased their capabilities in cybersecurity, although a number of high-profile attacks indicate the threat has hardly passed.

But Riggi said he is concerned that ransomware groups are shifting tactics, and are recognizing that health systems can be exploited through the scores of vendors and other third parties who have access to their systems.

“I’m not sure if it’s a plateauing of a threat in certain areas or a transition,” Riggi said. “That’s what we’re concerned about.”

Read more: Dealing with cyberattacks: Understanding how to prepare and respond

In this video from the ViVe Conference, Salwa Rafee of Accenture offers guidance for health systems looking to improve their cybersecurity defenses.

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Image credit: HIMSS
Related Content
How AdventHealth works to nurture and retain nurses

How AdventHealth works to nurture and retain nurses

April 16th 2024
Article

AdventHealth is using the Ovid Synthesis platform to help nurses review literature, and has employed a clinical ladder so they can grow. Megan Milbourne of AdventHealth West Florida talks about the efforts.

Why preventive medicine needs more support | Healthy Bottom Line podcast

Why preventive medicine needs more support | Healthy Bottom Line podcast

April 16th 2024
Podcast

Mirza Rahman, president of the American College of Preventive Medicine, talks about the need for more federal support for residency programs and a greater appreciation for population health.

Image credit: ©Dirima - stock.adobe.com

Black maternal health: Addressing the national crisis

April 15th 2024
Article

With the observance of Black Maternal Health Week, Kisha Davis of the American Academy of Family Physicians talks about the crisis and protecting mothers.

The rise of third party cyberattacks in healthcare | Data Book podcast

The rise of third party cyberattacks in healthcare | Data Book podcast

March 11th 2024
Podcast

Dan Dodson, the CEO of Fortified Health Security, talks about the risks to hospitals, AI in attacks and defense, and what health systems can do to protect themselves.

Image: Novant Health

Novant Health names chief physician executive officer, and more | MED MOVES

April 15th 2024
Article

The Association of American Medical Colleges appoints a chief scientific officer, and others take on new posts.

Image credit: Wolters Kluwer Health

Amid primary care's decentralization, consistency is key for retail and virtual health | Viewpoint

April 14th 2024
Article

Retail clinics and virtual care providers have an immense opportunity to position themselves as central care hubs, Chris Sullivan of Wolters Kluwer Health writes.

© 2024 MJH Life Sciences

All rights reserved.