Jeff Rowe, Editor, Future Care

Jeff Rowe is the editor of Future Care and a veteran healthcare journalist and blogger who has reported extensively on initiatives to improve the healthcare system at the local, regional and national level.

Cybersecurity report touts benefits of AI to guard against hackers

March 16, 2017 AT 9:10 PM

Robots fighting robots to protect healthcare systems?

That smacks a bit dramatic, but it’s one way to sum up a new report from the Institute for Critical Infrastructure Technology (ICIT), which argues that machine learning and artificial intelligence may be the only viable way to protect healthcare systems against rapidly proliferating ransomware attacks.

“In an age of dynamic malware obfuscation through operations such as mutating hash, a hyper-evolving threat landscape, and technologically next generation adversaries, offensive campaigns have an overwhelming advantage over defensive strategies,” the authors note in their introduction.

As they see it, “the healthcare industry is the primary perpetual target of cyber attackers due to the massive amounts of disparate data collected, stored, and inadequately protected. Early adoption of sophisticated algorithmic defenses such as machine learning or artificial intelligence solutions will transform healthcare cyber defenses beyond the capabilities of average attackers.”

To a considerable extent, the report notes, the healthcare sector is already using both cognitive and AI solutions for big data analytics and for clinical applications. The goal, then is to expand the use of those technologies to defending their systems from hack attacks.

According to Rick Caccia, an executive with Exabeam, a security intelligence platform, as well as an ICIT fellow, “Artificial Intelligence and Machine Learning bring the same value to healthcare security that they bring to other industries: using big data analytics to detect threats and assist in response. Machine Learning [ML] can be applied to two useful areas in healthcare cybersecurity. The first is using ML to link seemingly unrelated activities together. For example, a hacker might use multiple accounts to access different types of sensitive PHI info. Each account might have valid access rights to some of the data, so rules-based security solutions won't see anything wrong. ML can track IP address and other identifying information to link the parts into a single unified session that is then positively attributed to a person. The second is to then assess the behaviors of those coherent identities to determine if risky behavior is underway.”