New HSCC CWG Publication; Artificial Intelligence Cybersecurity Considerations

Healthcare & Public Health Sector Coordinating Councils

February 6, 2023

We are pleased to share today our first HSCC CWG publication of 2023 - a white paper titled: “Health Industry Cybersecurity-Artificial Intelligence Machine Learning (HIC-AIM)” – an overview and discussion of 9 cybersecurity considerations for the implementation of A.I. in a clinical and enterprise environment. HIC-AIM was developed by the Emerging Technology Task Group, co-led by Mark Jarrett of Northwell Health; Jim St. Clair of Coordinated Care Inc.; and Linda Ricci of FDA. Significant editorial contributions were provided by Julie Sisk of First Health Advisory. Much of the content was developed by recruited outside experts in academia and industry with deep background in the field.

Summary

Healthcare has continued to evolve from the paper-and-pen world to a digital environment. The opportunities for high-quality, safe and effective care have increased exponentially with this change. Integral to these opportunities is the harnessing of increasing computer power and the revolutionary impact of artificial intelligence (AI) and machine learning (ML). AI/ML could impact every aspect of healthcare, from diagnosis, treatment decisions, predictive analysis, and even administrative functions such as coding and billing.

The promise of AI/ML, however, comes at a price: artificial intelligence systems, especially those dependent on machine learning (ML), can be vulnerable to intentional attacks that involve evasion, data poisoning, model replication, and exploitation of traditional software flaws to deceive, manipulate, compromise, and render them ineffective. Yet too many organizations adopting AI/ML systems are unaware of their vulnerabilities. This potential outcome is the basis of this whitepaper.

Audience

This paper is intended for an audience of senior technical leaders within the CIO/CTO functions. It assumes basic knowledge about software programming and application engineering with an associated capability to translate technical concepts into practical business, operations, and clinical privacy and cybersecurity risk.

Outreach

Please feel free to share this paper with your community of peers. We are also preparing for your use a boilerplate slide deck that is suitable for presentation at conferences and webinars.

Greg Garcia
Executive Director
Health Sector Coordinating Council
Cybersecurity Working Group

Key Resources

Related Resources

Advisory
Microsoft Develops New Recovery Tool to Assist with CrowdStrike Issue Impacting Windows Endpoints
Public
Advisory
CrowdStrike Technology Outage Causing Global Disruption, Including Impacts on Hospitals
Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Issue Landing Page
Support for your Cybersecurity Program
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public