Nothing is safe from cybercriminals these days, certainly not health systems.
A cybersecurity-related shutdown was the centerpiece of a seasonlong storyline from the hit HBO show “The Pitt.” The hospital from the TV show shut down its IT operations to preemptively protect its systems from getting hit by a data breach that affected another Pittsburgh-area hospital.
While there was comedy in watching the show’s Millennial and Gen Z-aged doctors and nurses get flustered over paper charts and faxes, health systems were not laughing earlier this year when medtech companies Stryker and Intuitive Surgical got hit with devastating cyberattacks. Data breaches, particularly through cyberattacks, have become a common recurring nightmare for health systems over the last few years.
The reality is health systems are more vulnerable than ever to cyberattacks, which could cripple business, force downtime and impact patient care. Supply chains within health systems are often especially exposed due to a reliance on subcontractors, offshore development and open-source assets, according to the Health Sector Coordinating Council’s Cybersecurity Working Group.
HSCC’s Cybersecurity Working Group, a coalition made up of healthcare providers, pharmaceutical and medtech companies, payers and health IT companies, released a comprehensive guide earlier this week to help hospitals minimize AI-related cybersecurity risk in their supply chains.
Here are five important takeaways from this guide:
Organizations must identify an inventory of AI-enabled third-party vendors, products, solutions, devices and services within their supply chain and procurement processes. They must complete a traditional comprehensive risk assessment as well as one that’s specific to AI.
Ask vendors to share model training data, potential biases in their algorithm and be clued into all changes the vendor is making to the model. This should be communicated within enough time to allow a health system's security team to test and validate all changes.
Within the contracting process, ensure you put into place metrics that evaluate AI’s impact on supply chain efficiency, such as accuracy in demand forecasting. Standard business associate agreements are insufficient for AI in healthcare, the guide’s authors report.
Continuously track AI performance in supply chain operations, focusing on model drifting. Monitor for changes in AI effectiveness due to evolving supply chain dynamics. Also ensure AI decisions do not introduce inequality in supplier selection or inventory allocation.
There should be detailed training opportunities for your supply chain workforce before, during and after implementation of an AI tool. These courses should help your employees understand how to identify and mitigate supply chain-focused risks within AI systems.
The guide is worth looking at in its entirety as it goes through detailed processes to help health systems safeguard their protected health information.