Machine learning technologies have revolutionized the healthcare industry, allowing hospitals, researchers, and pharmaceutical companies to harness big data to conquer some very serious challenges.
From natural language processing for analyzing medical records, to faster disease diagnosis and personalized medicine, to speeding drug development and time to market, to using predictive learning to forecast the spread of disease, machine learning has vastly expanded the applications and importance of data in transforming modern medicine.
But as the volume and value of healthcare data has increased, so has the risk associated with losing access to it. Hospitals and other providers are prime targets for hackers because they’re high-profile, high-value, and highly scrutinized.
Costs associated with cyber attacks can be massive, especially if they involve downtime and disruption to critical services as they did for organizations like the National Health Service, Hollywood Presbyterian Medical Center and MedStar Health. And with the U.S. Department of Health and Human Services (HHS) making it clear incidents like ransomware infections constitute a data breach constitute a data breach, there are now disclosure requirements, potential fines for noncompliance, and the hits to organizational reputation that results from being listed on the HHS “Wall of Shame” to consider.
To better safeguard their data, healthcare providers are increasingly turning to security solutions that are also harnessing machine learning, albeit in a much different way.
Current machine-learning-powered security wasn’t built for complex healthcare networks
When it comes to endpoint security—protecting end-user machines against threats like macro malware or fileless attacks—the conventional approach to machine learning needs to evolve as well. Why?
First, most machine learning security solutions allow too much time to lapse between the retraining and release of new predictive models for identifying malware. Most produce a model every few months. Considering that 357 million new malware variants were detected last year alone, these conventional models are experience degraded accuracy over that length of time, and the resulting gap causes management headaches through increasing exposure or increasing whitelist and blacklist management. They simply lag the pace of emerging threats.
Second, robust security protocols dictate that business applications and operating systems should be kept up-to-date with the latest releases from the developer. This process, although beneficial, also introduces variations in endpoint systems. And, in a large hospital system, for example, there could be thousands of endpoints, each in a unique status when it comes to updates, software installed, etc. The variables are nearly endless, and in order to be effective, security solutions must be able to distinguish good applications and beneficial processes from malware and malicious processes on every single one. False positive results are more than an annoyance; they can cause major dips in transaction volume and productivity. This rapidly changing environment makes maintaining a current machine learning model absolutely critical, but requires a new level of attention to training, automation, and model updates.
Responsive machine learning keeps protection current and accurate
Overcoming these hurdles requires an new approach called responsive machine learning. By ingesting thousands of samples of malicious software nightly, and combining these with up-to-the-minute data on known-good software, responsive machine learning technologies can continually train, test, and distribute new models provide consistently powerful endpoint protection.
This timeliness in data gathering and model adaptation provides the accuracy, coverage, and responsiveness needed to meet the demands of the modern computing environment. It provides confidence in protection despite an overwhelming volume of constantly changing data.
More than just a buzzword
Because of the hype surrounding machine learning nearly every security vendor on the market is claiming to offer machine learning capability of some kind. There is great potential for machine learning to revolutionize IT security in the way it has already done much for healthcare, but, not every vendor can deliver consistent coverage with consistently high accuracy.
When evaluating solutions, it’s critical to understand exactly how—and how often—the model is updated, what sources are used and whether the model is created based on both malware and legitimate software updates. The answers and demonstrable evidence of this capability will help to verify the desired increase in protection, while alleviating the fear of increasing false positives.
While machine learning has already revolutionized health care and promises to transform IT security, it must also include a comprehensive, responsive, real-time approach to evolving protection in the face of such a dynamic threat environment. When done correctly, this new technology will deliver the accuracy, coverage, and certainty that healthcare organizations require from a future-ready security solution.
About Jack Danahy
Jack Danahy is the co-founder and CTO of runtime malware defense pioneer Barkly, and a 25-year innovator in computer, network, and data security. He was the founder and CEO of two successful security companies: Qiave Technologies (acquired by Watchguard Technologies in 2000) and Ounce Labs (acquired by IBM in 2009). Jack is a frequent writer and speaker on security and security issues, and has received multiple patents in a variety of security technologies. Prior to founding Barkly, Jack was the Director of Advanced Security for IBM, and led the delivery of security services for IBM in North America.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.