The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, “a platform for collaboration among healthcare industry leaders and the government for more than a decade to address the most pressing security and resiliency challenges to the healthcare sector,” has published its Health Industry AI Cybersecurity Governance Framework Implementation Guide.
HSCC states the 87-page guide (download and view PDF here) “addresses unique cybersecurity and privacy challenges as the sector adopts artificial intelligence across clinical and operational use cases, targeting the identification and mitigation of AI-specific cyber risks, including data poisoning, model drift, and adversarial attacks, while ensuring compliance with the healthcare sector’s complex regulatory environment. It addresses the full spectrum of AI technologies deployed in healthcare, from traditional machine learning/reactive/non-agentic models to generative AI, and agentic AI systems capable of autonomous action.”
The American Hospital Association is one organization that is endorsing the guide. “This comprehensive guide is a must-read for all healthcare organizations, vendors and suppliers as the development and implementation of various forms of AI into healthcare settings has become widespread at tremendous speed and scale,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The secure-by-design and implementation recommendations offered in this guide will help mitigate unintended cybersecurity risk and consequences of AI use in healthcare and help prevent adversarial exploitation of AI-related technical flaws. Mitigating AI cybersecurity risk is part of cyber safety, and cyber safety is patient safety.”
