Why Healthcare Needs More Than AI to Fight Cyber-Attacks

Written by

Imagine this: a hospital’s emergency room comes to a standstill. Monitors go dark, patient records become inaccessible and the machines keeping people alive are frozen. A ransomware attack has just struck, and during the chaos, lives hang in the balance.

While artificial intelligence (AI) was supposed to be the shield that protected this critical infrastructure, the attackers found a way through. This isn’t a sci-fi plot – this is the grim reality of healthcare under siege, and AI alone isn’t enough to stop it.

As ransomware attacks continue to escalate, particularly in healthcare, AI is often marketed as the solution to this crisis. It’s easy to understand why. AI promises to detect threats in real time, anticipate breaches before they happen, and automate responses to cyber-attacks.

But while AI is a powerful tool, it isn’t the cure-all the healthcare sector desperately wants. In fact, over-reliance on AI alone may expose even more vulnerabilities, especially in an industry where lives are on the line.

The Reality of Ransomware in Healthcare

Ransomware has hit the healthcare sector harder than most industries. Hospitals and healthcare networks hold sensitive patient data, are responsible for critical care systems, and often can’t afford any downtime. These factors make them prime targets for ransomware groups who know the impact of an attack can be devastating. In 2020 alone, ransomware attacks on healthcare organizations cost the industry over $21bn, according to a report by Comparitech.

The threat goes beyond financial losses. When ransomware strikes a hospital, it can lead to delayed treatments, forced diversions of emergency patients, and even put lives at risk. The ransomware attack against blood donation center OneBlood is an example of how devasting an attack can become.  

This raises the stakes for cybersecurity in healthcare to levels unseen in other industries. The question, then, is whether AI alone can provide the level of defense needed in this high-stakes environment. The answer, unfortunately, is no.

AI’s Strengths and Weaknesses in Healthcare

AI excels at processing large amounts of data quickly, identifying anomalies and flagging potential threats. The ability is valuable in healthcare, where volumes of patient data, medical devices and electronic health records (EHRs) can create a complex landscape. AI can monitor these systems by identifying unusual patterns that could signal a ransomware attack in progress.

But there is key caveat in AI’s approach. First, AI systems are only as good as the data they consume. If the ransomware uses a novel method that hasn’t been seen before – such as an unfamiliar encryption technique or a new delivery methodology – AI might miss it.

Like technology, ransomware groups are constantly evolving their tactics, making use of polymorphic malware that changes its code to evade detection. This is a significant problem for AI systems, which rely on historical data to predict and detect threats.

Healthcare systems, often working with outdated software and legacy systems, can also be vulnerable to this shifting threat landscape. While AI has potential to flag anomalies, it struggles to handle the novel attack vectors that ransomware groups unleash on healthcare institutions.

The False Positives Dilemma

False positives is another problem that plagues AI solutions in cybersecurity. In healthcare, where false alarms can disrupt care and cause chaos, the stakes are particularly high. An AI system might flag a routine software update or the transfer of a large file as a potential ransomware event, triggering a cascade of unnecessary responses.  

In hospitals, where time is precious and workflows are tightly managed, these false positives can result in system slowdowns, unnecessary alerts and wasted effort by already stretched-thin IT staff.

If AI systems generate too many false positives, hospital staff may begin to ignore alerts altogether, increasing the risk that a real ransomware attack could slip through unnoticed. It is something that is familiar today with non-AI security tools. This type of alert fatigue can render AI defenses virtually useless at critical moments, putting patient safety and data at risk.

"Healthcare systems face unique challenges that make ransomware attacks especially damaging"

The Role of Human Oversight

The complexity of ransomware requires more than just technological solutions; human expertise is vital. While AI can serve as a powerful tool for monitoring and alerting, it lacks the critical thinking and intuition needed to respond to attacks in real time. Skilled cybersecurity professionals in healthcare must be able to quickly assess a situation, make judgment calls and respond based on incomplete or evolving information.

Human oversight is critical when it comes to ransomware incidents, where attackers are increasingly employing tactics like double extortion – demanding payment not only to decrypt data but also to prevent the release of stolen patient records. AI may be able to detect the encryption process, but it cannot negotiate with attackers or assess the broader implications of a breach in the way a human analyst can.

A Holistic Defense Strategy

To truly combat ransomware in healthcare, organizations must adopt a multi-layered defense strategy that combines AI with human intelligence and broader cybersecurity measures. Here’s what a holistic approach should include:

Recovery Time Objective

Healthcare is aware of the need to data backups and has done a great job but what about the Recovery Time Objective (RTO)? An RTO is the maximum amount of time it takes to restore a system, network, application or computer after a failure or disaster.

Many hospitals are down for days, weeks and months due to not being able to recover in a timely manner with offsite backups. AI can help with determining the recovery time objective, but companies will have to demonstrate it through time and planning.

Staff Training

Phishing remains the most common delivery mechanism for ransomware. Training healthcare employees to recognize phishing attempts and suspicious emails is essential. No AI system can fully replace the need for human awareness and vigilance towards threats. They need to work together.

Patch Management and Legacy Systems 

While AI can flag outdated software as vulnerable, healthcare organizations use legacy systems for patient care. It is a difficult process to remove a legacy system let alone patch a system that has been treating patients for many years. This is without mentioning the regulatory issues surrounding legacy medical systems.

In many cases, discussing options with a vendor, replacing or isolating older systems is the best way to reduce vulnerability.

Incident Response Plans 

AI can assist in the detection of a ransomware event, but healthcare organizations must have clear, actionable incident response plans in place. This involves having a dedicated response team, clear communication protocols and pre-established relationships with cybersecurity experts and law enforcement.

Annual Pen Test Engagements 

A pent test engagement, if scoped properly, can uncover potential attack vectors from the cybercriminals point of view. A pen test engagement gives the healthcare industry the opportunity to test their cyber defenses and mitigate where action is required. The healthcare industry can use AI in conjunction with the results to determine required actions needed.

Conclusion

The ransomware epidemic in healthcare is a complex, evolving challenge that AI alone cannot solve. While AI can play a significant role in enhancing cybersecurity defenses, it cannot replace the need for human judgment, adaptability and strategy. Healthcare organizations must recognize that AI is a tool, not a solution, and should invest in a comprehensive defense approach that includes human oversight, staff training and regulatory compliance.

Only by combining the strengths of both AI and human intelligence can we hope to protect patient data and ensure the integrity of healthcare systems.

Image credit: Nick Beer / Shutterstock.com

What’s hot on Infosecurity Magazine?