AI is everywhere. It is not just helping enterprises grow, but also enhancing the cyber threats. It is a jinn which is granting everyone’s wish, no matter good or bad. So how do we fight the bad?
Ayush Jain is the CEO of Mindbowser, and co-founder of Mindbowser Inc. He is responsible for the development of advanced software products and their launch in the market. He knows the cyber criminals are using AI to enhance the threats. At the very same time he hopes that the vulnerable business especially healthcare will learn and finally start focusing on IT and cyber vigilance.
In a discussion with CIO&Leader, Ayush Jain shared his thoughts on the current state of the health-tech, the cost of a cyberattacks, and how can AI help us.
CIO&Leader: How has AI enhanced cyber security measures, threat detection and response capabilities in healthcare?
Ayush Jain: The way health works, security or IT is not very natural to them. It’s not the first thing that they discuss on a day-to-day basis. Their first discussions, for example, are more around patient experience or diagnosis. IT many times takes a backseat. It’s always a cost to them as well. Due to all of these things the threat of cyber attacks or ransomware on health systems or hospitals remains very high.
In fact, more than 60% of hospitals have reported some sort of a cyber attack in the last 12 months. AIIMS breach was one of the famous ones that was covered in the press as well. The whole AIIMS data record, et cetera, was encrypted and they went offline for a couple of days. So the breaches are happening definitely.
The second [problem] is the health data, for example, is very much spread out. A single person is not fully aware of wherever the data is. All the systems are working to tend to become over complicated over time. AI can really help there, like be able to provide coverage on unseen areas as well.
So, those are the things where I see that AI is really knight in the shining armor, especially when it comes to healthcare cybersecurity. While there’s a lot of talk around AI improving the diagnosis and other space, I feel that even cybersecurity is an area where AI would play a very important role, AI along with automation. Because automation is something people have been doing for last five to eight years, there was already a big wave of automation that happened. But automation again hits walls; some gaps are there. Data is in silos or the systems are not connected and so on. So AI along with automation, I would say can really help.
Hospitals that had some sort of AI layout, were able to shorten the data breach lifecycle by up to 50 percent. Because they were able to detect gaps proactively, they were able to cover more proactively. So the cost and the time for data breaches or cyber threats has come down due to AI.
CIO&Leader: But don’t you think because of AI, the cyber threats have also increased? AI is in just its infancy and with how fast it’s growing I wonder how cyber threat scenario is going to look like for healthcare.
Ayush Jain: True. You made a valid point. See this is a cat and mouse game. The person sitting on the other side of the table is definitely going to use AI for making their attacks sophisticated as well. In fact another research points out that the cost and the sophistication of attacks has actually increased year on year. So there is no doubt that attacks are going to be more sophisticated, more multi-layered, more penetrative.
So your enemy is definitely coming with sharpened weapons. That’s the tragedy of the health systems as I was mentioning that IT is second always. What happens is that many of the times hospitals would face the cyber threat, most of them would fix it for the ongoing basis, but may not take the long term measure. So they are like sitting ducks for another attack which could become sophisticated. These attacks are going to be driven by AI.
As a hospital, you have to be prepared and embrace AI and automation into cybersecurity, have a proper framework, have a holistic approach around coverage. Most hospitals once attacked, they are considering it as a one-time cost and then going back to normal life, passing that cost to patients, but not really fixing the core of the systems. I’m not saying that they are wrong-footed because they have 10 more things to take care also. So I have empathy with them. But that’s the world we are in that they have to become proactive or bring in experts or consultants.
CIO&Leader: What was your first thought when AIIMS news broke out?
Ayush Jain: I was not surprised. Just to understand the kind of business or the kind of data they have, it’s a very useful, important data for a cyber hacker. In fact, you know this data that was hacked from AIIMS, there was news that it quickly became available on the dark web, and the cost of each record was around $250 compared to normal credit card data record sold just at $5.
So it becomes lucrative, it’s like a low hanging fruit, I would say. So that’s why when AIIMS happened or for any hospital, it is not surprising. In fact, I believe that there’s more to be done. Because of the danger that we see lurking in, with all that more AI coming in, there is going to be, in fact, even more such instances. So hospitals and healthcare systems have to become very vigilant about this.
CIO&Leader: What technological tools Mindbowser is providing for its user so that they can protect their own data and privacy?
Ayush Jain: Technically speaking, what we swear with is the DevSecOps process. DevSecOps is basically the development, the security, the ops. So everything has to come in together and set up that whole systems where you are backing up all the data constantly on an automated basis.
Hospitals are one such big industry where human touch is important and more prevalent. So training and awareness programs for employees, having proactive monitoring within the system and that’s where AI comes in, for example to be able to detect outliers or to be able to figure out like any kind of risk alarms that can go in so setting up of that.
It always is a more custom approach, I would say. It starts with understanding what and how the system currently works and what are the gaps that exist and how we can maintain them. And then, of course, think like a hacker to be able to build those solutions.
CIO&Leader: We briefly touched the financial aspect. Do you have a certain number of what cyber threats are costing healthcare?
Ayush Jain: Yeah it will easily go in millions! I’d say basic cyber threat could cost a million dollar today. It has become so common and so costly and for larger hospital for example like AIIMS, this is quoted on the news that the cyber criminals had asked for 200 crores which is like 25 to 30 million dollars. So, I’d say that’s the cost.
