Issue link: https://beckershealthcare.uberflip.com/i/1544291
27 CIO / HEALTH IT the administrative and synthesis burden through technology so clinicians can focus on patient care. "is year, you're starting to see the value of AI" is how Anna Schoenbaum, DNP, RN, vice president and chief digital applications officer of Philadelphia-based Penn Medicine, put it. But as Deepti Pandita, MD, vice president of clinical informatics and chief medical information officer of Orange, Calif.-based UCI Health, mentioned, hard financial ROI from AI is still lagging, making it hard for C-suite leaders to justify the investment. Her health system has been experiencing "so" — yet still important — benefits: workforce retention, operational efficiencies. Healthcare AI must then be viewed as an upfront investment, with several more years until financial ROI shows up, Dr. Pandita said. 6. Health systems lean into build over buy, looking outside for things they can't do. Mass General Brigham researchers developed an AI chart summarization tool that can do more than what's commercially available, such as ingest documents that exist outside the EHR, said Rebecca Mishuris, MD, vice president and chief health information officer. As AI scribes become "table stakes," she looks to the technology to offer more, like embedding knowledge sources, from patient context to medical literature. Nebraska Medicine has fully scaled over 25 generative AI use cases built in-house, so Dr. Hasselberg said vendors should turn their attention to "higher level" things, like direct AI for patients and clinical decision-making. "No more back-office applications," he said. "We are going to do that ourselves." It's never been easier for health systems to build their own tech solutions as foundational AI models are available to everyone, he added. Tech companies are seeking that cross- pollination as well. "We're going to look to all of you for what are interesting opportunities and what are the guardrails to put in place," said Sumbul Desai, MD, vice president of health at Apple, during a keynote. She pointed to successful partnerships with Atlanta-based Emory Healthcare and San Diego-based Sharp HealthCare. Health systems are also excited about oversight, as they try to monitor all their AI applications and keep up with their employees' own AI use. "Governance is cool now." Dr. Mishuris said. Her health system, for instance, recently rolled out the AI Zone, with HIPAA-compliant access to various AI models. n What health systems learned from the Stryker cyberattack By Giles Bruce T he recent cyberattack on medtech company Stryker must serve as a "wake-up call" about hackers' evolving tactics, even as it illustrates a "new normal" in healthcare, health system leaders told Becker's. Hackers disrupted the firm's internal Microsoft environment March 11, causing health systems to evaluate their exposure and, in some cases, restrict connectivity to the devices. The company noted that the incident "did not affect any of our products — connected or otherwise" and did not involve ransomware or malware. "The recent incident underscores the importance of third-party risk management, resiliency, and identity management," said Steven Ramirez, vice president and chief information security and technology officer of Reno, Nev.-based Renown Health. "As cybersecurity teams increasingly rely on tools to protect systems and automate internal tasks, it is critical to ensure those systems are properly secured so they cannot be used against us. This incident also serves as a clear wake-up call regarding the near-term use of AI by attackers." In a March 15 update, Stryker said all of its products are safe to use. The firm manufactures a variety of surgical platforms, implants and smart hospital devices. "It is completely safe for Stryker sales representatives to be on-site in hospitals and facilities," the company said. "It is also safe for you to communicate by phone or email with Stryker personnel." An Iran-linked cybercriminal group reportedly claimed responsibility for the hack (though Stryker has not confirmed this). After the cyberattack, Loma Linda (Calif.) University Health changed how it manages access to its Microsoft 365 and Intune platforms, said Patrick Voon, executive director of information security. "Even if the security incident did not impact us from a data breach perspective and did not pose any imminent threat to us, we were able to learn from it and make the necessary improvements in our own environment to prevent a similar exploit from happening to us," he said. Health systems plan for third-party cybersecurity incidents, as they have been increasing in recent years as organizations rely on more technology vendors and improve their internal cybersecurity. "This increases the importance of our resiliency practices like downtime procedures and cross communications throughout the organization to keep clinical leaders and care providing teams aware of immediate impacts and engaged in continuity of care delivery," said Jack Kufahl, chief information security officer of Ann Arbor-based Michigan Medicine. "It could be that this is the new normal that we all must adapt to address as a sector." Dennis Leber, PhD, chief information security officer of Chattanooga, Tenn.- based Erlanger Health System, said the event highlights the need to elevate cybersecurity to a completely separate business function, not just a part of IT. "Third-party and supply chain management lives with cybersecurity, but must be incorporated into the overall enterprise risk management program," he said. Cybersecurity executives must "lead with confidence" during situations like this and be willing to collaborate both "internally and externally," Dr. Leber said. "Downtime procedures must be practiced before an event occurs," he added. "Do not have unanswered questions that we should absolutely know the answers to." n