AICyberFeatureSpecial Section

Is the Promise of AI Medicine and Digital Health Hampered by Cybersecurity Issues?

Is the Promise of AI Medicine and Digital Health Hampered by Cybersecurity Issues?

By James F. Jordan

Health care accounts for more than 18% of the U.S. economy—a significantly higher proportion compared to other nations, which typically allocate between 8% and 12% of their economic resources to health care. Despite this substantial expenditure, the United States does not hold the top position in terms of health care quality. Over the past two decades, the U.S. has consistently ranked somewhere between 11th and 13th place when compared to other countries.

The introduction of artificial intelligence (AI) in medicine presents a unique opportunity to enhance both cost-efficiency and health care quality by eliminating inefficiencies and providing preventive measures. AI medicine has the potential to simplify the process of early patient diagnosis for medical professionals and enable quicker, more precise treatment deployment, thus concurrently reducing costs and enhancing quality.

Nevertheless, to fully realize these advantages, we must confront the cybersecurity challenges associated with the proliferation of this technology. Gaining a comprehensive understanding of how AI medicine functions and its implications for data security is imperative for any health care entity or individual seeking to harness the potential of this technology.

Objectives and Obstacles

Throughout most of its history, the U.S. health care system has primarily concentrated on addressing acute events. In a medical context, “acute” denotes diseases or health conditions characterized by sudden onset, rapid progression, and typically short duration. These conditions are usually severe, necessitating urgent attention, yet often resolve relatively swiftly with treatment or on their own. Examples of acute conditions include heart attacks, appendicitis, or broken bones. This term is frequently juxtaposed with “chronic conditions,” which are enduring and persist over a prolonged period, such as diabetes or arthritis.

While some chronic diseases cannot be prevented, many of them can be. Legislation passed in the last decade has aimed to expand our emphasis on preventive care and wellness programs to mitigate or delay the onset of the need for chronic disease intervention. Much of the actionable data related to chronic diseases exists beyond the confines of traditional health care systems, with estimates suggesting that more than 80% of this data resides outside the health system.

For AI medicine to achieve its objectives for both physicians and patients, it must be capable of accessing data from wearable technologies like smartwatches, internet-of-things (IoT) devices, and more. These devices can monitor various health metrics, including electrocardiogram readings, sleep patterns, heart rate, and blood oxygen levels, all of which are valuable but typically inaccessible to physicians. Establishing connectivity to this information entails tapping into more decentralized and diverse networks, involving cloud computing, edge computing, IoT, wearables, apps, and similar components. This connectivity introduces inherent risks—including data privacy concerns and threats from malicious actors who may attempt to manipulate the system or introduce misinformation into AI models.

To mitigate these risks and safeguard user data, health care organizations must invest in robust cybersecurity measures, such as encrypted storage, authentication protocols, and secure networks. However, the health care industry is increasingly recognizing that technology alone cannot fully address this issue. Human factors, including user behavior and decision-making, significantly contribute to cybersecurity risks. To tackle this challenge, an emerging approach known as human-centered security focuses on creating user-friendly security solutions that utilize AI tools to educate and alert individuals about vulnerabilities in real time. Estimates indicate that human errors may account for between 20% and 80% of all cybersecurity breaches.

Cybersecurity and Interoperability Regulations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) represent two U.S. legislative measures established to guarantee the security and safeguarding of individuals’ health care data. HIPAA was instituted in 1996, while HITECH followed suit in 2009, bolstering enforcement and granting state attorneys general the authority to impose penalties for breaches. HITECH also imposes compliance requirements on specific business associates of covered entities and mandates the adoption of data breach notification protocols. Such notifications not only tarnish the violator’s reputation but also expose them to potential customer litigation. Consequently, many companies opt for contracting and centralizing their operations to mitigate potential complications.

In 2016, the signing of the 21st Century Cures Act represented a significant milestone in U.S. health care policy. This legislation aimed to address the sluggish progress in interoperability and information data blocking by mandating the development of application programming interfaces (APIs) to facilitate communication among health information networks. It also established standards and regulations to ensure the effectiveness of data exchanges. The act served as a counterbalance to cybersecurity policies, fostering an environment that encouraged hospitals, medical device manufacturers, and other health care stakeholders to explore AI medicine opportunities while concurrently addressing cybersecurity challenges.

As health care technology continues to advance, the interplay between cybersecurity and interoperability regulations remains a pivotal consideration for stakeholders. In the short term, advancements in AI medicine are predominantly constrained to certified networks, molded by the limitations and prospects presented by these regulatory frameworks.

The ongoing juggling act of promoting innovation while safeguarding sensitive health care data will necessitate a flexible approach from policymakers and industry participants. By navigating this intricate terrain, stakeholders can unlock AI medicine’s potential to transform patient care while upholding a steadfast commitment to privacy and data protection.

AI Applications and Potential Influence on Patients

AI applications are revolutionizing the health care sector by offering unprecedented levels of precision and accuracy across various dimensions of patient care. These transformative innovations are leaving a profound impact on numerous fields across the health care continuum:

  • Imaging: AI-powered computer tomography (CT) scans and magnetic resonance imaging (MRI) have the capacity to pinpoint tumors, lesions, and other abnormalities that might elude detection during physical examinations. This technology leads to more precise diagnoses and more effective treatment strategies.
  • Precision Medicine: AI plays a pivotal role in analyzing patients’ genetic, environmental, and lifestyle data to deliver personalized treatment plans tailored to their individual requirements. This approach not only enhances treatment outcomes but also minimizes potential side effects.
  • Robotics: AI-driven surgical robots collaborate with surgeons to execute intricate procedures with heightened precision and control, reducing invasiveness and holding the potential to accelerate patient recovery.
  • Augmented Surgical Planning: AI algorithms meticulously evaluate preoperative imaging data, facilitating the creation of detailed surgical plans. This approach empowers surgeons with enhanced visualization and navigational tools, ultimately leading to more successful surgical interventions.
  • Administrative Tasks: AI streamlines administrative workflows by identifying billing system fraud, managing patient records, and analyzing vital signs data from wearable devices. This efficiency saves time and resources while enhancing patient care by flagging potentially risky medications or enabling virtual care support.

By harnessing the capabilities of AI and machine learning algorithms, health care professionals can make smarter, quicker, and more efficient decisions, ultimately elevating patient outcomes and mitigating the costs associated with treatments and surgeries.

A Balance Between Innovation and Security

The integration of AI medicine into health care offers a plethora of opportunities to enhance patient care, reduce expenses, and transform the entire industry. Yet, it is crucial to acknowledge that these advantages are accompanied by substantial cybersecurity challenges that must be effectively addressed to fully harness the potential of this technology.

In the near future, the interaction between cybersecurity measures and interoperability regulations will continue to influence the trajectory of AI medicine. Nevertheless, it remains imperative for policymakers and industry stakeholders to adopt a dynamic approach in their quest to harmonize innovation and security, thereby unlocking the complete potential of AI in the realm of health care.

James F. Jordan is a health care and life sciences expert. He is a Distinguished Service Professor of Health Care and Biotechnology at Carnegie Mellon University’s Heinz College, the President of StraTactic, the National Co-Chairman of the BIO Bootcamp, and the Founder of the Healthcare Data Center. He has published numerous articles and books on innovation, start-ups, intellectual property, and health systems. For more information, visit: A version of this story appeared earlier this year on Jordan’s blog.

Next article Christopher Ludwiczak
Previous article Peter Ott

Related posts