What we Heard this Week at the H-ISAC Americas Fall Summit
The Zenity Team was busy this week in San Antonio as sponsors of the H-ISAC Fall Americas Summit! We had a blast at the rodeo at Knibbe Ranch, as well as on the showroom floor, talking to security leaders about the evolving landscape of cybersecurity for healthcare organizations.
One prominent theme that emerged was the increasing risks faced by healthcare organizations in the era of citizen development and the widespread adoption of Generative AI by business users of all technical backgrounds.
Healthcare institutions are grappling with the surge in individuals harnessing Generative AI to construct their own applications, automations, and now, their own AI Copilots. This democratization of technology has opened new frontiers but has also unveiled potential vulnerabilities. The summit shed light on the challenges associated with ensuring the security and integrity of healthcare systems in the face of user-generated applications.
‘Make-your-own-AI’ Takes Healthcare
One development that had the Expo floor buzzing was the introduction of Microsoft Copilot Studio, a groundbreaking tool that empowers individuals of any technical background to create their own AI Copilots and bots. This innovative platform has the potential to revolutionize how AI is integrated into various healthcare processes, offering a bridge for non-experts to contribute meaningfully to business-led innovation.
The rise of citizen development and the utilization of Generative AI bring forth a myriad of security concerns for healthcare organizations. The ability for individuals, with varying levels of technical expertise, to build applications introduces a potential entry point for malicious actors, as well as a massive compliance concern. For healthcare organizations, keeping patient, or any personally identifiable information secure and private is not only a top concern, but a top priority for incoming auditors (more on this shortly).
Microsoft Copilot Studio, while promising in its democratization of AI development, also prompted discussions about the responsible use of such tools. As healthcare organizations explore the integration of AI Copilots and bots into their workflows, it becomes imperative to establish guidelines and best practices to ensure ethical and secure implementation.
Compliance a Top Driver
While maintaining robust cyber-security is what drew us all to San Antonio this week, compliance still comes up… a lot. Particularly in the United States, HIPAA is a top concern, and when constructing cybersecurity programs at healthcare organizations, being able to meet HIPAA compliance mandates often gets top billing.
Within the world of application security, security teams need to come up with records of who has accessed PHI, what actions were taken with this data, and when. They also need to conduct regular security assessments and code reviews of any application that touches sensitive data. As part of regular audits, security professionals also need to identify and address vulnerabilities in healthcare applications. By conducting thorough security assessments, organizations can proactively address potential weaknesses before they can be exploited by malicious actors. Finally, performing data validation and error checking helps to prevent unauthorized alterations and access to PHI, maintaining the accuracy and reliability of health information.
It was clear at the H-ISAC that security leaders have a lot on their plate, but that application security is a top priority to help them meet compliance requirements.
Other News and Notes
The summit highlighted the importance of robust cybersecurity measures to safeguard against unauthorized access, data breaches, and the manipulation of healthcare technologies. Speakers at the summit emphasized the need for a collaborative approach involving cybersecurity experts, healthcare professionals, and technology developers. By fostering a culture of awareness and education, healthcare organizations can better navigate the evolving landscape of AI in healthcare and proactively address emerging risks.
The H-ISAC Fall Americas Summit in San Antonio provided a platform for critical discussions surrounding the risks associated with citizen development and the rise of Generative AI in healthcare. The unveiling of Microsoft Copilot Studio adds a new dimension to the conversation, underlining the importance of balancing innovation with robust cybersecurity practices. As healthcare continues to embrace technological advancements, the collaborative efforts of the industry will play a pivotal role in ensuring the security and resilience of healthcare systems against emerging threats. Be sure to join us for a webinar hosted next week about what you need to know about Microsoft Copilot Studio and its security ramifications!