Privacy & Security

The safety nonprofit says artificial intelligence models that aren't properly evaluated and deployed are a big concern for 2025. Others include home health technology and hospital infusion system vulnerabilities.

No textbook is required when real-life cyber risks are this serious, says Laquan Black, assistant professor of health information technology at Guttman Community College CUNY.

Heather Costa, Mayo Clinic's director of technology resilience, says that "we can never mitigate risk to zero and still have the business be operational."

Behavioral AI and a fully integrated toolset are critical elements for information protection.

Ian Mack, IT senior security analyst for the University of Virginia and the communications chair for the HIMSS Virginia Chapter, says those efforts can save lives and chart the direction of future initiatives.

The Health Care Cybersecurity and Resiliency Act of 2024 would provide grants to help healthcare organizations strengthen prevention and response - and push for better coordination between HHS and CISA.

The Office of Civil Rights could have initiated follow-up after discovering security flaws, but "rarely initiated these reviews when it identified serious compliance issues," according to the HHS inspector general's audit program review.

Anahi Santiago, chief information security officer at ChristianaCare, says the architecture to develop security programs is shifting as providers manage a larger number of partners in the supply chain and in hospital at home programs.

In its FISMA review for FY 2024, the watchdog agency said that the U.S. Health and Human Services was unable to meet managed and measurable maturity for core metrics.

Dr. Benoit Desjardins, professor at the University of Montreal, explains that attacks haven't changed. The interconnectedness of hospitals with each other and third parties means that, when one is impacted, the entire health system can be affected.