Artificial intelligence and cybersecurity in healthcare (YEL2023)

Date:  03 October 2023


Amidst an era characterized by the swift progression of technology, the healthcare domain finds itself undergoing a transformative shift in the manner through which medical services are administered, organized, and fine-tuned. This transformation is primarily driven by the integration of cutting-edge technologies, with artificial intelligence (AI) taking centre stage as a revolutionary force with the potential to reshape healthcare as we know it [1]. As healthcare professionals and institutions strive to provide more accurate diagnoses, personalized treatment plans, and streamlined administrative operations, the role of AI becomes not only apparent but indispensable [2].

AI, marked by its capacity to mimic human cognitive functions and perform tasks that traditionally necessitated human intelligence, holds significant promise within the healthcare landscape [3]. Machine learning algorithms, natural language processing, and computer vision are among the diverse AI tools that enable healthcare systems to analyse vast datasets, uncover intricate patterns, and derive actionable insights in real time [4]. By harnessing these capabilities, healthcare providers can enhance clinical decision-making, optimize treatment strategies, and streamline resource allocation, ultimately leading to improved patient outcomes and a more efficient healthcare ecosystem.

However, the integration of AI into healthcare is not without its challenges, and one of the most pressing concerns is the heightened vulnerability of sensitive medical data to cyber threats [5]. As healthcare systems become increasingly interconnected and reliant on digital platforms, the exposure to cyberattacks, data breaches, and other malicious activities escalates. The convergence of AI and cybersecurity, therefore, becomes a critical focus area in ensuring the security and privacy of patient information. Strategies to safeguard against cyber threats must be carefully designed and integrated to preserve the trust patients place in healthcare systems [6].

This research embarks on a comprehensive exploration of the intricate relationship between AI and cybersecurity in healthcare. By evaluating the evolving technological landscape, delving into the nuances of AI’s impact on healthcare practices, and dissecting the challenges posed by cybersecurity threats, this study aims to provide a holistic understanding of the interplay between these two essential elements. By identifying vulnerabilities and proposing effective strategies for mitigating cyber risks, this research seeks to contribute to the establishment of a secure and resilient healthcare framework that capitalizes on the advantages of AI while safeguarding patient data and maintaining the trust of individuals and institutions alike [7]. In a time of unprecedented technological advancement, the intersection of AI and cybersecurity in healthcare stands as a pivotal crossroads, dictating the trajectory of healthcare innovation and patient-centric care.

The impact of artificial intelligence and cybersecurity in the healthcare sector

Artificial intelligence (AI) is becoming a big part of healthcare, from helping doctors with diagnoses to organizing medical tasks and finding new medicines. AI tools such as machine learning and deep learning can go through lots of medical information to find patterns and predict what might happen. For example, AI can help doctors spot problems in medical images, making diagnoses faster and more accurate. According to Frost and Sullivan’s estimates, the implementation of AI is projected to enhance patient outcomes by 30% to 40% while reducing treatment costs by 50% [3].

AI has demonstrated immense promise in the field of medical imaging, specifically in the analysis of medical images such as X-rays, CT scans, and MRIs [8]. Utilizing AI algorithms, abnormalities can be detected, patterns can be identified, and radiologists can receive assistance in diagnosing diseases like cancer, cardiovascular conditions, and neurological disorders. This technological advancement holds the potential to enhance accuracy, expedite the diagnosis process, and decrease the likelihood of human error [4].

In the realm of disease diagnosis and prediction, AI models possess the capability to analyse extensive patient data encompassing symptoms, medical history, and genetic information. This analysis aids in the achievement of more precise and efficient disease diagnoses. Machine learning algorithms can identify patterns that might prove challenging for human doctors to identify, resulting in earlier detection and increased accuracy [9]. Moreover, AI can anticipate the probability of specific diseases based on risk factors and genetic markers, facilitating proactive interventions.

AI holds promise potential to accelerate the drug discovery process by analysing large datasets and identifying potential drug candidates [10]. By leveraging machine learning algorithms, molecular structures can be examined, and predictions can be made regarding the effectiveness and potential side effects of drugs. This streamlined selection process for drug candidates has the potential to accelerate the development of new therapies and treatments in a more efficient and cost-effective manner [11].

