Defending against AI cyberattacks in healthcare

As healthcare organizations embrace technological advancements to enhance patient care and operational efficiency, they also find themselves vulnerable to the dark underbelly of AI - cyberattacks. 

What are AI cyberattacks? 

AI cyberattacks refer to cyber threats and malicious activities that involve the use of artificial intelligence or machine learning technologies to design, execute, or enhance the effectiveness of attacks on digital systems and networks. These attacks can be driven by threat actors who engage in various malicious activities with the intention of causing harm, exploiting vulnerabilities, stealing sensitive information, disrupting operations, or gaining unauthorized access to systems or resources. 

These AI-driven attacks pose significant risks to various sectors, including healthcare, where attackers can use AI to facilitate targeted cyberattacks, extract sensitive data from medical devices, and attempt to exploit vulnerabilities in critical healthcare infrastructure. While AI provides novel opportunities for offensive and defensive cybersecurity strategies, it also poses challenges for defenders in detecting and mitigating sophisticated AI-driven attacks.

See also: US government agencies hit in global cyberattack exploiting MOVEit vulnerabilities

What are the types of AI cyberattacks to look out for?

1. AI-enhanced phishing: Threat actors can use AI to generate convincing and personalized phishing emails, specifically tailored to healthcare staff or patients, to deceive them into revealing sensitive information or clicking on malicious links.
2. AI-powered ransomware: Ransomware attacks, which encrypt critical data and demand a ransom for decryption, can be made more potent with AI. AI can be used to identify and target high-value data, making the ransom demands more effective.
3. AI-driven impersonation attacks: AI can create deepfake videos or voice recordings, allowing attackers to impersonate healthcare professionals or patients to gain unauthorized access to systems or mislead others.
4. AI-generated malware: AI can assist in creating sophisticated and evasive malware that can evade traditional security measures, making detection and mitigation more challenging for healthcare organizations.
5. AI-driven IoT and medical device exploits: As healthcare relies heavily on IoT and medical devices, AI can identify vulnerabilities and exploit them in these interconnected systems, leading to potential disruptions in patient care or data breaches.
6. AI-assisted social engineering: AI can analyze vast amounts of data from social media and other sources to create more convincing social engineering attacks targeting healthcare personnel or patients.
7. AI-based insider threats: AI can analyze behavior patterns and identify potential insider threats within healthcare organizations, such as employees accessing and leaking sensitive data.
8. AI-fueled denial-of-service (DoS) attacks: AI can enhance DoS attacks by automating the identification and targeting of critical healthcare systems, leading to service disruptions and potentially affecting patient care.
9. AI-powered data exfiltration: AI can be used to efficiently and stealthily exfiltrate large volumes of sensitive healthcare data without raising suspicion.

Risks to PHI 

With AI's advanced capabilities, threat actors can craft more convincing and personalized phishing emails and use deepfake technology to impersonate healthcare professionals, potentially leading to unauthorized access to protected health information (PHI). AI-driven ransomware attacks can encrypt and hold PHI hostage, disrupting healthcare services and potentially leading to data breaches. Moreover, AI can assist in the development of sophisticated malware, making it challenging for healthcare organizations to detect and mitigate attacks, thereby increasing the risk of unauthorized access to PHI. Additionally, the use of AI in exploiting vulnerabilities in medical devices and IoT systems can result in data breaches and compromises to PHI. 

See also: New factsheet released to help organizations transition to cloud environments

Methods of protection against AI cyberthreats 

Protection against AI cyberattacks in healthcare requires a multi-layered approach and continuous vigilance. Healthcare organizations should invest in AI-driven cybersecurity tools to enhance threat detection and incident response capabilities, enabling the identification of AI-generated phishing emails, malware, and social engineering attempts. 

Implementing technical safeguards, as required by HIPAA, can help defend PHI from AI-driven attacks, such as access controls, encryption, and network segmentation. Furthermore, proactive vulnerability management and patching of healthcare systems and medical devices are vital to prevent AI-assisted exploitation of weaknesses. Healthcare defenders can leverage AI themselves to explain reverse-engineered code and bolster threat-hunting tactics. 

See also: HIPAA Compliant Email: The Definitive Guide