New HSCC CWG Publication; Artificial Intelligence Cybersecurity Considerations

Healthcare & Public Health Sector Coordinating Councils

February 6, 2023

We are pleased to share today our first HSCC CWG publication of 2023 - a white paper titled: “Health Industry Cybersecurity-Artificial Intelligence Machine Learning (HIC-AIM)” – an overview and discussion of 9 cybersecurity considerations for the implementation of A.I. in a clinical and enterprise environment. HIC-AIM was developed by the Emerging Technology Task Group, co-led by Mark Jarrett of Northwell Health; Jim St. Clair of Coordinated Care Inc.; and Linda Ricci of FDA. Significant editorial contributions were provided by Julie Sisk of First Health Advisory. Much of the content was developed by recruited outside experts in academia and industry with deep background in the field.


Healthcare has continued to evolve from the paper-and-pen world to a digital environment. The opportunities for high-quality, safe and effective care have increased exponentially with this change. Integral to these opportunities is the harnessing of increasing computer power and the revolutionary impact of artificial intelligence (AI) and machine learning (ML). AI/ML could impact every aspect of healthcare, from diagnosis, treatment decisions, predictive analysis, and even administrative functions such as coding and billing.

The promise of AI/ML, however, comes at a price: artificial intelligence systems, especially those dependent on machine learning (ML), can be vulnerable to intentional attacks that involve evasion, data poisoning, model replication, and exploitation of traditional software flaws to deceive, manipulate, compromise, and render them ineffective. Yet too many organizations adopting AI/ML systems are unaware of their vulnerabilities. This potential outcome is the basis of this whitepaper.


This paper is intended for an audience of senior technical leaders within the CIO/CTO functions. It assumes basic knowledge about software programming and application engineering with an associated capability to translate technical concepts into practical business, operations, and clinical privacy and cybersecurity risk.


Please feel free to share this paper with your community of peers. We are also preparing for your use a boilerplate slide deck that is suitable for presentation at conferences and webinars.

Greg Garcia
Executive Director
Health Sector Coordinating Council
Cybersecurity Working Group