Global Healthcare Celebrates Tech Successes & Grapples with Cybersecurity at HIMSS 2024

HIMSS 2024
Courtesy of HIMSS: Opening Night HIMSS 2024

Artificial Intelligence continues to be an encompassing topic throughout the life sciences and healthcare. The excitement around recent developments in automation and AI was on display at the Healthcare Information and Management Systems Society Global Health Conference and Exhibition (HIMSS 2024) earlier this month. However, as the conference kicked off, the late February cyber-attack that impacted Change Healthcare, a subsidiary of United Healthcare, was still disrupting healthcare nationwide and being investigated by the HHS’ Office for Civil Rights (OCR). Discussions at HIMSS 2024 touched on the already known challenges of AI, such as data biases but focused on possible solutions to support the technology’s continued advancement.

It Is About Specific Healthcare Impact

The overall theme throughout the conference was increasing healthcare’s reach to those who need access the most. Technology presents huge opportunities to provide healthcare to the underrepresented throughout the globe. Keller Rinaudo Cliffton, co-founder and CEO of Zipline, spoke to BioSpace about the future’s potential. “More than 7 billion people today have poor or non-existent access to healthcare, and there are so many opportunities to apply technology to extend access to those people.”

Cliffton further continued by quoting Mark Harrison, the former CEO of Intermountain Health, “The biggest lie we tell ourselves in healthcare is that convenience is a luxury for the rich. It isn’t. It’s a necessity for the underprivileged.”

During his keynote session, Cliffton shared how Zipline is serving the underprivileged while also reducing climate impact by using a fully electronic solution to reach communities. Zipline uses all-electric zero emission aircraft to make long- and short-range drone deliveries. Initially beginning drone operations in Rwanda, Zipline has reduced post-partum hemorrhaging by 51%.  Zipline gained approval from the Federal Aviation Agency in 2022 to begin deliveries in the United States. When Zipline was asked about the potential of using drones to increase patient engagement and retention for decentralized trials, a representative stated that the company is exploring collaborations with sponsors for clinical trials in the future.

The keynote is just one example of this theme in the conference. Representatives from the Centers for Medicare & Medicaid Services (CMS) discussed how they were reviewing and expanding data collection, reporting and analysis to reduce disparities. During the session, CMS representatives also discussed the agency’s internal assessments of its policies and procedures. Highlighted in the session was CMS’s continual support of The Gender Harmony Project, which seeks to capture sex and gender data consistently within health models. CMS demonstrated how the organization is working to enhance health information exchange standards, ensuring that gender diversity is appropriately represented to improve care for all individuals.

Five Hours and 200 Days

During the AI and Cybersecurity forum sessions, Benoit Desjardins, professor of radiology and medicine at the University of Pennsylvania, noted that hackers typically gain access to data in less than five hours after the breach occurs, and cyberattacks are getting easier and faster. In contrast, a breach’s discovery time is on average 200 days later. There is simply too much data to parse and too many attacks to work.  

All that is needed is bitcoin, Nitin Natarajan, deputy director for the Cybersecurity and Infrastructure Security Agency (CISA) pointed out during a lunch session. One does not need to be a mastermind cybercriminal Third parties will do the work for a cybercriminal and keep a percentage of the gains, usually paid out through bitcoin.

That being said, the victim landscape has also changed. From a cybersecurity perspective, CISA handles anything that is not part of the Department of Defense (DOD) or intelligence community. When Natarajan first joined CISA, people did not believe that cybersecurity was needed in healthcare. At that time, anything to do with healthcare was protected. Natarajan stated that attacks are occurring in all sectors of healthcare, from hospitals to biotech and pharma to manufacturing to supply chains.

The entire healthcare sector is a primary focus for CISA, which includes health care and life sciences. Healthcare cannot be delivered without IT communications, transportation, and the supply chain. It does not stop there. Healthcare cannot be provided without medical manufacturing, distribution, biotechs, pharma clinical trials, lab services and so forth. Cybersecurity in each aspect of health care, from drug discovery to the transportation of raw materials to delivering drugs to patients is an essential part of the conversation for CISA. 

Enter Quantum

Simply stated, quantum computing leverages leverage probabilities and entanglement to solve problems classical computers struggle to solve.  It is still in its infancy right now. However, the life sciences industry, as with other industries, is pushing forward with development with Google and IBM releasing roadmaps that include one million qubits systems by 2029 and 2030. GlaxoSmithKline has also been testing both IBM’s gate-based quantum computers and D-Wave’s quantum annealing to solve codon optimization problems during the drug discovery process. Quantum presents exciting opportunities throughout the drug discovery and development process.

Hackers, however are also able to reap the benefits from quantum computing. As the dawn of quantum rapidly rises, the risks that come with it become increasingly pressing to address. Quantum computers will be able to break some of the most widely used security protocols in the world. The looming concerns are so great that the National Security Agency (NSA), cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) jointly released Cybersecurity Information Sheet (CSI), “Quantum-Readiness: Migration to Post-Quantum Cryptography.” Because post-quantum cryptography mitigation process is extensive and necessary to prevent critical data and systems from being compromised, the CSI sheet offers a guiding roadmap for organizations to use prepare.

Speaking to BioSpace, Lee Kim, senior principal, privacy and cybersecurity at HIMSS, expanded on the CSI sheet by suggesting organizations not only use a risk-based approach to evaluate their own preparedness for quantum computing but review their vendors.  Recognizing that organizations will be in different stages of preparedness, CTOs and CISOs will need to carefully evaluate how they align with vendors.

“One of the things that needs to be done is to first map out critical aspects, the crown jewels for the organization. Number two, ask vendors, ‘What are you doing?’ And the third, evaluate what internally is being done to convert the critical aspects to quantum.”  

She suggests repeating this process for second and third tier critical priorities, but to test and validate the first priority elements before creating a roadmap to adapt to quantum.

AI Never Sleeps

The healthcare sector is still adapting to AI, getting familiar with the difference branches and the most appropriate tools. Additionally, the sector is still discovering limitations within data and grappling with the most concerning bias: the human one.

And now with quantum on the horizon, AI may end up being the answer to quantum challenges, particularly when it comes to data. Hal Wolf, president and CEO of Healthcare Information and Management Systems Society, expressed enthusiasm about the future. “It is going to be fun to watch the two—quantum and AI—work together, but it will speed up. One of the things that I learned a long time ago in operations is that speed to update is everything.”

Further explaining to BioSpace, he makes a good point about their working together.  “You’ve got two overlapping things happening; simultaneously quantum bringing in data at extremely fast pace, which is incredibly important, especially when you get them that third tier, clinical decision support, etc. Then you are going to use AI to make sure that it’s correct, and that there aren’t bad actors hitting it at the same time.”  From a drug development perspective, that alone is exciting, but in a cybersecurity aspect, the benefits of AI shine.

The cybersecurity sessions implied that AI-quantum systems are the way of the future. While AI does take a great deal of computational power to train, it is able to augment teams by identifying breaches and attacks in a matter of seconds once properly trained. And as the relationship between quantum and AI develops, the systems will be much faster at their tasks, with quantum providing an opportunity to speed up AI training time.

Lori Ellis is the head of insights at BioSpace. She analyzes and comments on industry trends for BioSpace and clients. Her current focus is on the ever-evolving impact of technology on the pharmaceutical industry. You can reach her at lori.ellis@biospace.com. Follow her on LinkedIn.

Back to news