Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can AI and ML slay the healthcare ransomware dragon?

Taylor Armerding | April 13, 2017
Properly applied, artificial intelligence and machine learning could “crush” the ransomware pandemic, especially in the health sector.

It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.

But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”

Which, on its face, might sound like a bit of an oversell, when the mantra in cybersecurity is that there is no such thing as a silver bullet.

James Scott, ICIT senior fellow and author of the report, agrees that AI/ML alone will not make any organization bulletproof. Organizations must, “effectively implement fundamental layered cybersecurity defenses and promote cyber-hygiene among personnel,” he said.

But, he said the use of AI/ML can definitely solve the low-hanging fruit problem. “They will no longer be an attractive target for unsophisticated ransomware and malware threat actors,” he said, “so adversaries will dedicate their resources to attacking easier targets – likely in other sectors – that do not have algorithmic defense solutions.”

Rob Bathurst, managing director for worldwide health care and life science at Cylance, and an ICIT fellow, agrees that AI/ML are not a silver bullet. “But they are a much better bullet,” he said.

He said they are a major improvement over Security Information and Event Management (SIEM) solutions that, in the words of the report, “are plagued by data overload, false positives, and false negatives.”

The AI/ML model, Bathurst said, doesn’t need specific signatures. “It’s very good at answering questions like: ‘Is this file going to potentially harm my computer if it’s allowed to execute?’ It doesn’t need one-to-one matches with signatures,” he said.

It is obvious that the healthcare sector needs better security. One of the reasons it is such a popular target is that, as the report notes, the victims are more likely to pay, since, “every second a critical system remains inaccessible risks the lives of patients and the reputation of the institution. Hospitals whose patients suffer as a result of deficiencies in their cyber-hygiene are subject to immense fines and lawsuits.”

Also, for security solutions to be attractive to healthcare organizations, they have to be both non-intrusive and affordable.

As has been widely reported, healthcare workers are notorious for skirting security protocols because of “friction” – they slow down or inhibit the ability to respond quickly to patient needs.

And, when a hospital or clinic is on a tight budget, security is a lower investment priority than patient care.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.