As generative AI applications become more common in healthcare, organizations will need to carefully consider critical third-party risk issues involving the use of these technologies, said Damian Chung, business information security officer at security firm Netskope.
“Now that AI is entering in and becoming more mainstream, we’re going to be faced with multiple vendors that claim they have AI,” said Chung, former director of cybersecurity engineering at Dignity Health.
An important question that needs to be asked is whether the technologies are “really AI,” and whether each of these tools and their respective AI systems “won’t counteract with each other,” Chung told Information Security Media Group in an interview.
“How do I make sure that they’re not canceling each other out?” he asked. Also, organizations need to consider to what extent an AI system “is really learning from your data or potentially using that data to train other models for other customers,” he said.
By the same token, if a vendor is using generative AI to create an app, “do they even have the rights to use it?” he said. Chung said he worries about these issues of supply chain and third-party risk involving the use of AI.
In this interview with Information Security Media Group (see audio link below photo), Chung also discussed:
- Top emerging uses of AI in healthcare and the related patient privacy and data security concerns;
- Potential data integrity and accuracy issues involving the use of AI for clinical decision-making;
- Other vendor risk issues that healthcare CISOs should consider involving the use of AI tools in their organizations.
Chung, a cybersecurity leader with over a decade of security experience focused in healthcare, is responsible for overseeing corporate security tools and processes and acts as the subject matter expert in the healthcare vertical. Prior to Netskope, he was senior director of cybersecurity engineering at Dignity Health where he implemented multiple cybersecurity controls and helped mature the healthcare provider’s security program. Prior to that, Chung was vice president of IT, cloud security and compliance for a healthcare technology company.