Monthly Healthcare News Roundup: Microsoft AI for Health Initiative, 2020 Predictions for Cyberattacks, and More

March 3, 2020

Monthly Healthcare News Roundup: Microsoft AI for Health Initiative, 2020 Predictions for Cyberattacks, and More

Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn about Microsoft’s new AI for Health Initiative, health IT professionals’ predictions for cyberattacks in 2020, and more.

Microsoft launches major $40M AI for Health initiative

In January, Microsoft announced AI for Health, a five-year and $40 million program that intends to help healthcare organizations adopt the power of AI and machine learning to bolster the health of populations worldwide. Its aim is to assist researchers, nonprofits, and global health systems launch advanced technology with three goals in mind:

  • Advancing research for prevention, diagnoses, and treatment purposes
  • Encouraging understanding of longevity and mortality to help mitigate global health crises
  • Improving healthcare access for underprivileged populations

According to Microsoft’s Chief Data Analytics Officer, John Krahan, the program is deeply rooted in privacy, security, and ethics, and is aimed at addressing social health issues while aiding researchers in the pursuit of developing new medical technology.

“As a tech company, it is our responsibility to ensure that organizations working on the most pressing societal issues have access to our latest AI technology and the expertise of our technical talent.” – John Krahan, Chief Data Analytics Officer at Microsoft

Americans affected by health data breaches increased 65% in 2019

A new report by Fortified Health has revealed a 65% uptick in healthcare breaches since 2018. The report, The State of Cybersecurity in Healthcare, collected data from 2009-2019 and measured:

  • Entities involved in a breach
  • Breaches caused by hacking
  • Percent of breaches via email, including phishing
  • Entities under investigation
  • Date of reported breach

Although 2015 was the year with the highest volume of breaches, 2019 followed closely behind with 40 million Americans affected by healthcare breaches. And over the past decade, 189 million health records have been exposed, which encompasses roughly 59% of the population. For more insights from the report, read the full Campus Safety article.

Dozens of hospital computers compromised, former employee pleads guilty

Richard Liriano, a former New York City-area hospital IT employee, has pled guilty to computer fraud. By using “keylogger” software, which tracks numbers and letters struck on keyboards, he obtained the usernames and passwords of his colleagues’ personal email, social media accounts, and more.

The U.S. Department of Justice reported that Liriano used the software to access about 70 of his colleagues’ personal photos and videos, on top of sensitive patient information, throughout a five-year period. Insider threats like this incur higher costs than external cyberattacks – and losses caused by this breach cost the hospital roughly $350,000. Liriano has since pled guilty of consumer fraud and faces a sentence of up to 10 years in prison.

Cybersecurity pros offer their 2020 predictions for healthcare

As medical technology continues to develop, so do the risks. And in 2020, healthcare cybersecurity experts are making predictions for the top security concerns of the year. Among them are ransomware and an increased digital attack surface as more medical devices require online access.

“Ransomware will continue to be the biggest issue as attackers have seen the urgency they can create that can lead to payment,” said Dr. Saif Abed, CEO of Clinical Cyber Defense Systems. “Attacks will become more frequent and indiscriminate.”

Another worrying trend is “Shadowhammer attacks,” which target software and firmware update systems. Dr. Abed predicts that “zero trust” security – a method that requires strict identity verification for every user and device on the network – will become a popular approach to combating these risks.

“The reality will be focusing on the basics. Know what and who are connecting to your network, identify vulnerabilities, and have a patching strategy.” – Dr. Saif Abed, CEO of Clinical Cyber Defense Systems

7 hot healthcare industry sectors for investment, growth, & consolidation in 2020

Stemming from experience advising clients in the healthcare sector, attorneys from Epstein Becker Green, along with advisors from EBG Advisors, have predicted 2020’s top healthcare sectors for investment, growth, and consolidation. Their predictions are based on three key factors:

  1. The ongoing importance of reducing healthcare costs
  2. Advancements in medical technology
  3. The aging baby boomer population

Seven different sectors have been identified as drivers for healthcare innovations, including:

  1. Healthcare information technology
  2. Medical device and pharmaceutical
  3. Physician services
  4. Hospitals and health systems
  5. Long-term care services
  6. Behavioral health services
  7. Medicare advantage plans

Consult the full article to find out more about these sectors and why they’re driving investment, growth, and consolidation this year.

Despite the best laid plans, every organization is susceptible to social engineering

As common as cyberattacks are in the healthcare industry, many of them are executed without technology in mind – they target physicians, care workers, and IT professionals directly. This tactic, called “social engineering,” is a way to manipulate people into essentially opening the door to your organization’s private data. And, it’s at the core of phishing, pretexting, baiting, and other attacks.

Healthcare professionals are especially vulnerable – when a health system has already suffered a breach, they’re often slow to recover because of how complex hospital IT systems are, especially when there are limited resources available on top of providing care to sick patients. In order to mitigate the threat that social engineering causes, all users should receive security training on how to identify the warning signs – and have a plan established in the event a social engineer is successful in cracking into the system.

“If you know why people are doing things, then you know what to protect. And one of the important things is you can’t protect it all, so figure out what we’re protecting, how we’re protecting it, how we’re training our employees — basically, the decisions we should be making in advance and the training we should be doing in advance.” – Kathleen Mullin, Chief Information Security Officer at Healthmap Solutions