By Michael Giannopoulos, Healthcare CISO & CTO, Americas and Federal Healthcare Director, Dell Technologies
Anyone familiar with the healthcare industry knows the crux of the Hippocratic Oath: “Do no harm.” For doctors, nurses and other providers, this essential cornerstone governs every action, decision and patient interaction.
For those of us in the digital sphere, the edict is no less critical. Ensuring healthcare data security is not solely a technological challenge, but an ethical responsibility. This is especially true as destructive cybersecurity events become more frequent around the globe. In 2022, cyberattacks on healthcare institutions in the United States surged to around 1,410 weekly attacks per organization—an increase of 86% from the year before. In general, the healthcare sector ranked second among all industries for the most cyberattacks in the US. It ranked third globally, only surpassed by education/research and government/military.
The repercussions of such breaches aren’t abstract. When healthcare organizations lose control of their infrastructure, it presents real risks to patient safety, continuity of care and clinical decision-making processes. For instance, if the systems managing a patient’s Electronic Medical Records (EMR) fail, the effects can be life-threatening. If a hospital’s prescription system is compromised, harmful drug interactions might go unchecked.
Despite these known risks, many organizations are falling behind in their security measures: According to Dell’s Innovation Index, only around one-third (33%) of IT decision-makers have taken comprehensive steps to secure data, highlighting a worrying gap.
As the Venn Diagram of healthcare and technology widens—and as emerging AI solutions present both risks and exciting possibilities—we’re at a pivotal crossroads. For healthcare leaders, now is the time to take action to safeguard infrastructure and ensure patient trust in digital systems.
With the many advances happening in technology today—including the meteoric rise of AI and breakthroughs in personalized medicine—ensuring that data and the information it yields is safe and maintains integrity is non-negotiable.” – Michael Giannopoulos, Healthcare CISO & CTO, Americas and Federal Healthcare Director, Dell Technologies
Security equals infrastructure, and infrastructure equals security
Today’s healthcare cybersecurity landscape is fraught with vulnerabilities. Previous solutions, such as antivirus software and firewalls, once considered a sufficient defense strategy, are no longer adequate. Ransomware-style attacks are some of the most frequent security events that healthcare institutions face—and they’re becoming more commonplace and complex by the day. The Federal Bureau of Investigation (FBI) recently acknowledged that in 2022, ransomware attacks hit critical infrastructure especially hard, and healthcare and public health institutions were at the top of the list of victims.
In many cases, patient safety is the primary casualty of such events. Ransomware attacks can lead to organization-paralyzing time offline. According to a survey of 579 IT professionals by the Ponemon Institute and Censinet, nearly half of the respondents said their organizations had experienced a ransomware attack in the past two years—a rise in 43% from 2021. Nearly half (45%) reported that such events lead to complications from medical procedures, and 53% said such attacks result in a disruption of patient care. Secondary to the human cost, the financial and reputational tolls are staggering. In 2023, the average cost of a healthcare data breach rose to an all-time high of more than $10 million.
It’s clear that data security is paramount when it comes to advancing healthcare outcomes. But a comprehensive strategy isn’t just about data—it encompasses the map mechanism and apparatus that sits on top of that data and ensures everything is accurate and in its proper place. Summed up succinctly: Security and infrastructure are inextricable from one another.
As with any aspect of healthcare, the patient must be the North Star when designing strategy and exploring holistic cybersecurity strategies—or comprehensive solutions like Dell Trusted Infrastructure. With the many advances happening in technology today—including the meteoric rise of AI and breakthroughs in personalized medicine—ensuring that data and the information it yields is safe and maintains integrity is non-negotiable.
Cultivating resilience via holistic solutions
This cyber storm isn’t one to be weathered—it needs to be actively fought. Healthcare leaders are on the frontlines, and their technology partners are equally accountable. What’s more, fortifying defenses is not a one-person or one-department job. It requires a united front, from orchestrating regular red team exercises to simulate attacks, to educating all stakeholders across operations on the merits and intricacies of integrated solutions.
As a trusted partner in this ecosystem, Dell Technologies has a proven track record: Phoenix Children’s Hospital, which implemented Dell ECS, has seen an acceleration of data restoration efforts, improvements and enhancements in user experiences and lower operating costs. Staff have the peace of mind that they can rely on our technology in times of crisis, as well as confidence in the backups of their data.
The impact extends globally: In Thailand, N Health, a leading healthcare services provider, modernized its aging infrastructure with new, scalable solutions like Dell PowerProtect appliances. As a result, hospitals that use the platform now have improved confidence to continue to deliver above-and-beyond patient experiences and drive regional expansion.
Dell’s work with major healthcare organizations offers compelling snapshots of collaborative resilience in action: By working with Dell Technologies, these organizations are able to coalesce backup data from multiple centers into two secure data vaults managed by only a handful of people- an impressive feat that demonstrates the streamlining power of well-implemented cybersecurity infrastructure.
AI: advanced threat, strategic ally, or both?
Thanks to AI, a year from now, we’ll likely be living in a very different world. On the optimistic side, AI has the potential to proactively identify threats and bolster prevention strategies. Human vigilance supplemented by AI promises a formidable alliance. What’s more, AI’s ability to learn and adapt may allow organizations to harness the vast amounts of data they collect daily.
Consider a hospital system with 25 facilities across 15 states running an Electronic Medical Records (EMR) system: They could theoretically use AI to harness billions of pieces of existing data to improve patient outcomes. (It goes without saying that the most fundamentally important element of success in such an endeavor lies in building and training AI models—whether they be generative, extractive or polymorphic—responsibly.)
At the same time, as we discover a myriad of ways to utilize defensive AI, we must also remain aware that threat actors are exploring ways to weaponize it. The rise of AI-based cyberattacks and deepfakes poses a new level of risk that healthcare organizations and their technology partners must be prepared to confront.
In short: AI is not a panacea, but it is a tool of limitless potential. Using it effectively necessitates a delicate balancing act—embracing the promise of AI’s potential while countering the threats it may engender. As we navigate this complex terrain, healthcare leaders will need to lean upon technology, including holistic solutions like Dell Trusted Infrastructure—as well as people and processes working in tandem in order to foster resilience. This cohesive approach can help ensure that “doing no harm” extends beyond the physical realm and into the digital one.