In 2017, the world witnessed a cyberattack of hideous proportions. The WannaCry ransomware attack infected hundreds of thousands of computers in more than 150 countries, throwing a wrench in the digital gears of many businesses and bringing several industries to their knees with malicious software designed to block access to files until a "ransom" was paid.
One industry that was hit particularly hard was health care, including organizations such as the National Health Service (NHS) in the U.K. and Merck in the U.S. One study found that last year, 78 percent of health-care providers reported a ransomware or malware attack. And perhaps we shouldn't be surprised: Patient records are filled with valuable and private information, and ineffective cybersecurity measures make it far too easy to hold those records hostage. Health care is an easy target for malware.
No one seems safe: A cybercriminal organization hacked into the Cancer Services of East Central Indiana-Little Red Door and threatened to make the records of cancer patients public. Hackers have even targeted patients at ABCD Children's Pediatrics in Texas, potentially selling kids' medical records on the dark web.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
SUBSCRIBE & SAVE
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
But health-care systems like hospitals and insurance providers are starting to fight back using powerful tools of their own: artificial intelligence (AI) and machine learning. If you need a quick refresher, machine learning is an application that allows AI to automatically learn and change without being programmed. Essentially, it takes people out of the equation and lets technology evolve on its own, within some constraints. And if you need an example of the potential power of this application, look no further than Facebook's chatbots, which developed their own non-human language to communicate because machine learning gave them the freedom. Imagine a password written in a language that no hacker can understand or crack, and you can see why the health-care industry is interested in machine learning.
AI and machine learning are part of a bigger attempt to overhaul cybersecurity. As attacks continue to increase, health-care companies have learned that it's not enough to rely on anti-virus or anti-malware protection to stop eager hackers from infiltrating their systems. They're starting to figure out hacker patterns and blocking them before they can get their hands on patient records or data. They're also saying goodbye to vulnerable passwords and relying on more secure methods, like biometrics — think fingerprints and eyeball scans.
Aetna is one early adopter of machine learning. The health insurance company replaced passwords with a behavior-based security system and some biometric protections in its consumer-facing apps. It put machine learning at the forefront by developing a risk engine that combines multiple pieces of data to authenticate users. This risk engine collects personal information, ranging from the operating system and apps you use to how you text or move within the application. It creates an individual risk score, which can change. For example, if someone steals your smartphone, hackers won't be able to log into Aetna's app because the risk engine knows they're suspiciously holding the phone differently than you do. It will then demand additional authentication information, like a PIN or fingerprint, which the hacker won't have.
Aetna isn't the only company making these types of changes. Organizations like Cardinal Innovations Healthcare and Weill Cornell Medicine have turned to CrowdStrike Falcon, which offers anti-virus, anti-ransomware, and anti-malware security with customizable AI features.
Having access to AI and machine learning technology is only half the battle. Actually implementing it is the other half. Health-care companies frequently resist innovation because of high cost barriers, government regulations, complicated internal processes, or just a general fear of change. And sometimes, like the rest of us, they get used to old software and don't want to upgrade, despite knowing the vulnerabilities. One of the biggest reasons why WannaCry ransomware succeeded in crippling NHS computers was because 60 percent of the NHS trusts were still using outdated Windows XP. Some of the trusts said they wanted to upgrade, but couldn't because their legacy software and medical equipment wouldn't work with the new operating systems.
If health-care organizations want to beat hackers, they'll have to innovate, and AI and machine learning may become their first line of defense.