AI driven virtual assistants and chatbots are increasingly utilized to offer fundamental medical information, address patient inquiries, and assess symptoms [12]. They play a vital role in aiding appointment scheduling, providing medication reminders, and facilitating post-treatment follow-up. By enhancing patient engagement and healthcare accessibility, these AI powered tools contribute to a more seamless healthcare experience [13]. The utilization of natural language processing (NLP) technology this automation improves the workload on healthcare staff and enhances overall efficiency and allows healthcare professionals to dedicate more time and attention to patient care, optimizing their focus and productivity.

While AI holds the promise of revolutionizing healthcare, the increased reliance on digital infrastructure exposes the industry to cyber threats. The value of patient records, research data, and proprietary medical technology makes healthcare organizations attractive targets for cybercriminals. A breach in cybersecurity not only jeopardizes sensitive information but can also disrupt patient care, damage the reputation of healthcare providers, and incur substantial financial losses [14].

Magnitude and financial implication of cyberattacks that occurred across the world

Cyberattacks: phishing, ransomware and data breach statistics [20].

  • 50% year-over-year increase in the number of cyberattacks
  • 50% more attacks per week in 2021 compared to 2020
  • Average total cost of a data breach increased from $3.86 million to $4.24 million in 2021
  • Data breaches with longer response time (more than 200 days) cost $4.87 million on average while for breaches with less than 200 days response time cost $3.61 million on average
  • 400% increase year-over-year in phishing attacks
  • 93% networks estimated to be vulnerable to cyberattacks
  • $458.9B projected cybersecurity spending by 2025

Examples of healthcare cyberattacks

The WannaCry epidemic

The 2017 WannaCry ransomware attack serves as a stark reminder of the potential consequences of inadequate cybersecurity measures in healthcare. This global incident disrupted operations in countless hospitals, highlighting vulnerabilities in outdated software and lax cybersecurity practices. Patient records were compromised, appointments cancelled, and critical medical services temporarily halted. The incident underscored the urgent need for robust cybersecurity protocols to safeguard patient data and ensure the smooth functioning of healthcare facilities [11].

The impact of the WannaCry ransomware attack extended to the United Kingdom’s National Health Service (NHS), resulting in significant disruption that led to the cancellation of more than 19,000 medical appointments. The estimated financial toll on the NHS was reported to be approximately £92 million ($120 million).

Cyber-attacks in India

India recorded the second highest number of attacks, with a total of 7.7 % of the total attacks on the healthcare industry in 2021 [21].

AIIMS hospital, the premier public hospital in India, was targeted by cyber attackers in November’ 22. The attack forced the hospital to switch to Manual mode for 2 weeks. An estimated 1.3 Terabyte of data was encrypted. This affected 30-40 million patient data base which included prominent politicians of the country [22].

Guarding patient privacy: The healthcare cybersecurity dilemma

The healthcare sector’s transition to a digitally driven environment has brought about numerous benefits, but it has also introduced a host of cybersecurity challenges. Below are the challenges of implementing cybersecurity with vivid examples, by understanding these challenges and learning from past incidents, healthcare organizations can take proactive measures to bolster their cybersecurity defenses and ensure the safety and privacy of both patient data and critical medical operations.

Resource constraints and budget limitations

Many smaller healthcare providers often struggle with limited budgets and resources for cybersecurity initiatives. This can result in delayed updates, insufficient training for staff, and a lack of investment in advanced cybersecurity tools. Such challenges make them attractive targets for cybercriminals.

Human error and insider threats

A simple error, like an employee accidentally sending patient data to the wrong email address, can lead to significant breaches. Additionally, malicious insider threats can exploit their access for personal gain. The case of a hospital employee selling patient data to identity thieves serves as a poignant reminder of the risks associated with human fallibility and malicious intent [15].

Interconnected systems and third-party risks

The NotPetya malware attack in 2017 significantly affected operations at various healthcare facilities by targeting a third-party Ukrainian accounting software. This incident highlighted the potential consequences of interconnected systems and the cascading effects of a cyberattack on a seemingly unrelated service provider [16].

Medical device vulnerabilities

The vulnerabilities in medical devices came to the forefront with the case of the Medtronic insulin pump hack. Researchers found that the device could be remotely manipulated, potentially leading to incorrect insulin doses being administered, risking patient safety and raising concerns about the security of Internet of Things (IoT) devices in healthcare [17].

