Next Frontier: Hackers May Manipulate Patient Data
Dameff said future hackers may use AI to manipulate individual patient data in ways that threaten patient health. AI makes this easier to accomplish.
“What if I delete your allergies in your electronic health record, or I manipulate your chest x-ray, or I change your lab values so it looks like you’re in diabetic ketoacidosis when you’re not so a clinician gives you insulin when you don’t need it?”
Garcia highlighted another new threat: Phishing efforts that are harder to ignore thanks to AI.
“One of the most successful way that hackers get in, disrupt systems, and steal data is through email phishing, and it’s only going to get better because of artificial intelligence,” he said. “No longer are you going to have typos in that email written by a hacking group in Nigeria or in China. It’s going to be perfect looking.”
What can practices and healthcare systems do? Garcia highlighted federal health agency efforts to encourage organizations to adopt best practices in cybersecurity.
“If you’ve got a data breach, and you can show to the US Department of Health & Human Services [HHS] you have implemented generally recognized cybersecurity controls over the past year, that you have done your best, you did the right thing, and you still got hit, HHS is directed to essentially take it easy on you,” he said. “That’s a positive incentive.”
Ransomware Guide in the Works
Dameff said UC San Diego’s Center for Healthcare Cybersecurity plans to publish a free cybersecurity guide in 2025 that will include specific information about ransomware attacks for medical specialties such as cardiology, trauma surgery, and pediatrics.
“Then, should you ever be ransomed, you can pull out this guide. You’ll know what’s going to kind of happen, and you can better prepare for those effects.”
Will the future president prioritize healthcare cybersecurity? That remains to be seen, but crises do have the capacity to concentrate the mind, experts said.
The nation’s capital “has a very short memory, a short attention span. The policymakers tend to be reactive,” Dameff said. “All it takes is yet another Change Healthcare–like attack that disrupts 30% or more of the nation’s healthcare system for the policymakers to sit up, take notice, and try to come up with solutions.”
In addition, he said, an estimated two data breaches/ransomware attacks are occurring per day. “The fact is that we’re all patients, up to the President of the United States and every member of the Congress is a patient.”
There’s a “very existential, very palpable understanding that cyber safety is patient safety and cyber insecurity is patient insecurity,” Dameff said.
A version of this article appeared on Medscape.com.