More than just a business threat, cyberattacks on hospitals and health services could impact patient safety and mortality

Cyberattacks have become an unfortunate reality for governments and businesses — so much so that it’s no longer a question of “if” a cyberattack will occur but “when.” In a recent IDC study, 69% of respondents said their businesses were adversely affected by a cyberattack in the past year. A World Economic Forum study found that cyberattacks cost the healthcare industry roughly $11 million per incident, and that the healthcare sector spends more than any other to recover from cyberattacks.

But that’s just the dollars and cents. The real danger occurs when a cyberattack compromises access to vital medical and pharmaceutical records. A recent wave of ransomware attacks across the U.S. healthcare system impacted care for more than 100 million patients. Such disruptions and delays can reduce the quality of patient care, and even have the potential to threaten lives.

Here, Kyndryl's Jimmy Nilsson, Vice President, Global Domain Leader Zero Trust, and Mark Emig, Vice President and Senior Partner, explain how the company can help healthcare providers develop and execute cybersecurity and resiliency strategies, and prepare for the advantages that AI will bring to the industry.

How can healthcare systems better protect themselves from cybersecurity incidents?

Nilsson: The first thing is to accept that cyberattacks will happen. So with that in mind, the next step is to focus on cyber resilience — the ability to protect against, respond to and recover from cyber breaches. To do that will require healthcare providers to establish a comprehensive cybersecurity strategy — everything from having the right mindset, to modernizing platforms and systems, to incorporating third-party suppliers and partners into an overall cybersecurity strategy, to fostering a culture of security among employees.

Emig: Due to the amount of data that the healthcare industry manages, it becomes an easy target for bad actors. These attacks can have life-threatening consequences and impact access to healthcare, approval of emergency procedures and fulfilment of life-sustaining prescriptions. Healthcare companies need to urgently prioritize the implementation of modern cybersecurity practices to protect data, networks and applications required to maintain business operations.

What are the keys to managing the cybersecurity capabilities of third-party vendors and partners?

Nilsson: It’s critical to establish auditing capabilities to enforce an organization’s cybersecurity policies and regulations. That’s why healthcare systems should incorporate third-party vendors into their overall cybersecurity strategy from the very beginning of the relationship. Any cyber defense is only as strong as its weakest link. All stakeholders — including suppliers and employees — must be committed to cybersecurity within a Zero Trust framework.

Emig: I agree. Recent incidents have highlighted the importance of closely assessing the security procedures of third-party vendors and service providers that have access to sensitive data and are required to maintain business operations.

Will AI play a role in the future of healthcare cybersecurity?

Nilsson: If there’s one thing I took away from this year’s HIMSS Conference, it’s that the intersection of AI and cybersecurity will bring about the beginning of a new era for healthcare. Several companies are actively integrating AI-powered solutions into their systems. As a result, they’re realizing the benefits of predictive analytics and anomaly detection, graph-based monitoring, and malware detection and prevention.

Healthcare systems collect patient data from birth, so the ability to infuse AI into patient data analytics will give physicians and other healthcare providers the visibility and insights they need to optimize patient care. AI-generated insights also will play a role in bringing the advantages of healthcare centers of excellence to remote or underserved areas.

The current challenge is that hospitals have been collecting patient data through a variety of uncoordinated systems — many of them built with legacy technologies. This makes it difficult — and sometimes impossible — to gather and analyze patient data effectively. So infusing AI into healthcare data analysis will lead to significant breakthroughs in patient care, even exclusive of medical advances. AI in healthcare will help providers maximize their ability to convert unstructured data into actionable information.