Securing the future of healthcare in the age of generative AI and connected care
The healthcare industry is undergoing a profound transformation, driven by the adoption of generative artificial intelligence (AI), cloud computing, and connected care devices. This digital revolution promises to improve patient outcomes, reduce costs, and enhance the overall healthcare experience. However, it also introduces new challenges in terms of cybersecurity, privacy, and regulatory compliance. To navigate this complex landscape, healthcare organizations are turning to scalable, affordable, and highly available cloud infrastructures such as Amazon Web Services (AWS) to build resilient, secure, and innovative solutions.
The integrated healthcare services ecosystem
Today’s healthcare landscape is evolving into an integrated ecosystem that connects traditional providers, health plans, pharmacies, and brick-and-mortar care organizations with cloud service providers, digital marketplaces, and connected medical devices. This ecosystem is data-driven and creates the foundation for innovative generative AI applications in health and life sciences.
The following diagram shows the modern integrated healthcare and life sciences services ecosystem, which is a network of traditional providers, health plans, pharmacies, and other brick-and-mortar care organizations coupled with cloud service providers and new digital marketplaces, connected medical devices, and of course the healthcare consumer. This ecosystem must be data-driven and, in turn, creates the data that can power innovative and modern generative AI applications for health and life sciences.
Figure 1. Integrated modern healthcare and life sciences services ecosystem.
As Liz Popwell, Chief Strategy and Transformation Officer at Stony Brook Medicine, noted in 2023, “We’ve stopped calling ourselves a health system and started calling ourselves a health platform because we’ve got to have partnerships to make this happen.” These platforms and partnerships are crucial for using data and technology to transform healthcare and drive the Quadruple Aim objectives: improving patient experience, improving population health, reducing care costs, and enhancing caregiver experiences. The health platform is the modern integrated, data-driven ecosystem that fuels innovation.
Navigating the security challenges of generative AI
While generative AI holds immense potential for revolutionizing healthcare and life sciences, from research and population health to clinical decision support, patient care, and drug development, it also brings unique security and privacy concerns. These challenges include governance, data management, data loss protection, legal and regulatory compliance, and the potential for shadow AI use and bias.
To address these challenges, healthcare organizations must start by adopting a defense-in-depth strategy, using the layered security services offered by AWS and its partners. This multilayered approach uses AWS services and solutions to enhance overall security and resilience and better protect generative AI environments and workloads. As explained in Architect defense-in-depth security for generative AI application using the OWASP Top 10 for LLMs in the AWS Machine Learning Blog, defense-in-depth security best practices can mitigate many of the common risks that any workload faces, helping accelerate generative AI innovation. The AWS Machine Learning Blog post recommends following the defense-in-depth model to help address and mitigate the common security concerns and risks that can undermine trust in AI, as identified by the Open Worldwide Application Security Project (OWASP) Top 10 for LLM Applications. The following graphic shows the seven layers that make up the defense-in-depth approach:
- Policies, procedures, and awareness
- Network and edge protection
- Identity and access management
- Threat detection and incident response
- Infrastructure protection
- Application protection
- Data protection
Figure 2. Layered security controls for generative AI.
Embracing a resilience-first approach
Healthcare organizations need to go beyond traditional cybersecurity measures and adopt a resilience-first approach. This means being prepared to quickly protect, detect, analyze, contain, eradicate, and recover from security incidents rather than solely focusing on prevention. In fact, OWASP’s 2024 publication LLM AI Cybersecurity & Governance Checklist lists a resilience-first strategy as step one for LLM deployment. AWS supports this holistic view of resilience through its shared responsibility model and resilience lifecycle framework, which includes setting objectives, designing and implementing solutions, evaluating and testing, ongoing operation, and responding and learning.
Securing connected care devices and the Internet of Medical Things (IoMT)
In addition to the exponential growth of generative AI, the proliferation of connected care devices and IoMT has introduced new cybersecurity challenges. These challenges must also be addressed because both the operational and clinical data from these devices will be integrated into LLMs to drive clinical and operational innovation and insights. AWS is focused on helping organizations establish an end-to-end secure chain of custody to protect cloud-connected medical devices. It’s not just about protecting the physical device but about protecting identities, data, networks, and apps while also complying with regulatory requirements and privacy mandates. AWS offers a comprehensive suite of solutions to help healthcare organizations build a robust foundation of security, privacy, and compliance in this connected care era, including:
- Secure infrastructure and access control through services such as: AWS Identity and Access Management (IAM), AWS IAM Identity Center, Amazon Verified Permissions, and AWS Verified Access
- Data protection and encryption using AWS Key Management Service (AWS KMS) and AWS Certificate Manager
- Secure communication through Amazon Virtual Private Cloud (Amazon VPC) and AWS Direct Connect
- Centralized logging and monitoring with AWS CloudTrail and Amazon CloudWatch
- AI-powered threat detection through Amazon GuardDuty
- Vulnerability management with AWS Security Hub
- Secure software development using Amazon Q Developer
- Regulatory compliance support and reporting through AWS Artifact and AWS Audit Manager
- Incident response and recovery capabilities with AWS Elastic Disaster Recovery and AWS Incident Detection and Response
- Automated risk assessments using AWS Config and AWS Security Hub
Why choose AWS for healthcare
AWS has established itself as the premier cloud platform for healthcare, offering:
- Unparalleled security and compliance, with comprehensive certifications including Health Insurance Portability and Accountability Act (HIPAA), Health Information Trust Alliance (HITRUST), and Federal Risk and Authorization Management Program (FedRAMP)
- Reliable and resilient global infrastructure
- Powerful data and analytics capabilities
- Flexible and scalable solutions
- Trusted healthcare expertise and dedicated support
By using AWS, healthcare organizations can unlock the full potential of cloud computing while providing the security, compliance, and resilience needed to deliver exceptional patient care. With the AWS comprehensive toolset, healthcare leaders can transform their operations, drive innovation, and stay ahead in an ever-changing industry.
As the healthcare sector continues to embrace digital transformation, partnering with AWS provides the necessary tools and expertise to navigate the complex landscape of cybersecurity and resilience. By adopting AWS solutions and implementing a resilience-first strategy, healthcare organizations can enhance their cybersecurity posture, protect patient data, and provide the continuity of critical healthcare services in an increasingly connected world.
To schedule an in-depth security briefing or security and resilience workshop, reach out to your account team or visit our booth, No. 4624, at the HIMSS Conference in Las Vegas, Nevada, March 3–6, 2025 or attend our Security and Resilience workshop in March.
Source: View source
