Artificial intelligence continues to push cybersecurity into an unprecedented era as it offers benefits and at the same time drawbacks by assisting both aggressors and protectors.

Cybercriminals are using AI to launch more sophisticated and unique attacks at a wider scale. And cybersecurity teams are using the same technology to protect their systems and data.

Dr. Brian Anderson is chief digital health physician at MITRE, a federally funded nonprofit research organization. He will be speaking at the HIMSS 2023 Healthcare Cybersecurity Forum in a panel session titled "Artificial Intelligence: Cybersecurity's Friend or Foe?" Other members of the panel include Eric Liederman of Kaiser Permanente, Benoit Desjardins of UPENN Medical Center and Michelle Ramim of Nova Southeastern University.

We interviewed Anderson to help unpack the implications of both offensive and defensive AI and examine new risks introduced by ChatGPT and other types of generative AI.

Q. How exactly does the presence of artificial intelligence bring up cybersecurity concerns?

A. There are several ways AI brings up substantive cybersecurity concerns. For example, nefarious AI tools can pose risks by enabling denial of service attacks, as well as brute force attacks on a particular target.

AI tools also can be used in "model poisoning," an attack where a program is used to corrupt a machine learning model to produce incorrect results by inserting malicious code.

Additionally, many of the available free AI tools – such as ChatGPT – can be tricked with prompt engineering approaches to write malicious code. Particularly in healthcare, there are concerns around protecting sensitive health data, such as protected health information.

Sharing PHI in prompts of these publicly available tools could lead to data privacy concerns. Many health systems are struggling with how to protect systems from allowing for this kind of data sharing/leakage.

Q. How can AI benefit hospitals and health systems when it comes to protection against bad actors?

A. AI has been helping cybersecurity experts identify threats for years now. Many AI tools are currently used to identify threats and malware, as well as detecting malicious code inserted into programs and models.

Using these tools – with a human cybersecurity expert always in the loop to ensure appropriate alignment and decision-making – can help health systems stay one step ahead of bad actors. AI that is trained in adversarial tactics is a powerful new set of tools that can help protect health systems from optimized attacks by malevolent models.

Generative models such as large language learning models (LLMs) can help protect health systems by identifying and predicting phishing attacks or flagging harmful bots.

Finally, mitigating insider threats like leaking of PHI or sensitive data (for example, for use on ChatGPT), is another example of some of the emerging risks that health systems must develop responses to.

Q. What cybersecurity risks are introduced by ChatGPT and other types of generative AI?

A. ChatGPT and future iterations of the current GPT-4 and other LLMs will become increasingly effective at writing novel code that could be used for nefarious purposes. These generative models also pose privacy risks, as I previously mentioned.

Social engineering is another concern. By producing detailed text or scripts, and/or the ability to reproduce a familiar voice, the potential exists for LLMs to impersonate individuals in attempts to exploit vulnerabilities.

I have a final thought. It’s my sincere belief as a medical doctor and informaticist that, with the appropriate safeguards in place, the positive potential for AI in healthcare far exceeds the potential negative.

As with any new technology there is a learning curve to identify and understand where vulnerabilities or risk may exist. And in a space as consequential as healthcare – where patients' wellbeing and safety is on the line – it's critical we move as quickly as possible to address those concerns.

I look forward to gathering in Boston with this HIMSS community, so committed to advancing healthcare technology innovation while protecting patient safety.

Anderson's session, "Artificial Intelligence: Cybersecurity's Friend or Foe?" is scheduled for 11 a.m. on Thursday, September 7, at the HIMSS 2023 Healthcare Cybersecurity Forum in Boston.

Follow Bill's HIT coverage on LinkedIn: Bill Siwicki
Email him: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.

The past few years have been tough for health system bottom lines, with the COVID-19 public health emergency, critical staffing and workforce shortages, inflation and other financial pressures combining to strain budgets to the breaking points. More than 50% of U.S. hospitals reported a negative margin to close out 2022, according to a new report from Bain & Company.