Data breaches and patient privacy violations

In 2015, Anthem Inc., one of the largest health insurance companies in the US, fell victim to a massive data breach where the personal information of nearly 78.8 million customers was compromised. The breach exposed sensitive data including names, addresses, and Social Security numbers, highlighting the grave consequences of inadequate cybersecurity measures [18].

Regulatory compliance and security frameworks

The General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) impose strict regulations on the protection of patient data. Organizations that fail to comply with these regulations can face substantial fines. The case of a hospital facing penalties for non-compliance with HIPAA regulations underscores the need for a robust cybersecurity framework [19].

The AI system, though designed to improve patient care, becomes a vulnerability if not fortified with robust cybersecurity measures. The incidents highlight the urgent need for future healthcare leaders to integrate AI and cybersecurity seamlessly.

While facing the challenges posed by AI and cybersecurity, a clarion call goes out to future healthcare leaders who possess the vision, knowledge, and determination to drive positive change. These leaders must champion the integration of AI while maintaining an unwavering commitment to cybersecurity.

Way forward for AI and cybersecurity

With every development either in technology or otherwise, come certain vulnerabilities. Each vulnerability attracts elements that can exploit that vulnerability. The past few years have seen huge development in the areas of technology, with respect to all manual processes being transferred to online platforms, access of data and applications from public platforms, AI, IoT, amongst other things. This current onset of technology particularly in the field of healthcare has attracted those elements and put the healthcare entities to great risks. The magnitude of these risks become higher because of the criticality and sensitivity associated with healthcare data. Patients’ data must be available at any given point of time. Unavailability of data or the applications being used thereby, means serious gap in critical processes like ordering medicines for a patient in fragile situations. Therefore, it becomes imperative that there are strict norms and standards including strong multifactor authentication, access control through a neatly designed approval matrix, encryption of sensitive data and transmission. Developers need to follow governed ethical standards of development while creating applications. For all this to work, there must be continuous and periodic monitoring and VAPT (Vulnerability and Penetration Testing) certifications along with monthly and repetitive trainings to end users for following the prescribed do’s and don’ts. The sad truth today is that even after diligent follow up of all these things, there still is a chance for someone to enter into the network. To safeguard the organization and to ensure continuity of business, the one sure shot way is to have an active disaster recovery data centre at another geographical location with minimum exposure to public platforms and the internet. The benefits that these technologies offer are tremendous and the way forward is putting more focus on cybersecurity while exploring more areas of application of technology.

Strategic direction for robust cybersecurity

1) Strengthening cybersecurity measures in healthcare

  • Robust authentication and access control systems
  • Encryption and secure transmission of patient data

2) Ethical guidelines and governance frameworks

  • Implementing ethical standards for AI development and deployment
  • Promoting interdisciplinary collaboration and stakeholder engagement

3) Continuous monitoring and updates

  • Regular vulnerability assessments and system audits
  • Ongoing training and awareness programs for healthcare professionals

Strengthening cybersecurity measures in healthcare

Be it healthcare or any other sector, cybersecurity is important for continuity of business. It’s more important in healthcare as it deals with patients’ safety and treatment. Compromise on digital infrastructure of a healthcare entity is graver than anything else. Steps need to be taken for ensuring the digital environment is secure and safe for use. These steps do not need to be taken at some select levels. Security needs to be strengthened at all levels right from the entry point, i.e. the Firewall, to the end users compute device security like access and USB ports blocking.

  • The initial steps in this direction start at the very top, i.e., at the end user level. Access to any kind of data and application should be only through a well-defined approval matrix and should be clearly documented. All access control should be role based. No access should be given without proper approval hierarchy being followed.
  • Post approval, logging in to any application must be through multifactor authentication.
  • USB ports and access to internet must not be allowed unless very important. If any of these things need to be allowed, it should be done securely in a different network thus maintaining sanctity of the main network.
  • These days with the prevalence of online platforms like Microsoft OneDrive and Google Drive, the use for pen drives has gone down significantly. These online drives allow users to store their data to a cloud with already in place tight security and at the same time allows them to access this data from anywhere thus eliminating the dependency on the devices and presence before the device to share the data. Users can share data from these online drives from any device (desktop, laptop or smartphone) to anyone and anywhere in the entire world.

