Strategies for Reducing Risk in Adopting AI

Caution! This content was not written by AI; an actual human being wrote it.

Is AI really just another application that we have to manage? It has a lifecycle, support needs, subject matter experts to master it, upgrades, patches, etc. The one caveat with AI is that it has extraneous security concerns. The promise of AI is that it continually learns, improves, and becomes more refined over time. But where does the learning come from? This scenario represents a challenge in implementing AI. Out of the box, some major AI applications have built-in access to APIs, file shares, storage platforms, etc. This functionality needs careful scrutiny when operating in a regulated healthcare environment.

Unfortunately, hospital IT programs have grown organically over the years. New systems have been organically added to old infrastructure. Many file structures have been created in the name and benefit of workflow, in the name of getting things done. Data sprawl, whether it is on end-user devices, file shares, intranet sites, storage platforms, vendor platforms, and elsewhere, is a real concern.

The advent of AI is forcing organizations to take a new look at how they manage their computing environment from a risk and cybersecurity perspective. Historically, we have looked at compliance as an episodic event. We engage a firm that performs a cybersecurity audit. The firm produces a final report, elucidating vulnerabilities that the company addresses. And we’re done, right? Wrong. The minute the cybersecurity audit report is finalized, it is out of date. The realization is that it takes a lot of applications to run a hospital. Things are constantly changing in a hospital network. Network devices are being updated, servers are being patched (or not), applications are being altered, new users are being added/subtracted, new vendors are being onboarded, new systems are going live, old systems are being retired, and so on. It is evident that there is a need for an operational risk and cybersecurity framework that gives visibility and is updated in real time.

Here are a couple of improvements healthcare organizations can make to better position themselves to manage AI applications responsibly.

Automating Risk Management

The concept of the cybersecurity audit should be replaced by automated risk management tools. The episodic audit is dead. There is a fundamental need for real-time risk management that can give you risk profiles and high-priority risk items/vulnerabilities in real time. Real-time risk management remediation workflows that are proactively managed on a daily basis can greatly reduce the likelihood of a breach and increase an organization's compliance. Granted, this is a different mindset, especially for organizations that are continually in firefighting mode. Adopting real-time risk management tools should allow these organizations, in particular, to take more of a proactive management posture toward cybersecurity and risk management. Furthermore, automated risk management tools can monitor AI applications for malicious activity by users and by the AI applications.

Advanced Data Management Tools

Let’s face it: healthcare organizations, in particular, have grown organically over the years. We have evolved from the best-of-breed systems of the past to the more consolidated electronic health record systems of today. By necessity, there is a legacy and continuing data sprawl in many healthcare organizations. Prior to adopting an AI program, it would be prudent to correct this historically less-than-perfect data management practice. How? We now have tools that can scan and discover data/files throughout the network, identify their locations, and report on who has permission/what permissions to that data. Additionally, these tools can create remediation workflows to bring rogue data and files into compliance. They can also monitor your entire environment going forward to ensure you remain in a compliant state, which is especially important in organizations adopting AI.

Summary

We are continually making advancements in cybersecurity, data management, and risk management.

Organizations that are planning on adopting AI or already have done so can stay compliant and manage risk by staying aware of advances in these areas. The promise of AI to increase the quality of care delivery is predicted to be incredibly impactful. 

For more information about CSI Companies' Security and AI Readiness Programs, visit our website and speak with one of our experts today!

Visit our Newsroom to learn more about how CSI Companies has expanded its offerings into Security and AI Solutions.

About the Author

Paul J. Caracciolo is a distinguished graduate from the University of New York at Potsdam, holding a bachelor’s degree in Earth Sciences with a minor in Computer Science. With a dedicated focus on healthcare computing, he has consistently leveraged technology to enhance the standards of patient care throughout his professional journey. Paul’s impressive track record includes executive roles such as Chief Technology Officer (CTO) at Stanford’s hospitals and clinics, Chief Information Security Officer (CISO) at Duke University Health, and CTO/CISO at CommonSpirit Health, showcasing his expertise and leadership in the healthcare technology sector.