AI - Good or Evil in the Cybersecurity Fight?
Today in health, it we're going to take a look at AI and cybersecurity. My name is bill Russell. I'm a former CIO for a 16 hospital system. And creator of this week health, a set of channels and events dedicated to leveraging the power of community. To propel healthcare forward. We want to thank our show sponsors who are investing in developing the next generation of health leaders. Short test artist site parlance, certified health. Notable and service. Now, check them out at this week. health.com/today. Having a child with cancer is one of the most painful and difficult situations family can face in 2023 to celebrate five years of this week health. We're working to give back where you've partnered with Alex's lemonade. Stand all year long. We have a gold rates, $50,000 from our community. And as you know, we've exceeded that goal. We're not going to stop. We're going to continue pushing through. We asked you to join us, hit our website and the top right hand column. You're gonna see a logo for the lemonade. Stand, click on that to give today. We believe in the generosity of our community. And we thank you in advance. One of the things you could do to help us out a lot, share this podcast with a friend or colleague, use it as a foundation for daily or weekly discussions on topics that are relevant to you in the industry. They can. Subscribe, wherever you listen to podcasts. All right, let's get over to this article. This is an interesting one to me. This is in preparation for. A HIMS healthcare, cybersecurity forum. They interviewed one of the people who's going to be on a panel talking about the impact of AI. On cybersecurity. And then they interviewed Dr. Brian Anderson, the chief digital health physician at MITRE. A federally funded nonprofit research organization. And they asked him a handful of questions and I learned a bunch from it. So I thought I'd share with you. The first question they asked him is how exactly does the presence of AI bring up cyber security concerns? And he said there are several ways. I brings up substantive cybersecurity concerns. For example, nefarious AI tools can pose risks by enabling denial of service attacks as well as brute force attacks on particular targets. AI tools also can be used in model poisoning. And attack where a program is used to corrupt a machine learning model. Two. Produce incorrect results by inserting malicious code. That's interesting. Additionally many of the available free AI tools, such as chats, UPT can be tricked with prompt engineering approaches to write malicious code, particularly in healthcare. There are concerns around protecting sensitive health data, such as protected health information, Phi sharing, Phi and prompts. Of these publicly available tools could lead to data. Privacy concerns. So there are some of the concerns. We go on. How can AI benefit hospitals and health systems when it comes to protecting against bad actors? And this is interesting as well. AI has been helping cybersecurity experts identify threats for years now, which is absolutely true. We were using AI. My gosh. , six, eight years ago, the problem was we were getting so many. , so many alerts that we couldn't process all of them. And we utilized AI tools to. Determine the noise from the signal, from the noise as it is. So anyway, , AI has been helping cybersecurity experts identify threats for years now. Many AI tools are currently used to identify threats and malware as well as detecting malicious code inserted into programs and models. Using these tools with humans, cybersecurity experts, always in the loop to ensure appropriate alignment and decision-making can help health systems stay one step ahead of the bad actors. If they're using technology, you have to use technology because technology is 7 24, 365 millisecond response. And we need to build our defenses with 7 24, 365 millisecond response. He goes on AI that is trained in adversarial tactics is powerful. Set. Of tools that can help protect health systems from optimized attacks by malevolent models, generative models, such as large language models. Can help protect health systems by identifying and protecting. Phishing attacks or flagging harmful bots. And I think we're going to see more and more. , AI getting incorporated. Into the, , specifically the, the, , phishing attacks. And identifying those just much. Better as we move forward. And I think they're already, they've already made significant progress. I think it's going to be even better, but again, it's going to be AI against AI. You're going to have better attacks being formulated, and you're going to need better defenses being formulated. , I'm going to close with this one. So what cybersecurity risks are introduced by chat GPT and other types of generative AI. Chat's CPT and future iterations of current GPT four and other LLMs will become increasingly effective at writing novel code. That could be used for nefarious purposes. These generative models also pose privacy risks. As I previously mentioned, social engineering is another concern by producing detailed texts or scripts. And or the ability to reproduce a familiar voice. The potential exists for LLMs to impersonate individuals in attempts to exploit the vulnerabilities. One final thought. It's my sincere belief. As a medical doctor and informaticist that with the appropriate safeguards in place. The positive potential for AI in healthcare far exceeds the potential negative. As with any new technology, there's a learning curve to identify and understand where vulnerabilities or risks may exist. And in a space as consequential, as healthcare, where patients. Wellbeing and safety is on the line. It's critical. We move as quickly as possible to address those concerns. All right. So that's the article. If you want to find it, healthcare, it news is artificial intelligence, a cybersecurity ally, or menace. And as with all technology, it is neither an ally or menace, or it is both an ally or a Metis. The question is whose hands is it in? Who is directing it, who is giving it instructions? My, so what on this is. , the. The nefarious actors are making it their tool. It's time for us to make it our tool. And I know we're, we're purchasing a lot of things. But one of the things I would do as a leader, if I were CIO today is I would be freeing up time. I'd be giving people. I don't know. I start small two hours a week, four hours a week, whatever it happens to be. To be playing around with these large language models and other AI tools. And, , or doing research and sharing. Amongst each other, their findings, how they're using these tools, can they use these tools? Can they write code, have your red teams, blue teams. , start using these tools to try to essentially get into your system, to hack your system. And those kinds of kinds of things. If you're using an outside third party, ask them if they are using. , AI models or AI tools to try to hack into your system. And, , see if they have recommendations around AI tools that you could be implementing to shore up your defenses and those kind of things. AI is the future period. End of discussion. I know it's at the peak of the hype cycle. I know I've talked about it. A fair amount. But it is, it is the future. We are seeing it. We're seeing it evolve every time I use some aspect of chat GPT or a large language model or some other. AI tool or read about some other AI tool. , I'm seeing the advances in, , radiology cardiology, looking at images, looking at historical images, identifying things we didn't identify the last time somebody was in the office. AI is the future computers, reasoning. And giving us their conclusions based on their reasoning. Again, very narrow models for now. We're not worried about them replacing humans, but we want to use them to augment our capabilities. , so it's the future. Let's get in front of it. Let's give our people the margin, the time to start playing around with these models and learning how to use them effectively. In there. , day-to-day work. So that's what I would be doing today. If I were a CIO and I would encourage any leader. It's department level or whatever. To do that. If you're not even a leader at this point, if you're at a point in your career where you are a contributor, And you are working hands on with the technology. Find the time. Create your own margin so that you can be ahead of the curve with regard to generative AI.
All right. That's all for today. If you want to help us out, one of the ways you can do that is recommend this podcast to a colleague or a friend. Or anyone in the next generation of leaders that would be really helpful. They can find it wherever they subscribe to podcasts. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. Short test artist, site parlance, certified health, notable and 📍 service. Now check them out at this week. Dot com slash today. Thanks for listening. That's all for now.