Patient data stored on servers and data storage devices is the most critical and most important class of patient data in any healthcare organization. Therefore, it becomes pertinent that not just security, but availability of this data is maintained round the clock all through the year.

  • Such data whether it be a database, medical images or scanned documents, should be in an encrypted format, so that, even if any external entity gets to this data, should not be able to access or re-encrypt it.
  • This data should be stored at two locations that are independent of each other. It is important that a real-time copy of the production data should be maintained at a far-off remote location. This is called Disaster Recovery (DR) or Business Continuity Process (BCP). Let us for a moment assume, that an external entity gets through the firewalls, access the data and then encrypts it too. At this time, the data becomes inaccessible for the organization thus putting the entire set of operations dependent on this data to come to a standstill. At this time, if there is a real time copy of this data available at any other secure location, the business can easily continue their processes from this location.

Other strategies that are essential to aspire and shape the future of healthcare in this dynamic landscape

  • Education and awareness: Future leaders need to stay informed about the latest advancements in AI and cybersecurity, understanding both the benefits and risks they present. Educating their peers, colleagues, and stakeholders about the intricacies of these technologies is vital for fostering a culture of awareness and responsibility [16].
  • Collaboration: A collaborative approach between healthcare professionals, IT experts, and policymakers is paramount. Future leaders must bridge the gap between these disciplines, facilitating effective communication and cooperation to develop comprehensive solutions that prioritize patient privacy and system integrity [17].
  • Innovation with responsibility: Embracing innovation while upholding ethical standards is a hallmark of effective leadership. Future leaders should advocate for the development of AI-driven solutions that not only improve healthcare processes but also incorporate stringent cybersecurity measures from the outset [18].
  • Regulatory advocacy: Active participation in shaping regulatory frameworks is essential to ensure that AI and cybersecurity standards are consistently upheld across the healthcare industry. Future leaders should engage with policymakers to advocate for regulations that strike a balance between innovation and protection [16].

Implementing ethical guidelines and governance frameworks in AI development and deployment

The world has realized the potential that AI carries with it. AI just does not only bring potential, but, also certain risks. A development team needs to be held responsible for every piece of code that is written through minute footprint audit and maintaining logs of every code written and deployed. Any AI development ecosystem should be governed by preset norms, standards, rules and regulations. These must become part of the induction training and regular reviews and evaluations of all AI development projects. Variations from these norms, standards, rules and regulations should be noted through continuous monitoring of all development and deployment activities and projects at all levels.

As AI works to imitate human intelligence, the involvement of all races, genders, castes, nationalities becomes imperative. When such products are released in market, they are used by people of all ethnicities, beliefs, genders, etc. Therefore, involvement of all segments of humans is important.

AI programs and products empower their decision making based on data. This puts the focus back on ethical ways and means of data gathering. Overlooking these aspects makes any kind of an AI product far from reality in the long run. Digital consents and ethical data collection methods are very important for AI development. While taking consents, the individuals must be informed of all possible use of their data, thus guaranteeing transparent data collection.

Continuous monitoring and updates

Although these steps cover a large part of security, there remain minute fractions of loopholes which may compromise the security. Here comes the role of continuous monitoring of each and every process in the cycle. From the beginning of data collection, gathering, storing, analyses, publishing, code writing, testing and finally deployment, each step to be monitored minutely. Regular system health checks must be carried out to snoop for any compromise. Periodical vulnerability assessment and penetration testing (VAPT), is a critical method of maintaining integrity of cyber security of the entire project. VAPT should not just be done on production environments, but also user acceptance testing (UAT) and deployment environment. VAPT will give the possible risk loopholes along with existing loop holes to any organization. Timely notification of such probably threats make a huge impact.

However, if the entire team involved in such projects is sensitized towards the risk of such factors, and their impact much can be controlled at the root level. Whatever remains post that can be controlled by all the methods described in this article.

Another big factor that we need to remain aware of is, that, technology whether AI or any other technology is always evolving and so are the risks. Therefore, we need to keep evolving in our ways of curbing cyber risks and not just depend on what best measures, tools, processes are available today. These need to keep growing with time.

