AI, cybersecurity and the cloud to intertwine in 2024 strategies
Five trends presage wider use of technology and emerging platforms to help providers manage risks and performance in the New Year.
2023 brought a lot of change to the healthcare industry. From the growing adoption of artificial intelligence technologies, the regulatory landscape shaping cybersecurity funding, the increasing recognition that security is a shared responsibility across all departments to the continued growth of multi-cloud architectures, each facet reflects the dynamic nature of the healthcare industry in the face of evolving challenges and opportunities.
These developments will continue to shape the healthcare IT landscape in the year ahead. Here are my five predictions for what we can expect to see throughout 2024.
Rationalization of cybersecurity resources
There has recently been a subtle shift in the approach towards cybersecurity funding, as the “blank checks” for resources begin to dry up. That can be expected to intensify further throughout 2024.
The tumultuous events of 2020, the widespread shift to remote work and the surge in cyber events in healthcare and other vital industries left many organizations re-evaluating their cybersecurity strategies and making substantial investments in new technologies and tools to shore up their defenses quickly. Fast forward to today, and organizations realize that investments in specific tools may not have yielded the expected results or that some of the technologies implemented may overlap. This has led to re-examination of many of those tools, focusing on eliminating redundancies and optimizing functionality.
For example, hospitals are tightening budgets, giving way to a more rationalized approach to managing cybersecurity resources. This shift prompts organizations to scrutinize their portfolios and reconsider how to manage cybersecurity investments better — emphasizing the need for efficiency and effectiveness of what they already have vs. additional spending — identifying areas where expenses can be trimmed without compromising security. The goal is to have a comprehensive cybersecurity program and to ensure that each aspect is optimized for maximum effectiveness. It’s also essential to have the capability to monitor systems 24-by-7 to identify threats and respond rapidly. Having the tools is important, but if an organization doesn’t have a team or partner to monitor and react appropriately, they provide little value.
In 2024, expect the streamlining of cybersecurity portfolios for increased efficiency to continue, as organizations realize that a leaner, well-integrated set of tools can often outperform a disjointed array of cybersecurity solutions. This shift towards efficiency is both a cost-saving measure as well as a strategic move to enhance overall security posture. It's not just about having the latest and greatest tools; it's about a more thoughtful and strategic approach to security, having the right tools implemented in the right way, to create a robust and efficient cybersecurity program that can adapt to the evolving threat landscape.
The opportunities, challenges and risks of AI
As the healthcare industry continues to embrace the transformative power of AI, there will be exciting opportunities and formidable challenges. CIOs and healthcare executives will need to simultaneously understand how to harness the potential of AI while safeguarding against emerging cybersecurity threats.
AI is no longer confined to a niche but has become a boardroom topic, with CIOs facing inevitable questions about how they plan to craft their organization's AI strategy. The more prominent players in the industry have the financial might to make substantial investments in AI, positioning themselves as early adopters, while others may find themselves relying on vendors to stay competitive.
While not every organization can build advanced AI systems, having a coherent AI story is imperative. Boards demand answers, and CIOs must be equipped to convey how their chosen vendors are addressing the challenges and opportunities presented by AI. For organizations opting to leverage the advancements made by industry innovators like Epic and MEDITECH, the key lies in understanding and effectively communicating the capabilities of these vendors.
On the other hand, concerns are raised about the malicious use of AI in cyberattacks. Beyond conventional threats like ransomware, there is a new frontier in which threat actors leverage AI to craft more sophisticated spear-phishing emails. The ability of AI to quickly parse stolen data and launch targeted attacks poses a significant challenge to cybersecurity efforts.
Healthcare organizations must adopt a multifaceted approach to AI security to navigate this evolving threat landscape. This includes safeguarding against external threats and scrutinizing the AI tools integrated into internal processes. Questions about the security of AI tools used by clinicians, especially those handling protected health information (PHI), will become a key area of focus. Ensuring these tools meet stringent security standards is crucial for maintaining patient trust and compliance with privacy regulations.
In 2024, healthcare organizations will need to embrace AI's potential while staying ahead of malicious actors and ensuring the responsible and secure integration of AI tools.
State regulations and funding of cybersecurity
New York recently took a bold step forward by proposing a set of comprehensive cybersecurity regulations that would apply to hospitals across its state, along with allocating $500 million in funding to help them upgrade technology systems to meet the requirements of the proposed rules.
The regulations will require hospitals to implement robust infrastructure to prevent cyberattacks, establish policies for evaluating and testing the security of third-party applications, and develop incident response plans and perform testing of those plans to ensure that patient care continues in the event of a disruption, among other requirements.
While larger hospitals may be able to absorb these costs, smaller, rural and financially constrained hospitals often lack the financial resources or personnel to meet increasing cybersecurity demands. The proactive stance New York is taking to provide funding for cybersecurity should be an example for other states to follow.
Collaboration between stakeholders and industry players will be crucial to ensure that all healthcare facilities, regardless of size, can meet and exceed the cybersecurity standards needed in today’s threat landscape. As regulations increase, companies offering cybersecurity solutions and services will step up to assist healthcare organizations in meeting regulatory requirements and identifying the most effective strategies to utilize state funding.
Cybersecurity is no longer only an IT Issue
The interconnectedness of healthcare systems and the potential impact of cyber threats have necessitated a more holistic approach where everyone in the organization should be required to understand cybersecurity and its impact on the entire organization. Traditionally viewed as the domain of IT professionals, a paradigm shift will occur to recognize cybersecurity as a shared responsibility across departments.
As this focus shifts, the importance of comprehensive cybersecurity preparedness becomes critical. For example, in conducting tabletop exercises (sessions where team members meet to discuss their roles and responses during an emergency), the focus will no longer be just on testing IT systems; organizations will conduct these exercises for all end-users. This inclusive approach ensures that everyone understands their role in maintaining cybersecurity resilience.
Growing adoption of multi-cloud architectures
Aligning with the broader themes of financial constraints and strategic decision-making, the overarching trend in the move away from traditional data centers will continue, with organizations seeking to optimize costs, performance and reliability in the cloud.
Similar to cybersecurity, the initial rush to adopt new technologies will give way to a more measured approach, with organizations increasingly re-evaluating their cloud spend. The focus will be on finding the right size and fit for workloads to achieve cost-effectiveness without compromising performance and reliability.
For example, migrating healthcare workloads to the cloud without a well-thought-out plan can lead to increased costs, especially if those workloads need to run continuously because of healthcare's 24/7 nature.
Achieving the right balance between public, private and multi-cloud approaches requires evaluating several factors, including performance, cost, regulatory compliance and security. Not all workloads are suitable for the cloud, especially when safety, regulatory or reliability issues are a concern. Placing the right workload in the right location is vital to maximizing cloud technology resources.
Recognizing that no single solution is ideal for every workload, many organizations will continue to realize that a multi-cloud strategy incorporating public, private and hybrid cloud elements is the best approach. This strategy offers enhanced flexibility and control over workload placement, enabling organizations to optimize each application's environment to match its unique requirements.
Erik Littlejohn is CEO of CloudWave.