A new HSCC preview outlines the phased rollout of AI cybersecurity resources designed to help healthcare organizations manage emerging risks across operations, governance, device security, and third-party tools.
The Cybersecurity Working Group (CWG) of the Health Sector Coordinating Council (HSCC) is providing the healthcare sector a preview of soon-to-be published resources focusing on discrete but interrelated functional imperatives for managing artificial intelligence (AI) cybersecurity challenges and opportunities in the healthcare system.
Given the cybersecurity challenges and opportunities presented by AI, the HSCC CWG formed an AI Cybersecurity Task Group in October 2024, composed of 115 healthcare organizations, to consider how to prepare the sector with operational and organizational guidance.
The AI Task Group recognized the complexity and associated risk of AI technology used in clinical, administrative, and financial health sector applications, and accordingly divided the mix of AI issues into manageable work streams of discrete functional areas of concentration while staying mindful of the interrelationships and interdependencies among those functions.
The effort is separated into five subgroups:
- Education and Enablement: Common nomenclature for our AI cybersecurity guidance, and education and training programs to familiarize diverse healthcare user communities with the appropriate awareness and use of AI in their functional environments.
- Cyber Operations & Defense: Playbooks to help healthcare organizations to prepare for, detect, respond to, and recover from AI-related cyber incidents.
- Governance: A framework for managing AI cybersecurity risks in the health sector enterprise, including: governance processes for the AI lifecycle; regulatory alignment; and AI-specific security and data.
- Secure by Design: Embedding cybersecurity secure-by-design principles into the DNA of AI-enabled medical devices, while fostering collaboration across engineering, cybersecurity, regulatory, and clinical teams.
- Third-Party AI Risk & Supply Chain Transparency: Strengthen security, trust, and resilience in supply chains by enhancing visibility and transparency of third-party AI tools, establishing governance and oversight policies, and standardizing procurement, vendor vetting, and lifecycle management, among other deliverables.
Looking Ahead
These workstreams have made substantial progress over the past several months, according to the HSCC CWG, and beginning in January, will separately publish their guidance documents in succession through Q1 2026.
In addition to the preview, the HSCC CWG is offering the first of its publications developed by the Education and Enablement Subgroup, “AI in Healthcare: 10 Terms You Need to Know.”
“The HSCC CWG invites all healthcare organizations to adopt these best practices, share guidance across teams, and engage with the council to shape the future of sector-wide AI governance and cybersecurity,” reads a release from the HSCC CWG. “Together, we can ensure that innovation in healthcare is matched by a steadfast commitment to patient safety, data privacy, and operational resilience.”
ID 350511763 © Wiskareunan Chi | Dreamstime.com