Role reversal – AI playing a major role in strengthening cybersecurity

Cybersecurity is all about protecting data and applications. Since AI has been deployed much into machine learning and adapting from behavior of users and machine logs, its use has been proved in the field of cybersecurity. AI applications keep track of behavioral patterns and build security algorithms dynamically. The importance of AI in security increases as the data being generated these days is humongous and makes it impossible for any human or even a group of humans to analyse and build security packages on the go. Many companies with big client base generate loads of data in the shape of critical data and behavioral patterns of their users. AI can analyse such patterns and build security algorithms at that very moment. Hackers are finding new ways every day and attacks being carried out at one part of the world are being published to the entire world so that at least the same kind of attack cannot be carried out anywhere else.


In the realm of healthcare’s technological evolution, the fusion of AI and cybersecurity emerges as a crucial crossroads. As AI opens new horizons in medical progress, it also brings forth cybersecurity challenges that require skillful handling. Emerging leaders find themselves at the forefront of this pivotal junction, tasked with driving innovation while safeguarding patient data and system resilience.

The role of these upcoming healthcare leaders encompasses diverse responsibilities. They lay the foundation for a conscientious ecosystem by educating and raising awareness about the complexities of AI and cybersecurity. Collaboration becomes paramount, bridging medical professionals, tech experts, and policymakers to forge robust solutions.

Their journey is guided by ethical principles, advocating for AI-driven solutions fortified with cybersecurity measures. They champion a balanced regulatory framework that safeguards patient interests while nurturing innovation. Tackling challenges be it resource limitations, human errors, interconnected systems, or compliance is essential, and these future leaders must spearhead proactive defence.

As AI continues its transformative path, these leaders’ dedication to continuous adaptation, ethical conduct, and collaborative strategies will shape a healthcare landscape that embraces AI’s potential while upholding patient trust. Amidst this dynamic convergence, their visionary leadership navigates us toward a healthcare future that is secure, innovative, and centred around patients.

AI is the way forward, not just in innovation and process improvements, but also in cybersecurity.

However, with a note – “to be used wisely”.