But C-suite leaders see reason for optimism in the years ahead, the survey shows, thanks to the cost saving potential of fast-evolving generative AI technologies.

WHY IT MATTERS
Health system execs are particularly excited about AI and automation's potential to streamline financial and operational processes, tackle administrative inefficiencies and reduce clinician burnout. They see big opportunities for improving workflows and clinical documentation, managing and analyzing data and more in the year ahead.

Further out, in the next two to five years, hospital leaders say they're planning more AI-powered initiatives around predictive analytics, decision support, guided treatment insights and more, according to the report.

The potential is especially attainable given that the cost to train AI and machine learning models has decreased exponentially, according to Bain: "Down 1,000-fold since 2017," it promises an "arsenal of new productivity-enhancing tools at a low investment."

But while the report shows 75% of C-suite leaders are excited that generative AI has "reached a turning point in its ability to reshape the industry," it also finds that just 6% of health systems polled have an established generative AI strategy.

Still, that number is expected to grow as more and more provider organizations get serious about harnessing the potential of generative AI and automation to help address some long-standing clinical, financial and operational challenges.

Among the top health system priorities for generative AI applications, according to the report:

• Charge capture and reconciliation

• Structuring and analysis of patient data

• Workflow optimization and automation

• Clinical decision support

• Predictive analytics and risk stratification

• Telehealth and remote patient monitoring

• Call centers for administrative purposes

• Diagnostics and treatment recommendations

• Provider and patient workflows, including payer interactions

• Suggestions for care coordination and health system navigation

• Treatment and therapy recommendations for providers

• Call center for clinical questions

• Summary of clinical literature and research mining

• Assistance for patient financial counseling and Q&A

• Procurement and contract management

• Referral support and routing for providers and patients

• Drug discovery and clinical trial design

Still, Bain & Company researchers warn that there are significant hurdles ahead as health systems race to implement these fast-advancing technologies.

"Solutions to the greatest hurdles aren't yet keeping up with the rapid technology development," they say. "Resource and cost constraints, a lack of expertise, and regulatory and legal considerations are the largest barriers to implementing generative AI, according to executives.

"Even when organizations can overcome these hurdles, one major challenge remains: focus and prioritization," researchers add. "In many boardrooms, executives are debating overwhelming lists of potential generative AI investments, only to deem them incomplete or outdated given the dizzying pace of innovation. These protracted debates are a waste of precious organizational energy – and time."

THE LARGER TREND
As health systems work to develop "pragmatic" strategies for generative AI adoption, Bain suggests that hospital execs keep four guiding principles top-of-mind. They should, as researchers write in the report:

1. Pilot low-risk applications with a narrow focus first. When gaining experience with currently available technology, companies are testing and learning their way to minimum viable products in low-risk, repeatable use cases. These quick wins are typically in areas where they already have the right data, can create tight guardrails, and see a strong potential return on investment.

2. Decide to buy, partner, or build. CEOs will need to think about how to invest in different use cases based on availability of third-party technology and importance of the initiative.

3. Funnel cost savings and experience into bigger bets. As the technology matures and the value becomes clear, companies that generate savings, accumulate experience, and build organizational buy-in today will be best positioned for the next wave of more sophisticated, transformative use cases.

4. Remember AI isn't a strategy unto itself. To build a true competitive advantage, top CEOs and CFOs are selective and discerning, ensuring that every AI initiative reinforces and enables their overarching goals.

ON THE RECORD
"Providers and payers are looking for profit opportunities while also doubling down on employee morale, clinical care, and patient experience," said Eric Berger, a partner in Bain's Healthcare & Life Sciences practice, in a statement. "Many recognize the potential AI offers to boost productivity, yet they are acutely aware of the uncertainties around evolving technology.

"This uncertainty cuts both ways," he added. "While there is hype, there is also opportunity. Leading companies are taking this technology shift seriously and getting started with highly focused, low stakes use cases with some near-term ROI while building up the experience and confidence needed to invest in a more transformative vision."

Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.

