The AI Security Blind Spot That Healthcare Can't Afford to Ignore

← Back to All Podcasts The AI Security Blind Spot That Healthcare Can’t Afford to Ignore In this episode, Tom Furr, CEO and Founder of PatientPay, discusses how the Shift in ACA enrollment is driving more high deductible health plans. Highlights of this episode include: How the reduction in ACA enrollment numbers are affecting out-of-pocket payments How should providers prepare for this change in coverage Long-term projections Subscribe Today! Kelly Wisness: Hi, this is Kelly Wisness. Welcome back to the award-winning Hospital Finance Podcast. We’re pleased to welcome Vrajesh Bhavsar. VJ is an engineer with a Master’s in Computer Science from USC and over 20 years of experience building hardware and software products. VJ built core technologies for iOS and Mac OS, including dynamic tracing, data protection, and secure enclave at Apple. He holds eight patents in distributed systems, data, and security. He is passionate about building technology-first businesses that drive positive human impact at scale. In this episode, we’re discussing the AI security blind spot that healthcare can’t afford to ignore. Welcome, and thank you for joining us, VJ. Vrajesh Bhavsar: Hey, thank you for having me. Kelly: Well, let’s go ahead and jump in. So, AI is being deployed across healthcare at a remarkable pace. From a cybersecurity standpoint, what’s the risk that most hospital leaders still don’t fully appreciate? VJ: That’s a great question. And it’s such an exciting time that we are living in. There are so many new innovations coming to the entire space. And the impact of AI in so many different areas gets really exciting for a lot of industries where this kind of innovation is needed. And, of course, healthcare has so many different areas where AI can be applied, but also there are a lot of risks that come in when you are exposing this kind of critical area of safety and care to this kind of new innovation. And so the big risks that we see in a lot of interactions we are having is how when you have a lot of kind of new innovation getting sprinkled across use cases and areas where you didn’t really understand the full scope and things are operating without a lot of visibility, especially in the deep areas where sensitive data is in question and you have patient information as well as ways that a lot of the third party systems are going to interface with these things. That’s where there are so many risks that it’s not fully understood and appreciated. And the thing that really gets people is that we are used to kind of operating with these innovative systems in kind of traditional systematic ways, that A plus B results in something. But in the world of non-determinism, where there are a lot of new attacks coming in, the level of risk really, really goes to the roof. And the kind of attacks that have come through in terms of prompt injection or zero-click, and a lot of things that have been reported across the industry, and we have done some of the work ourselves. It really throws people back into like, “Oh, wow, I didn’t realize that this can really exfiltrate the data at such scale and such speed.” And the level of protections and defenses that people had through traditional tools are now out of question. Kelly: Yeah, it’s definitely an interesting time in healthcare and AI, and there’s a lot to consider there. You recently discovered a zero-click vulnerability that can silently extract complete patient records without leaving a trace. What does that mean in plain terms, and why is it a signal of a much larger industry problem? VJ: That’s a very interesting question. And I think as an industry, we have been trying to get everyone to kind of understand that, “Hey, don’t respond to random emails, don’t share credentials, don’t go chase random links and all that, right? But what’s happening in the world of AI is that without users taking any of such risky actions, now you can have a massive exposure and that’s what zero click refers to. And what we discovered is that a lot of these AI systems as they are interfacing with so many different data sources and all the records and all that, they can actually go take the credentials and access that you have given them and try to be helpful in ways that can actually result in data exfiltration and leakage at a massive scale. And so, what we are finding is there are the kind of attacks that come through in AI systems that are prompt injection or jailbreak attempts. And those things are getting embedded in documents, in ways that are invisible to the human eye, but those instructions mean a lot to what an AI system or an agent bot is going to do. And that’s where, now, you are bringing– you have so many, so much intelligence baked into these AI stacks that they are trying to be super helpful and trying to kind of take all these instructions that are embedded and the users didn’t do anything wrong, but this is where some of the attacks that are coming through. Some of the ones that we have discovered and the industry has discovered, even Anthropic reported several different types of attacks. And there is a lot of education needed in the industry to really kind of understand the scale and scope of what these intelligent, non-deterministic systems bring in these critical environments. Kelly: Completely agree. There’s definitely a lot of education required for us. VJ, HIPAA was built for predictable human-reviewed workflows. How does autonomous AI fundamentally challenge the compliance model healthcare has spent decades building? VJ: I know. This is where we are really passionate about like there is so much to be done, and I know HIPAA is trying to catch up on a lot of the new innovation. But at the end of the day, there is kind of like an inert way in which HIPAA assumes there are human accountability layers behind all the different decisions that are getting made. And I think that’s the thing that gets thrown out the window when you bring in agentic AI. And in these environments where you are passing responsibility, you’re passing autonomy, you’re passing decision-making capabilities to agents and at a speed of machine speed at which you can access so many different systems all at once and try to be helpful. That’s where there is no mechanism in place to even understand what these systems are trying to do. And beyond understanding, you need to actually govern and bring controls into these environments, right? And I think that’s kind of the core to a lot of the challenges and what we refer to it as runtime visibility and runtime controls. And when these agents are getting born and they are trying to figure out, like, “Okay, what are the instructions given to me?” And I’m going to try to make sense of that. I’m trying to access the systems that are available to me, and sometimes they overreach. And that’s when these breaches happen. That’s when, kind of, unexpected consequences happen. That’s when you end up with a non-compliant system. So, I think there is a lot to be done. I think the industry was still just catching up on what was happening in the world of microservices and all the API ecosystem. And now we have leaped directly into agentic environments. And I think that requires a full depth understanding of what all things are happening to stay compliant. <p...