  1.  Smith, J. D. (2019). Artificial intelligence in healthcare: Anticipating challenges to ethics. AMA Journal of Ethics, 21(2), E167-173.
  2.  Topol EJ. High-performance medicine: the convergence of human and artificial intelligence. Nat Med. 2019 Jan;25(1):44-56. doi: 10.1038/s41591-018-0300-7. Epub 2019 Jan 7. PMID: 30617339.
  3.  Esteva, A., Kuprel, B., Novoa, R. A., Ko, J., Swetter, S. M., Blau, H. M., & Thrun, S. (2017). Dermatologist-level classification of skin cancer with deep neural networks. Nature, 542(7639), 115-118.
  4.  Rajkomar, A., Dean, J., & Kohane, I. (2019). Machine learning in medicine. New England Journal of Medicine, 380(14), 1347-1358.
  5.  Kshetri, N. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology in Society, 49, 65-76.
  6.  Patel, N. M., Schirm, J., & Lakhani, S. (2020). Safeguarding the digital hospital: Cybersecurity in the age of rapid technological advancement. American Journal of Roentgenology, 214(6), 1235-1241.
  7.  Lee, B., Kuo, A. M., & Kohane, I. S. (2018). Transparent machine learning models for predicting diagnosis codes in electronic health records. Journal of the American Medical Informatics Association, 25(7), 887-893.
  8.  Char, D. S., Abràmoff, M. D., Feudtner, C., Childers, C. P., Thomas, S. M., Tcheng, J. E., & Bui, A. A. (2018). Deep learning and the future of electronic health records. NPJ Digital Medicine, 1(1), 1-6. doi: 10.1038/s41746-018-0029-1
  9.  McKinney, S. M., Sieniek, M., Godbole, V., Godwin, J., Antropova, N., Ashrafian, H., … & Shetty, S. (2020). International evaluation of an AI system for breast cancer screening. Nature, 577(7788), 89-94. doi: 10.1038/s41586-019-1799-6
  10.  Obermeyer, Z., & Emanuel, E. J. (2016). Predicting the future – Big data, machine learning, and clinical medicine. New England Journal of Medicine, 375(13), 1216-1219. doi: 10.1056/NEJMp1606181
  11.  Chen, J. H., Asch, S. M., & Machine Learning and Prediction in Medicine — Beyond the Peak of Inflated Expectations. (2017). The New England Journal of Medicine, 376(26), 2507-2509. doi: 10.1056/NEJMp1702071
  12.  Jadczyk T, Wojakowski W, Tendera M, Henry TD, Egnaczyk G, Shreenivas S. Artificial Intelligence Can Improve Patient Management at the Time of a Pandemic: The Role of Voice Technology. J Med Internet Res. 2021 May 25;23(5):e22959. doi: 10.2196/22959. PMID: 33999834; PMCID: PMC8153030.
  13.  Božić, Velibor. (2023). USE OF ARTIFICIAL INTELLIGENCE IN HEALTHCARE. 10.13140/RG.2.2.35096.88322.
  14.  Hale, C. (n.d.). Impact of Artificial Intelligence on Healthcare Cybersecurity.
  15.  Ahola, M. (2022, June 17). The Role of Human Error in Successful Cyber Security Breaches.
  16.  NotPetya (2017) – International cyber law: interactive toolkit. (2022, November 14). International Cyber Law: Interactive Toolkit.
  17.  Slabodkin, G. (2020, August 25). Insulin pumps among millions of devices facing risk from newly disclosed cyber vulnerability, IBM says. MedTech Dive.
  18.  Anthem medical data breach. (2023, May 27).
  19.  Impact Of Regulatory Compliance Laws On Data Privacy & Security. (n.d.). Protecto.,breach%20or%20other%20security%20incident.
  20.  Apps, S. C. (2023, February 9). Cyberattacks 2021: Statistics From the Last Year | Spanning. Spanning.,in%202021%20compared%20to%202020.
  21.  (2022, September 20). Cyber attacks on Indian healthcare industry second highest in the world: CloudSEK. The Hindu.,records%2C%20according%20to%20the%20report.
  22.  5 AIIMS Servers Hacked, 1.3 TB Data  Encrypted in Recent Cyberattack, Govt Tells RS. (n.d.). The Wire.

Dubai Academic Health Corporation, UAE

Dr Alanood Alfarsi

Head of Health Center
Young Executive Leaders 2023

IHF Member: Dubai Health Authority (DHA), UAE. Arab Board-certified consultant family physician with strong experience in healthcare management, and currently head of a health center.

Aga Khan Health Services, Tanzania

Frida Kitundu

Executive Assistant to Regional Chief Executive Office & Global Head of Clinical Development Programs
Young Executive Leaders 2023

IHF Member: Aga Khan Health Services and Aga Khan University. Administrative professional for hospital management executives and healthcare professionals.

Apollo Hospitals Enterprise Ltd, India

Dr Gaurav Katyal

Vice President of Operations
Young Executive Leaders 2023

IHF Member: Apollo Hospitals Enterprise Ltd, India. Anesthesiologist, leading operations and service excellence initiatives with a focus on continuous improvement in customer delight.

Hong Kong Hospital Authority, Hong Kong

Dr Lok Hang Leung

Senior Manager
Young Executive Leaders 2023

IHF Member: Hong Kong Hospital Authority, Hong Kong. Full-time healthcare administrator, involved in capacity, simulation education, professional training and development, and healthcare service initiatives.

Reviewers: James Deiparine (YEL 2022, Philippines),  Hiba Al Naabi (YEL 2019, Oman), Jan Begenat (YEL 2022,Germany)

Written by:

Karen Cabuyao

News & insights

Look into our latest...

Women in leadership: Acting for today and inspiring the next generation

On 14 May 2024, the Women in Leadership Special Interest Group hosted its latest webinar with participation from healthcare executives...

Crafting the Congress programme: A look behind the scenes

Every year the IHF, with a local hosting member, organizes the World Hospital Congress. This event brings together healthcare executives...

World Health Day 2024

A call for equitable healthcare in the Western Pacific 7 April is World Health Day, and the theme for 2024...

Sharing the benefits and building capacity for sustainable healthcare in the US

With a growing body of research demonstrating both cost savings and enhanced employee engagement, leadership interest in environmental sustainability continues...