Artificial intelligence continues to push cybersecurity into an unprecedented era as it offers benefits and at the same time drawbacks by assisting both aggressors and protectors.

Cybercriminals are using AI to launch more sophisticated and unique attacks at a wider scale. And cybersecurity teams are using the same technology to protect their systems and data.

Dr. Brian Anderson is chief digital health physician at MITRE, a federally funded nonprofit research organization. He will be speaking at the HIMSS 2023 Healthcare Cybersecurity Forum in a panel session titled "Artificial Intelligence: Cybersecurity's Friend or Foe?" Other members of the panel include Eric Liederman of Kaiser Permanente, Benoit Desjardins of UPENN Medical Center and Michelle Ramim of Nova Southeastern University.

We interviewed Anderson to help unpack the implications of both offensive and defensive AI and examine new risks introduced by ChatGPT and other types of generative AI.

Q. How exactly does the presence of artificial intelligence bring up cybersecurity concerns?

A. There are several ways AI brings up substantive cybersecurity concerns. For example, nefarious AI tools can pose risks by enabling denial of service attacks, as well as brute force attacks on a particular target.

AI tools also can be used in "model poisoning," an attack where a program is used to corrupt a machine learning model to produce incorrect results by inserting malicious code.

Additionally, many of the available free AI tools – such as ChatGPT – can be tricked with prompt engineering approaches to write malicious code. Particularly in healthcare, there are concerns around protecting sensitive health data, such as protected health information.

Sharing PHI in prompts of these publicly available tools could lead to data privacy concerns. Many health systems are struggling with how to protect systems from allowing for this kind of data sharing/leakage.

Q. How can AI benefit hospitals and health systems when it comes to protection against bad actors?

A. AI has been helping cybersecurity experts identify threats for years now. Many AI tools are currently used to identify threats and malware, as well as detecting malicious code inserted into programs and models.

Using these tools – with a human cybersecurity expert always in the loop to ensure appropriate alignment and decision-making – can help health systems stay one step ahead of bad actors. AI that is trained in adversarial tactics is a powerful new set of tools that can help protect health systems from optimized attacks by malevolent models.

Generative models such as large language learning models (LLMs) can help protect health systems by identifying and predicting phishing attacks or flagging harmful bots.

Finally, mitigating insider threats like leaking of PHI or sensitive data (for example, for use on ChatGPT), is another example of some of the emerging risks that health systems must develop responses to.

Q. What cybersecurity risks are introduced by ChatGPT and other types of generative AI?

A. ChatGPT and future iterations of the current GPT-4 and other LLMs will become increasingly effective at writing novel code that could be used for nefarious purposes. These generative models also pose privacy risks, as I previously mentioned.

Social engineering is another concern. By producing detailed text or scripts, and/or the ability to reproduce a familiar voice, the potential exists for LLMs to impersonate individuals in attempts to exploit vulnerabilities.

I have a final thought. It’s my sincere belief as a medical doctor and informaticist that, with the appropriate safeguards in place, the positive potential for AI in healthcare far exceeds the potential negative.

As with any new technology there is a learning curve to identify and understand where vulnerabilities or risk may exist. And in a space as consequential as healthcare – where patients' wellbeing and safety is on the line – it's critical we move as quickly as possible to address those concerns.

I look forward to gathering in Boston with this HIMSS community, so committed to advancing healthcare technology innovation while protecting patient safety.

Anderson's session, "Artificial Intelligence: Cybersecurity's Friend or Foe?" is scheduled for 11 a.m. on Thursday, September 7, at the HIMSS 2023 Healthcare Cybersecurity Forum in Boston.

Follow Bill's HIT coverage on LinkedIn: Bill Siwicki
Email him: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.

The past few years have been tough for health system bottom lines, with the COVID-19 public health emergency, critical staffing and workforce shortages, inflation and other financial pressures combining to strain budgets to the breaking points. More than 50% of U.S. hospitals reported a negative margin to close out 2022, according to a new report from Bain & Company.

