Ransomware has been a security threat to many bodies within healthcare
Ransomware has been a security threat to many bodies within healthcare

A new report has proposed AI and Machine learning as a potential cure to the “Ransomware pandemic” making its way through the healthcare sector. The Institute of Critical Infrastructure Technology (ICIT) recently released a report called “How to Crush the Health Sector's Ransomware Pandemic”.

James Scott, senior fellow at ICIT and the author of the paper offers a plain solution to the worrying rash of cyber-attack on hospitals and healthcare providers that have held patient safety to ransom. He notes the proliferation of not only dynamic and adaptive malware, but the sheer number of adversaries that can find their way around defences no matter how resilient or well-resourced. But against this gloomy landscape, says Scott in a defiantly optimistic tone, what if healthcare organisations could use machine learning to overcome these threats?

The security posture of the health sector, notes Scott, is characterised by poor cyber hygiene, “frankensteined networks”, and “good ol' boys club bureaucratic board members flexing little more than smoke and mirror, cyber-security theatrics as their organisational defence”. Moreover, the sector is a great target for attackers because of the massive amounts of poorly protected and valuable data.

Ransomware has been an especially popular tool in waging war against healthcare organisations. Ever since a Los Angeles hospital paid US$17,000 (£14000) to save itself from the grip of a ransomware infection last year, the healthcare sector has faced a wave of such attacks.

Even FBI Director James Comey noted this month at a Boston cyber-security conference that, “Healthcare enterprises face all the same challenges that the rest of us do, but a recent plague is one for them to focus on, and that is the ransomware plague, hackers suddenly see the healthcare sector as a piggy bank.”

Scott says that federal law enforcement, who are best equipped to deal with such crimes,  often don't get involved unless a substantial financial loss occurs. Even when law enforcement do get involved there is little they can do.  

There is often little organisations can do except prepare for such attacks. Artificial Intelligence and Machine learning could provide the sector with the means to do not just that but more, says Scott: “Healthcare organisations can finally stymie the ransomware epidemic and the plague of PII theft afflicting the sector.”

Furthermore, adds Scott, “these solutions are already available.” For a sector that has so few trained cyber-security personnel, AI would allow the creation of an ecosystem capable of fighting off infections without the the need for security analyst to be constantly watching.

The report predicts that within five years, AI and machine learning will usurp the role of SIEM and AV solutions.

Rob Bathurst, as worldwide managing director of healthcare and embedded systems at Cylance contributed to ICIT's report. He told SC Media UK that while AI might never be omnipresent in healthcare security, by applying it to critical areas like user endpoints and medical record services, “the organisation can create a much more effective defensive model capable of preventing damage, not just controlling it.”

So if this is the panacea which will fix the woeful state of healthcare security, why aren't more using it?  As with security in so many areas, those doing the decision-making aren't well informed about the capabilities and in some cases are simply negligent and not willing to protect data. Those that resign themselves to this posture, the report says, will become low hanging fruit for attackers: “Healthcare providers have no excuse for risking the data and lives of their patients through negligent cyber-hygiene.”

Such advanced measures may help, Javvad Malik, security advocate at AlienVault told SC, who thinks that the health sector could also benefit from getting the basics right first. “While there will likely come a time in the near future where machine learning and algorithms will become a standard part of every IT Security technology offering, healthcare organisations would likely be better off addressing fundamental security issues which would offer better protection against a broad range of attacks as well as simplify management."

If ransomware is such a problem in healthcare, then the whole sector would benefit profoundly from a basic fix, Paul Calatyud, CTO of FireMon told SC. “Ransomware's main objective is to encrypt the data on the endpoint it was able to exploit. If healthcare organisations invest in ensuring that data is available on other systems, a common approach to backups, the encrypted data is therefore not valuable”.