LAS VEGAS – Taking regimented approaches to implementing systems that leverage artificial intelligence can improve trust within organizations, but that may mean that proof of concept takes more time.
AI can offer security teams increased efficiency “where machine learning and technology can do things faster,” Anahi Santiago, Christianicare’s chief information security officer, said Monday at the HIMSS25 Healthcare Cybersecurity Forum.
However, it’s been “riddled with false positives” that can erode trust, and it’s been time-consuming, she said.
“Instead of giving our teams back time by using automation to expel them of certain tasks, we’ve added more on them as they’re having to figure out what’s a false positive, what’s actual and how do you tune the tools to do their intended task.”
Looking toward the horizon of innovation, the next wave of tools from agentic AI – and further, to artificial general intelligence – demand healthcare organizations create governance and structure around adoption.
Questions around today’s use of AI and results, however, remain.
“We partner AI together with automation to do things like threat detection, anomaly detection, incident response to be proactive on remediation, vulnerability management,” said Bridget Karlin, MBA, former SVP IT for Kaiser Permanente.
“We’ve been using it pretty effectively for the last few years. But we’re nowhere close to artificial general intelligence, the AGI, which is something that we’re waiting for and looking forward to in terms of really having cognitive or mimicking human cognitive capability,” she said.
In terms of implementing AI, Karlin, who is now a consultant, said she has seen that developers and engineers are not always getting the intended results they were working towards.
Also, environments large or small tend to be littered with different legacy applications.
“You’ll have some stuff delivered by your SaaS vendors, stuff running on the cloud, stuff running on-prem,” she said.
When adding new automation and artificial intelligence, ensure that “you’re moving methodically, you’re doing the right testing, the right analysis,” added Mike Nelson, vice president of digital trust at cryptography vendor Digicert.
Karlin said establishing a framework that begins with data source transparency and clear indications of how inputs produce verifiable results – a regimen assessment process of the technology inclusive of AI.
In the absence of frameworks, healthcare organizations should establish guardrails to ensure trust, Nelson advised.
“I think in this rush of everybody wanting to get to AI, a lot of people are rushing to it without comprehensive awareness and impact,” he said.
Proof of concept and testing off-the-shelf tools before they are put into production is rigorous for Santiago’s IT team.
“We really try and dissect our tools to ensure that the promise that they want to deliver is actually going to be realized,” she said.
An additional concern with purchased tools is how vendors use the Delaware-based healthcare organization’s data, and the limits they seek to set are negotiated in their contracts.
“More and more and more we’re seeing a power our third parties want to use [data] for product development and other things that aren’t necessarily within the constructs of what we’re comfortable with,” she said.
“Being really regimented and really following a framework has helped us to really separate the grave from the good.”
Where cybersecurity cuts across organizations, collaboration is “much more important now than it ever was before,” said Attila Hertelendy, assistant professor of executive and healthcare MBA programs at Florida International University, the panel moderator.
“As we talk about implementing AI it also goes hand in hand with change management,” he noted.
“The governance is the backbone of the cybersecurity strategy. It’s a continual learning process,” Karlin said.
People need their go-to prompts, Hertelendy added.
Beyond AI, he asked Nelson to end the session on how concerned attendees should be about the future of quantum computing.
Nelson was clear that it is now time to start getting prepared because it will take years for organizations to update to quantum-resistant algorithms and quantum computing is estimated to be more broadly available in the 2030s.
“Quantum will obliterate today’s security,” he said. “That is not a small task.”
Migrations can take years and critical industries are recommended to update by 2029, he said.
It’s a call to action because cryptography is deeply embedded in all systems, and most organizations have 40% of their certificates unmanaged, he said.
The journey begins with discovery, he said, advising organizations to set a game plan to understand which systems are most vulnerable.
“There’s no easy button.”
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.