But C-suite leaders see reason for optimism in the years ahead, the survey shows, thanks to the cost saving potential of fast-evolving generative AI technologies.

WHY IT MATTERS
Health system execs are particularly excited about AI and automation's potential to streamline financial and operational processes, tackle administrative inefficiencies and reduce clinician burnout. They see big opportunities for improving workflows and clinical documentation, managing and analyzing data and more in the year ahead.

Further out, in the next two to five years, hospital leaders say they're planning more AI-powered initiatives around predictive analytics, decision support, guided treatment insights and more, according to the report.

The potential is especially attainable given that the cost to train AI and machine learning models has decreased exponentially, according to Bain: "Down 1,000-fold since 2017," it promises an "arsenal of new productivity-enhancing tools at a low investment."

But while the report shows 75% of C-suite leaders are excited that generative AI has "reached a turning point in its ability to reshape the industry," it also finds that just 6% of health systems polled have an established generative AI strategy.

Still, that number is expected to grow as more and more provider organizations get serious about harnessing the potential of generative AI and automation to help address some long-standing clinical, financial and operational challenges.

Among the top health system priorities for generative AI applications, according to the report:

• Charge capture and reconciliation

• Structuring and analysis of patient data

• Workflow optimization and automation

• Clinical decision support

• Predictive analytics and risk stratification

• Telehealth and remote patient monitoring

• Call centers for administrative purposes

• Diagnostics and treatment recommendations

• Provider and patient workflows, including payer interactions

• Suggestions for care coordination and health system navigation

• Treatment and therapy recommendations for providers

• Call center for clinical questions

• Summary of clinical literature and research mining

• Assistance for patient financial counseling and Q&A

• Procurement and contract management

• Referral support and routing for providers and patients

• Drug discovery and clinical trial design

Still, Bain & Company researchers warn that there are significant hurdles ahead as health systems race to implement these fast-advancing technologies.

"Solutions to the greatest hurdles aren't yet keeping up with the rapid technology development," they say. "Resource and cost constraints, a lack of expertise, and regulatory and legal considerations are the largest barriers to implementing generative AI, according to executives.

"Even when organizations can overcome these hurdles, one major challenge remains: focus and prioritization," researchers add. "In many boardrooms, executives are debating overwhelming lists of potential generative AI investments, only to deem them incomplete or outdated given the dizzying pace of innovation. These protracted debates are a waste of precious organizational energy – and time."

THE LARGER TREND
As health systems work to develop "pragmatic" strategies for generative AI adoption, Bain suggests that hospital execs keep four guiding principles top-of-mind. They should, as researchers write in the report:

1. Pilot low-risk applications with a narrow focus first. When gaining experience with currently available technology, companies are testing and learning their way to minimum viable products in low-risk, repeatable use cases. These quick wins are typically in areas where they already have the right data, can create tight guardrails, and see a strong potential return on investment.

2. Decide to buy, partner, or build. CEOs will need to think about how to invest in different use cases based on availability of third-party technology and importance of the initiative.

3. Funnel cost savings and experience into bigger bets. As the technology matures and the value becomes clear, companies that generate savings, accumulate experience, and build organizational buy-in today will be best positioned for the next wave of more sophisticated, transformative use cases.

4. Remember AI isn't a strategy unto itself. To build a true competitive advantage, top CEOs and CFOs are selective and discerning, ensuring that every AI initiative reinforces and enables their overarching goals.

ON THE RECORD
"Providers and payers are looking for profit opportunities while also doubling down on employee morale, clinical care, and patient experience," said Eric Berger, a partner in Bain's Healthcare & Life Sciences practice, in a statement. "Many recognize the potential AI offers to boost productivity, yet they are acutely aware of the uncertainties around evolving technology.

"This uncertainty cuts both ways," he added. "While there is hype, there is also opportunity. Leading companies are taking this technology shift seriously and getting started with highly focused, low stakes use cases with some near-term ROI while building up the experience and confidence needed to invest in a more transformative vision."

Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.