AI-Enhanced Information Security: Safeguarding Government and Healthcare PHI

Abstract

Ransomware attacks on government agencies and the tendency of gangs are contributing to an unprecedented crisis in the U.S. These strikes not only lock organizations, including large healthcare providers and government networks, data for large amounts of ransom but also, in some cases, suspend patient care and critical social services provided by vital government employees. In addition to these recent destructive attacks, the annual Verizon Data Breach Investigation Report (DBIR) always shows that government and healthcare organizations have numerous security incidents and data crimes. These incidents cost millions of dollars in response tendencies and remediation measures, damage or extinction of data, and harm the reputation of affected organizations. Furthermore, the potential for causing physical harm to a patient has raised concerns about the current summary of the implications of cybercrime.This demonstrates that healthcare data collection and protection are of increasing importance to the public and the government. However, protecting healthcare-protected health information (PHI) is very difficult. Hospital information systems are complex, fragmented, and heterogeneous, involving a large number of medical devices, sensors, and software applications from multiple manufacturers. Protecting sensitive data in this environment is not easy, especially when the purpose of providing medical care is to improve the patient's condition through treatment by collecting, accessing, and sharing data. Most security measures are not compatible with this mission, so cybersecurity is still important. A recent report by the International Health Research Institute found that 82 American hospitals have been targets of last year's ransomware attacks, and it is very likely that these attacks and their negative impact will continue to grow. A recent report from the Obama Administration's President's Information Technology Advisory Committee (PITAC) described this particular situation in detail. The report further states that healthcare organizations must be prepared for future large-scale cyber attacks and that it is likely that highly motivated attackers have the potential to shut down large parts of critical network infrastructure.