Protecting the practice: Understanding the future of cybersecurity

Anurag Lal: ©NetSfere

Cybersecurity - the process of protecting networks, devices, and data from unauthorized access or criminal use - is evolving to combat threats from emerging technologies such as artificial intelligence and quantum computing. While AI and quantum computing open the door to innovation, they are also introducing new cyber risks for organizations.

The World Economic Forum’s Global Cybersecurity Outlook 2024 revealed that almost 56% of leaders believe emerging technologies will hand an advantage to cyber attackers.

That’s bad news for all organizations but especially concerning for highly targeted industries like health care. Cybercriminals recognize that health care entities are rich repositories of sensitive patient data including medical records and financial information which they can use for identity theft and other malicious activities.

AI and quantum computing are changing the threat landscape, empowering cybercriminals to increase the number and sophistication of their attacks which poses major risks to medical practices and other health care organizations.

In light of this threat environment, it has never been more critical for medical practices to keep up to date on emerging cyber threats, recognize the implications of these threats to the practice, and understand how cybersecurity is evolving to help protect practices.

Emerging cyber threats

Emerging cyber threats associated with AI and quantum computing will shape the future of cybersecurity. As these technologies evolve, cybercriminals will be looking for ways to exploit them to gain access to networks and data.

Read on to understand how bad actors are using these technologies to launch more precise, powerful, and damaging attacks.

AI

AI is being used in organizations large and small to reduce costs, personalize customer experiences, and improve decision-making. Many medical practices are using the technology to generate patient visit notes in real time, automate tasks such as appointment scheduling and billing, analyze patient data to help inform diagnoses and treatment decisions, and more.

As AI increasingly becomes a driver of business transformation in medical practices, the adoption of the technology is also introducing security vulnerabilities and regulatory compliance risks.

Easy access to AI is allowing cybercriminals to automate damaging cyberattacks, increasing the scale and precision of these attacks. For example, bad actors are harnessing the power of AI to generate malware that can adapt to avoid detection and to launch sophisticated phishing attacks that are more personalized and convincing. According to McKinsey, since the proliferation of generative AI platforms, starting in 2022, phishing attacks have risen by 1,265%.

Quantum computing

Quantum computing is on the horizon. Quantum computers are much more powerful than the computers in use today. That means they can solve problems in minutes that would take even the fastest supercomputer today 10 septillion (that is, 10²⁵) years — a number that vastly exceeds the age of the Universe.

What it also means is that quantum computing has the potential to break traditional encryption. Encryption is the method by which information is converted into an unreadable format to protect the privacy and security of digital communication and data.

While the era of quantum computing is not here yet, quantum computing threats exist today in the form of harvest now decrypt later (HNDL) attacks. Cybercriminals are collecting encrypted data and communications now and storing this information until quantum computers are available to decrypt it.

The development of quantum computing will have a major impact on the future of cybersecurity especially in industries like health care which rely on encryption technologies to protect sensitive patient data.

Implications for medical practices

With limited resources to devote to cybersecurity and treasure troves of sensitive patient data, medical practices are increasingly becoming a target of cybercriminals. As cyber threats increase and evolve, medical practices face challenges in detecting, responding to, and recovering from damaging attacks.

In addition to negatively impacting patient care and regulatory compliance, cyberattacks on small and medium health care enterprises can threaten the financial stability of these enterprises with the average cost of a cyber incident coming in at $173,000 in 2023.

The growing financial and operational risks of cyber threats are prompting medical practices to increase their spending on cybersecurity measures with 72% of practices surveyed increasing this spending in 2024, according to a Medical Group Management Association poll.

The future of cybersecurity: Keeping medical practice systems and data secure

The emerging cyber threats associated with AI and quantum computing are reshaping the future of cybersecurity. As these threats evolve, security tools and software are evolving in tandem to combat these threats.

While many medical practices might not have the big IT budgets of larger health care systems and organizations, next-generation security and encryption technologies are within reach of these practices to help defend against the threats of today and tomorrow.

These technologies include:

AI-driven security

AI-powered solutions provide threat detection, analysis, and automated responses designed to predict and prevent attacks before they cause harm. Some of these solutions include:

• Antivirus software, a first line of cyber defense that scans and neutralizes malicious software, is evolving to become more effective against new threats. The integration of advanced technologies like AI and machine learning (ML) is improving the effectiveness of antivirus software. AI and ML-powered antivirus software can identify patterns and behaviors associated with malware, enabling this software to detect previously unknown threats.
• AI-enabled email security tools can analyze emails in real time to detect potential threats. These tools are designed to identify and block phishing attempts, malware, and business email compromise before these emails reach users.
• AI endpoint security detects and responds to advanced threats on endpoint devices like computers and mobile phones. The technology can detect a wide range of threats including malware, ransomware, phishing attacks, network intrusions, data leakage, and suspicious user behavior.

Post-quantum cryptography

Post-quantum cryptography, also known as quantum-resistant encryption or quantum-safe encryption, can withstand potential attacks from quantum computers.

Medical practices must start transitioning now to quantum-safe encryption protocols that protect sensitive patient data from potential quantum computing threats now and in the future.

New PQC standards released by the National Institute of Standards and Technology (NIST) last year were developed to protect against HNDL and future quantum attacks. With the release of its first three quantum-resistant encryption standards, NIST is encouraging IT administrators to start integrating these encryption standards into their systems immediately.

Medical practices can also stay ahead of quantum threats and protect their data with the right tools. While many technology vendors are integrating PQC into their services and products, it is important for medical practices to ensure the solution providers they use including mobile messaging and collaboration tools, email platforms, and VPNs integrate PQC into their technology.

Wrapping up

Evolving cyber threats create significant challenges for all organizations. These challenges are compounded in medical practices that often don’t have the personnel to dedicate to combatting existing and evolving cyber threats.

The good news for these practices is that next-generation cybersecurity technology and advanced PQC encryption can enhance their resilience against the cyber threats of today and tomorrow without requiring major in-house IT resources.

Anurag Lal is CEO and president of NetSfere and a former director of the U.S. National Broadband Task Force under the Obama Administration.