Minimum would go easily a million dollars to start with and an average cost if you were to ask my guess would be say like four to five million dollars at least. That’s the cost. Data security law quotes that a penalty of up to 250 crores could be put on an organization that stores the data and was responsible for the data breach or anything bad happening with that data.
India has not been very active on penalizing which is also one of the reasons that as a country we have been more flexible or casual about data, but in US for example there are heavy penalties and there’s a HIPAA law that everybody swears by. So every action, every application that is built or every hospital systems, etc., have to be HIPAA compliant.
Tools are one thing but then the human nature also has to be more vigilant about all of this. Just like all the phone scam cases that happen, while technology can help you maybe understand but if someone calls you and you are sharing the OTP then it can’t really help you. So similarly inherent nature of people, the staff has also to be in line with making sure that they are aware of their actions of day-to-day things that you know nothing is going in a wrong direction and so on.
CIO&Leader: Things are moving very slowly in healthcare when it comes to technology and cyber vigilance. Where do you think healthcare is heading in coming years?
Ayush Jain: While there is a lot of news about exciting developments happening, hospitals are a bit slow to take up technology. Sometimes tech people have built solutions which may be theoretically very good but for a hospital to be able to embrace it, they really want to see it working in their own spaces or in their settings and sometimes that becomes challenging because there is no testing ground.
That’s one reason that we are not able to see many of the solutions in press, but not in reality. Apart from that, again, lack of funding and resources also is a challenge for the hospitals, because while we see big hospitals running and so on, they still like many of the hospitals are in losses or barely breaking even and so on. Putting funding or putting resources always remains a challenge throughout the globe. They have a competitive market between hospitals as well.
On the positive side of things, I’d say yes, AI is definitely helping make moves. And we definitely foresee a connected health future, which would be led by connection of talent, technology and trust, because those are the three pillars that we see for health setting. You need talent, you need technology and all the more you also need trust because hospitals are eventually run on trust and that’s the biggest mode for any hospital.
And as I was mentioning, because resources and cost is always a concern, many times implementing an AI solution is costly, at least today. So if cost of AI can come down, it may be embraced more by hospitals. And, you know, like hospitals can really like be more open if the cost comes down, the efficiency increases, if they get to work closely with technology solutions that are built for their setting.
Eventually I would like to quote this that parachute works only when it is open. So, similarly like minds have to really open as well to embrace it. Today I still see a lot more reactive approach than proactive approach. But of course, some hospitals are far ahead on technology embracement, some are laggard, but I think the more they open up the more they would see their problems getting solved as well with AI.
CIO&Leader: Talking about Mindbowser as a business are you facing any scale issue? How are you making sure that your employees are up to the mark when it comes to cyber security and AI?
Ayush Jain: The speed of technology change and the markets today are unprecedented in fact. So this is something we as a generation have never seen really, like the pace at which changes are happening or the new solutions are coming. One of the things that becomes important to survive is to constantly training yourself and constantly be able to apply that training as well.
There’s that constant balance that also is required that when you have to keep on training yourself and second, you have to find opportunities to be applied to be able to apply that training as well. So that becomes a challenge for a technology company.
That being said, again, you know, training our employees or helping them upgrade as well as always look always on the lookout in the market as well. And also, we have to again open up that people may not know from day one, but we are always hiding for that attitude of learning or that hunger for learning. I would rather say that you have to bring that [hunger] because that is not trainable but if you or if you are passionate enough for it then you can learn and that that passion or that intent becomes all the more important in today’s world.
When we started off 10 years back, people said if you learn java you can run your career being a java engineer for next 10 years or 15 years, because you always get a project, you’ll code in Java and so on. As compared to AI, things are always changing, even the GPT or the LLMs, they’re always changing and new things are coming, new use cases are possible. So learnability and these skills become more important.
CIO&Leader: Any tech innovation you’re looking forward to?
Ayush Jain: So one of the things we are bullish on the space and we have been building our own solutions and we see the value it creates is the interoperability space, both for the US market where we hear a mature company building interoperability solutions helping connect systems with you know external systems and how data can flow from one system to another and value can be created because now these both system’s data is available at one place.
So bringing all the data together is very useful, important, and that’s the way of the future care, where it could become more, let’s say, care at home or remote patient monitoring. So bringing all of that together is important.
And then applying AI, because AI also can give as much as good results, as much as the rich data that you have. The more you have better data, rather than you apply AI on data of one system, if you could apply AI on data that is coming from three or four or five systems, you give better input to AI and you get better data, so better results and better outcome from the AI-powered system. So that’s what we are very excited about the future of it.
In US, in fact, there is a law that forces all the health systems to become interoperable, which means that they should be open to connect with each other. In India, that has not happened yet, but in the context of India, I’m excited about the work that government is doing now. So you already have the Ayushman Bharat happening. And we have already seen the revolution of digital payments.
So that gives all of us the more endorsement that what could be digital health also, where every Indian citizen could carry a common ID and be able to get just like I was mentioning about data coming from different systems at one place. That’s what we are counting that should happen in near future. And being able to build value on top of it would really open great proactive health possibilities for everybody of us.
