Hot Topics at Healthcare Conferences: From AI to Cyber Insurance Costs

Epic’s move to integrate Microsoft's generative AI into its electronic health records system made headlines during the HIMSS conference as a technology that could potentially quell the rising levels of physician burnout while also providing clinical decision support. 

Generative AI can suggest diagnoses, predict outcomes based on historical data, and fill in missing information on patients’ charts. 

But the opportunities don’t come without trepidation for leaders like Micky Tripathi Ph.D., National Coordinator for Health Information Technology at the U.S. Department of Health and Human Services, who presented at ViVE in Nashville. 

“I think all of us hopefully feel tremendous excitement and you ought to feel tremendous fear also,” said Tripathi about the pros and cons of generative AI in healthcare. “As we know, inappropriately used, there are equity issues, there are safety issues, there are quality issues, there's all sorts of issues without appropriate transparency and appropriate governance.” 

One of those issues centers on what happens when bots make suggestions or prompts based on available data. Historically, drug research and development, and height and weight standards, for instance, have excluded diverse populations, Najat Khan, Ph.D., Chief Data Science Officer at the Janssen Pharmaceutical Companies of Johnson & Johnson told a packed ViVE audience. The results presented by AI could thus be skewed. 

And yet, engaging indigenous peoples and/or people of color in patient care (and staffing) remains challenging due to widespread distrust of the medical system, stemming from historical injustices such as the research performed on the Tuskegee Airmen.

The discussion around data sovereignty has engaged privacy regulators not only in the United States, but also in the European Union. After Italy banned ChatGPT, Germany is considering similar measures.

The General Data Protection Regulation (GDPR), which gives users control over their personal information, may apply to the rapidly emerging category of generative AI companies.

The Italian government-agnostic privacy regulating agency, Garante, accused Microsoft Corp–backed OpenAI of not checking the age of ChatGPT users. The agency also noted the "absence of any legal basis that justifies the massive collection and storage of personal data" to "train" the chatbot.

In the United States, where reproductive rights are increasingly different from state to state, the importance of data privacy, security, and sovereignty are more important than ever, and should be closely considered as healthcare entities consider the implications of integrating the use of AI.

The use of AI in the healthcare space will require the collection and storage of vast amounts of personal health information. Providers that use AI, like ChatGPT, should implement strict security measures and conduct regular audits and risk assessments to ensure compliance with privacy laws and/or the Health Insurance Portability and Accountability Act (HIPAA). 

The post-pandemic Great Resignation and a preexisting provider shortage have exacerbated the difficulty of finding and retaining clinicians and clinical support staff. 

According to Dr. Khan, another challenge is trying to diversify hiring across the healthcare ecosystem in order to encourage engagement among underserved patients. Having someone in the exam room who’s relatable and can address the social determinants of health for various patient populations could make care more equitable — and make diverse data more available.

There are also challenges when hiring the men and the women “behind the curtain” — the small but growing number of qualified cybersecurity professionals who have their pick of industries. Since healthcare involves adhering to myriad regulatory standards and working off-hours across most organizations, outsourcing and partnerships become key, said speakers at both the ViVE and HIMSS conferences. 

Automating tasks or partnering with external vendors can prevent harmful cybersecurity attacks (such as credential stuffing and distributed denial of service) while detecting and mitigating vulnerabilities. 

The growing number of temporary and remote workers — like traveling nurses or clinicians who perform telehealth visits — also requires cybersecurity professionals to enhance their focus on protection of login credentials and access to data across the industry. 

Protect your organization by adopting a Zero Trust security posture, and explore a fully managed service for security management, monitoring, and mitigation.

The expansion of programming and pavilion space dedicated to cybersecurity at healthcare conferences like the HIMSS and ViVE show a burgeoning recognition that, in the words of U.S. Senator Mark R. Warner, “cybersecurity is patient safety.”

A show of hands at ViVE to panelist Errol Weiss, Chief Security Officer at Health-ISAC (one of Akamai’s strategic partners), showed that three-quarters of his packed panel audience had been affected by a cybersecurity incident. His review of Health-ISAC’s most recent cybersecurity research showed that ransomware, phishing (including advanced “callback phishing”), and third-party breaches are among the top concerns of the survey participants. 

As innovation increases across the healthcare ecosystem and promotes progress, complexity grows, as does the attack surface, noted Weiss. He cautioned that platforms like ChatGPT could pose cybersecurity risks to healthcare organizations, with threat actors using the AI to fine-tune their attack strategies. 

And although the growth of the Internet of Medical Things and remote patient monitoring promises more connection among providers and patients (and, thus, likely better clinical outcomes), Weiss cautioned that they also increase the surface area at risk. 

The more digitally focused an organization becomes, the more it leverages cloud-based solutions and application programming interfaces (APIs), which necessitates more robust security strategies. It may ultimately be those strategies that also promote long-term organizational resilience by securing cybersecurity insurance. For healthcare specifically, the costs of such policies continue to climb because of both the industry’s higher propensity to pay versus other leading industries and the large volume of third-party vendors. 

Zero Trust policies can ultimately yield a better rate for cybersecurity insurance premiums, an easier path to get coverage, and a lower cost of delivering or receiving healthcare when ransomware costs (or high postbreach premiums) don’t have to be absorbed. 

You can understand, detect, and block threats with our segmentation solution. Akamai also intends to broaden the breadth of its security offerings by acquiring Neosec, which extends market-leading application and API protection with complete API visibility and security coverage.