The rising use of artificial intelligence in the healthcare sector that is leading to innovative treatments and new drug discoveries still leaves an elephant in the room: cybersecurity.

From phishing to ransomware to data breaches and DDoS (distributed-denial-of-services) attacks, consequences of cyberattacks can be life-threatening.

According to Check Point Research, worldwide healthcare cyberattacks averaged 1,463 cases per week in 2022; 74% more than the previous year.

Main reasons for cyberattacks

Among the top reasons for cyberattacks are that private patient information is worth a lot of money to attackers. Accessibility of this data often takes place at various phases and places in a hospital and also remotely, thereby creating an environment for severe attacks.

Secondly, with the wide range of medical devices and equipment becoming smarter or IoT-enabled and enhanced by AI-ML, the data to and from these devices in and out of cloud becomes more vulnerable to hackers.

Skillsets and the knowledge of health workers are also important. Often with the introduction of new technologies, these ground-level workers are not skilled enough to handle machines and devices that leave room for cyberattacks. This scenario is coupled with the lack of the right talent required to handle the vast number of devices used in a hospital.

Data needs to be shared among hospitals for a similar surgery or a critical case providing another window for data leaks that hackers are aware of and wait for. This scenario often gets worse if medical devices and the required equipment are not up to date.

Often in an environment that is enhanced with AI intervention and inclusion, a healthcare or a medical devices company or one with expertise in clinical trials opts for a zero-trust cybersecurity system that secures the entire architecture with multiple authentications.

A zero-trust cybersecurity system must have 24x7 real-time monitoring, alerts raised with admins at the slightest hint of a security breach, threat maps available with both the customer and the IT organization, threats and attacks can be investigated in real time with a potential threat eliminated as quickly possible and assessment of a possible risk if another organization recently faced a similar attack.

How AI is a boon and a threat actor?

HCLTech Trends and Insights APAC reporter Mousume Roy in a recent article, titled Advancing research: The tech-infused evolution of clinical trials, highlights how clinical trial practices have undergone significant transformations, driven by advancements in technology and a growing emphasis on efficiency and patient-centricity.

Among the benefits of AI in clinical trials, factors like faster time to market, reduced costs, more accurate data analysis, personalized medicine, improved patient outcomes and real-time access to expertise matter.

However, with AI inventions and interventions in clinical trials, there is a huge risk of cyberattacks. As any other form of software, clinical trial software is vulnerable to breaches, data theft and ransomware attacks where hackers can tamper with a wearable device, putting a patient’s health at risk, destroying the data from a clinical trial, making the data invalid and even replacing it with biased and incorrect data.

In the UK, Lindy Cameron, CEO of National Cyber Security Centre (NCSC), told the BBC: “The scale and complexity of these [AI] models is such that if we don’t apply the right basic principles as they are being developed in the early stages, it will be much more difficult to retrofit security.”

Securing clinical trials

Well-versed with the needs of the life sciences and healthcare (LSH) industry, HCLTech Dynamic Cybersecurity Framework applies AI and predictive analytics to provide a proactive and integrated response to threats and significantly improve zero-trust security stature.

“Never trust and always verify. From an evolution standpoint, zero trust is at a point of controlling application and data access— critical enterprise resources. Importantly, it shouldn’t be forgotten that the foundation of zero-trust is identity,” says Prashant Mascarenhas, Vice President - Cybersecurity & GRC Services at HCLTech.

For example, HCLTech helped a leading US-based multinational contract research organization, specializing in helping companies with late-stage clinical trials that wanted to expand its security capabilities to adapt to a remote working environment. To achieve this, HCLTech developed a cost-effective and zero trust security-focused solution aimed at enhancing employees’ experience through increased work visibility, unified collaboration experiences and improved internet performance for the end-users.

Proactive zero-trust cybersecurity in healthcare

HCLTech offers comprehensive and tailor-made cybersecurity services that include Global Risk and Compliance Management, Data Security and Privacy, Application Security, Infrastructure and Cloud Security services, Identity and Access Management and 360° OT Security. These enable organizations to secure patient identity, maintain business and operational continuity and retain customer trust.

“To effectively ensure controlled network and application and data access, a strong identity access management architecture is now required.  This architecture will help organizations move away from traditional role-based access models to attribute-based access models that can be used to make contextually relevant decisions. At the same time, at the network layer, organizations should shift from traditional network access controls to policy-based remote access and device context-based policies, which can be applied on the network in real time,” adds Mascarenhas.

For example, HCLTech helped a Fortune 500 US company, with services in more than 190 countries and exceptionally high operational costs for managing security remotely. Looking for a top-notch endpoint security solution that was affordable, it deployed a secure digital system with an upgraded and monolithic infrastructure, which reduced security incident counts by 50%.

In the US, taking a patient-centric approach to health data governance is already reducing costs. HCLTech Trends and Insights US reporter Jordan Smith, in a recent article, titled Patient-centric approaches to health data improve data governance, highlights how such a process is improving patient care and gaining new customers.

Besides offering end-to-end patient-centered services and solutions that enable customers to achieve patient centricity, starting with consulting services from an advisory standpoint to helping customers with blueprints, adoption, roadmaps and best practices, HCLTech patient engagement services built an ecosystem of connected tools and technologies. The digital engagement platform that HCLTech built for an emerging US-based digital healthcare system provider to address long-term healthcare outcomes of veterans and their families is a fine example.