By Jeff Wardon, Jr., Assistant Editor

Cyberattacks are devastating to healthcare facilities, as they can compromise sensitive data and stall physical operations. With these attacks growing riskier, healthcare facilities are looking for ways to bolster their cyber defenses.

One potential avenue for this is AI tools and resources being used in healthcare cybersecurity, according to Errol Weiss, chief security officer at Health-ISAC. 

Some cybersecurity tools and services have already been enhanced by AI’s capabilities, Weiss says. In fact, there are cybersecurity tools being enhanced with AI to do better with detection. 

“I've seen very simple things in terms of being able to summarize articles or summarize white papers succinctly for analysts to then be able to get a better handle on things,” says Weiss. “It’s making them a little bit more efficient in terms of being able to provide some analysis. It then allows that human element to focus on important daily functions.” 

Weiss adds that he has spoken to some providers who are looking at having AI consultants that are trained in the various aspects of cybersecurity. 

However, the use of AI may prove to be a double-edged sword, as both healthcare organizations and hackers seek to implement this technology. 

The threats of AI 

A major threat is the wide availability of free AI tools and the cybercriminals looking to take advantage of them.  

“The availability of free AI tools is only going to make things like advanced phishing scams with very convincing text to be readily available for cybercriminals,” says Weiss. “Malicious actors can use AI to create emails in any language and in any subject discipline area that appeals to the recipient. It only catches people off guard and likely to fall victim to the scammers.”    

This has already been seen in effect, as the “Scattered Spider” threat actor Healthcare Facilities Today previously reported on is known to leverage AI tools to mimic victims’ voices for gaining initial access to the organizations it targets. It follows a trend of “deep fakes” in cyberattacks, where these AI tools can create convincing yet fraudulent images, audio recordings or videos. These can then be used in phishing scams as Weiss mentioned to dupe victims into doing whatever the cybercriminal wants. 

In addition, Weiss has also seen AI being used to identify new zero-day vulnerabilities, which are weak points in software that are unknown to their makers. AI can even create exploits for known vulnerabilities, too. 

“AI will expand the universe of people able to take advantage of these vulnerabilities even if they have less technical skills,” Weiss says. 

Moreover, it means that for healthcare facilities, there’s going to be even more to defend against and it will get harder for the defenders to protect their networks because of these new AI threats, according to Weiss. However, the situation isn’t completely dire, as healthcare facilities and organizations can take action to shield themselves. 

“Not only do we need to educate end users about more enhanced scams from phishing, but we also need more cybersecurity talent, more technology and ultimately more investments in cybersecurity to help protect from all these threats,” Weiss says. 

Jeff Wardon, Jr., is the assistant editor of the facilities market.