Health care is one of the industries that stands at the forefront of reaping dramatic and demonstrable benefits from the increased use of artificial intelligence. AI offers real potential to save lives and significantly improve quality of life for individuals all over the world, empowering major advances in research, drug development, detection, prevention, diagnosis, clinical trials, digital imaging and patient care. The list goes on.
In 2017, venture capital investment in AI for health care totaled nearly $1.3 billion across 103 deals, according to research from KPMG. And, while the final numbers haven’t yet been tallied for 2018, the rate of investments in 2018 were well on pace to match and even exceed those totals.[1]
Those investments are being fueled by the promise of industrywide innovation and heady predictions of explosive market growth. According to Accenture, the health care AI market is growing at an annual average rate of 40% a year and will top $6.5. billion by 2021. What’s more, AI in health care will create potential annual savings of $150 billion for the U.S. health care economy alone by 2026, Accenture adds.[2]
Addressing Data Privacy and Cybersecurity
There is a catch, however, to making all of these investments pay off and enabling patients and clinicians to truly reap the vast benefits of artificial intelligence in health care. To be maximally effective, AI systems need access to the voluminous and valuable data created and stored in electronic health record systems. And right now, there are still too many legitimate concerns about data privacy and cybersecurity that must be addressed.
“Health care records are extremely lucrative on the dark web,” says Sean Duca, Vice President, Regional Chief Security Officer, Asia Pacific and Japan, for Palo Alto Networks. “They provide a whole range of information valuable to cybercriminals. And, unfortunately, over the past few months, we’ve seen that public records have been breached.”
The threat of data breaches can limit the value of AI if clinicians and patients are afraid to share their data. Australia provides a compelling case study. The country is trying to get all citizens to participate in a national My Health Record initiative. However, more than 1.1 million people have opted out of the program as of October and there have been calls to delay the rollout even further because of an increase in the number of breaches. In fiscal 2018, the system experienced 42 data breaches.[3]
“Health care has to be treated as critical infrastructure, the same as energy,” Duca says. “It has to be protected at higher levels. One of the challenges is that health care information is always on. People are hooked up to machines and these machines are constantly creating new data, often through the Internet of Things.”
Tackling the Problem
The growth of artificial intelligence, machine learning, algorithms and the Health Care Internet of Things increases the attack surface exponentially. This puts more pressure on organizations to protect the data from theft, as well as securing the integrity of the data so it is protected from manipulation. Also, since more people are dependent on digitally connected devices, health care organizations must ensure always-on availability.
Duca suggests several steps organizations can take now to improve the security of health records so that patients and practitioners can feel safer in using and accessing artificial intelligence. These include:
- Design your systems and devices with security from the outset, not as an add-on.
- Ensure you are using modern solutions that rely on automation to fight machines with machines.
- Recognize that the attack surface is much broader than ever before, so upgrade all of your endpoints and access points with current security technologies.
- Make sure your wireless access points are encrypted, with data encrypted at rest and in transit.
- Utilize integrated threat intelligence and reduce your compliance scope.
- Restrict access to data and applications, using access controls that utilize multifactor authentication
Conclusion
In addition to these steps, it is important to ensure that your organization is utilizing best practices in cybersecurity hygiene and providing ongoing cybersecurity education and training to health care staff.
The potential benefits of artificial intelligence in health care are too profound to allow AI to be held back by concerns about data privacy and cybersecurity. At the same time, however, those concerns are real and must be addressed, now and into the future.