It’s time to hand cybersecurity over to the computers
Summary
A healthcare-industry hack shows the need for autonomous databases and operating systems.Cybercriminals are growing bolder. Once content to target the computer systems of smaller businesses, municipalities and universities, hackers are now targeting large sections of the American healthcare industry. Providers and insurers depend on computer processes to automate the payment of claims, verify patient eligibility for services and approve prescriptions. A successful attack could make it difficult for patients to access medications and essential services. Clinics and hospitals would be unable to pay their staff.
That’s exactly what’s happened in the past few weeks. The ransomware group known as ALPHV or BlackCat shut down Change Healthcare, a subsidiary of insurance giant UnitedHealth. Change Healthcare automates a third of insurance payments to pharmacies, clinics and hospitals in the U.S. The attack thoroughly disrupted the American healthcare system, costing providers an estimated $1 billion a day. The federal government was forced to offer emergency payments to providers. Unconfirmed reports suggest that the cybercriminals ended the attack after receiving a $22 million bitcoin payment.
These attacks aren’t going to stop until our healthcare systems adopt the latest cyber-defense technology—a new generation of autonomous digital infrastructure capable of fully protecting patient data and keeping essential healthcare systems up and running even when those systems are under attack.
In the past, the federal government provided incentives to encourage the modernization of healthcare systems. The Health Information Technology for Economic and Clinical Health Act of 2009 was meant to increase connectivity and interoperability while enabling providers to adopt electronic health records and increase patient privacy protections. Regrettably, no one anticipated just how good cybercriminals would get at exploiting the vulnerabilities within our interconnected healthcare computer systems.
As the scope and frequency of these attacks increase, healthcare providers and payers will incur large losses. But society will ultimately foot the bill in the form of higher healthcare costs for everyone. The federal government needs to update regulations and offer the healthcare industry financial incentives to adopt the new generation of highly secure and reliable autonomous digital infrastructure.
Nearly all cyberattacks and digital data thefts begin the same way—with human error. In 2019 a hacker accessed the personal information of more than 100 million Capital One customers. At the time, Capital One managed customer data using digital infrastructure purchased from Amazon Web Services. Unfortunately, bank employees misconfigured the system, creating a security vulnerability.
Such vulnerabilities can be prevented by second generation autonomous cloud computer systems. The computer industry has already developed secure and reliable second-generation autonomous cloud technology. These systems have proven themselves able to defend against cyberattacks and data theft. Autonomous systems are difficult to attack because they don’t allow humans to configure them, relying instead on databases and operating systems that automatically configure themselves. Humans, with their propensity for error and mischief, shouldn’t be trusted to configure critical parts of the system.
The same is true of fully self-driving autonomous cars, which promise to reduce car crashes dramatically. When humans don’t operate the vehicle, they can’t crash it. Just as fully self-driving autonomous cars will improve passenger safety and save lives, autonomous computer systems are our best defense against cyberattacks on our healthcare infrastructure. Modern autonomous computer technology will keep our medical systems up and running all day, every day. They will fully protect patient data, improve care and ultimately save lives.
While autonomous systems are the best front-line defense against cyberattacks, there are additional things that modern cloud systems should do to protect themselves. We need to eliminate the use of passwords. Passwords are easily and routinely stolen by cyber criminals. Passwords must be replaced with passcodes. Passcodes are virtually impossible to steal because they are computer generated and they constantly change, yet they are much easier and more convenient to use than passwords. Passcodes, autonomous databases and autonomous operating systems are all currently available in second generation cloud systems.
The healthcare industry, the computer industry and the federal government can collaborate to harden the nation’s critical digital infrastructure. Government should establish tough privacy standards to protect highly sensitive patient data and set standards requiring healthcare systems to continue operating even while under attack.
Autonomous databases and operating systems tip the balance of power to give defenders a technological advantage during a cyberattack. The sooner healthcare systems start using autonomous systems, the safer they and their patients will be.
Mr. Ellison is a co-founder and chief technology officer of Oracle. Ms. Verma is general manager of Oracle Health and Oracle Life Sciences. She served as administrator of the Centers for Medicare and Medicaid Services, 2017-21.