Two executives from the tech giant talk about how the threat landscape for hospitals has changed in the COVID-19 pandemic. They also touted Microsoft’s new AI-powered security product.
Nashville - Cybersecurity threats have surged in the COVID-19 pandemic, and hospitals are being targeted more frequently.
Two of Microsoft’s executives spoke at the ViVE Conference Wednesday about how the landscape has changed with over the course of the pandemic. They say the dangers have grown significantly. And they also touted Microsoft’s new AI-powered product to boost cybersecurity.
The pandemic “changed the game fundamentally for cybersecurity,” says Vasu Jakkal, corporate vice president of Microsoft Security Business. Jakkal runs Microsoft’s cybersecurity division, a $20 billion business.
“We’ve seen a rise in the sophistication of attacks, the frequency of attacks,” Jakkal adds.
Ransomware has also become a much more serious problem. “Healthcare has been impacted deeply by it,” she says.
Jakkal pointed to a massive data breach in Australia affecting millions of people, and the cybercriminals published private health data, including very sensitive information. In the U.S., nearly 50 million people were impacted by health data breaches in 2022.
“Healthcare is very vulnerable,” Jakkal says.
David Rhew, Microsoft’s global chief medical officer, talked about “the significant number of ransomware attacks” in the healthcare environment.
While many attacks have focused on larger hospitals in the past, Rhew says, “We’re also seeing it with the small hospital systems.”
Rhew and other cybersecurity experts say that larger hospital systems typically have stronger defenses against cyberattacks. While smaller hospitals may not provide a big payday, they are easier to access. Smaller hospitals and health systems can be tantalizing targets for bad actors looking for easier systems to penetrate.
Systems are increasingly vulnerable to breaches from medical devices. “That’s a major issue,” Rhew says.
Attackers are also more quickly gaining access to organizations after they initial breach occurs, Jakkal says.
Health systems should consider adopting a “zero trust” mindset when it comes to cybersecurity. With that mindset, organizations essentially assume that attackers have already infiltrated the system.
While it sounds grim, Jakkal says that mindset leads to a more proactive and rigorous defense philosophy.
When it comes to improving defense, Jakkal says, “It’s not just about one thing in security.”
She offered an example of locking every door in a house but then leaving the window open. That house, she notes, isn’t truly secure.
“That is what’s happening in security,” she says.
Speaking on the final day of the ViVE Conference, the executives also highlighted the Microsoft Security Copilot, which was introduced this week. The company says the product harnesses the power of artificial intelligence and its security expertise.
“AI in security is going to change the game in so many ways,” Jakkal says.
Part of the shift to AI-powered cyber defenses is being driven by a talent shortage. There are 3.4 million unfilled jobs in security, the company says.
Plus, the Copilot’s artificial intelligence is going to be constantly learning and can defend against more emerging threats.
“For the first time in a very long time … I feel like defenders are going to be fundamentally ahead of attackers and we’re going to change the game,” Jakkal says.
Even as AI is used more in healthcare and security, she adds, “You need a diverse set of people working on it.”
“IF AI is built by a few people, it’s only going to serve a few people well,” Jakkal says.
As hospitals and health organizations are looking to gather more data from patients to improve patient care, particularly in genomics, it’s imperative to protect that information. “We really do need to make sure we apply the highest level of security,” Rhew says.
Rhew says it’s especially important when it comes to data from patients in underserved populations, since many already have some mistrust of the healthcare establishment.
“It’s so difficult to be able to gain that trust, but so easy to lose it,” he says.
Jakkal encouraged healthcare leaders to work together to improve cybersecurity, saying it requires effort across the entire health ecosystem.
“Security has always been and will always be a team sport,” she says.
She also pointed to projections that cybersecurity will have a $10.5 trillion economic impact by 2025. “If we put that in innovation,” she ask, “what would the world look like?”
Even after citing some of the grim figures, Jakkal says she sees the potential to reduce the threat and damage of cyberattacks, particularly by incorporating AI into security.
“I’m an optimist,” Jakkal says. “I do see the future being bright.”