Health system leaders told Becker’s they’re encouraged by AI developer Anthropic opening up its Project Glasswing cybersecurity initiative to healthcare.
The company launched the project in April after opting not to publicly release Mythos, its latest iteration of Claude, because the AI could autonomously detect and exploit cybersecurity vulnerabilities, some decades old. Project Glasswing initially included about 50 partners, mostly tech giants and leading cybersecurity firms, but expanded June 2 to another roughly 150 organizations representing critical industries, including healthcare.
“The combination of Anthropic, big tech and health system CISOs working together to mitigate cyber risk is both logical and smart,” said Scott Arnold, executive vice president and chief digital and innovation officer at Tampa (Fla.) General Hospital. “In fact, as an Anthropic customer, I volunteered our CISO at Tampa General Hospital to participate in Project Glasswing and provide insight as an expert — fingers crossed.”
Health system CIOs told Becker’s last month that they wanted to be “at the table” on using Mythos Preview to solve cybersecurity flaws, particularly because of healthcare’s unique IT considerations.
“Mythos is valuable because it surfaces vulnerabilities that were previously unknown or hard to exploit — but those findings then have to be fixed or mitigated inside that same window, before the ability to exploit them becomes widely available, said Sha Edathumparampil, chief digital and information officer of Coral Gables-based Baptist Health South Florida. “In healthcare, that’s a lot of work: legacy software, slow upgrade and patching cycles because downtime affects clinical care, and the funding and resources these changes require.”
He also pointed to Anthropic’s prediction that in six to 12 months, other AI companies will have Mythos-class AI models — but could release them without the same type of cybersecurity safeguards.
“Anthropic deserves credit for moving quickly and bringing healthcare in,” Mr. Edathumparampil said. “The announcement also raises the urgency for the entire healthcare ecosystem — vendors and providers alike — to both detect and remediate, against a clock that’s now in months, not years.”
Mr. Edathumparampil said he’s eager to learn the list of participants, whether it be EHR vendors, biomedical device makers or even health systems. An Anthropic spokesperson told Becker’s it isn’t disclosing specific organizations for security reasons, though partners can share their participation if they wish. In its June 2 announcement, Anthropic said the 150 new participants are largely vendors with big client bases covering critical infrastructure industries, including healthcare but also power, water, communications and hardware.
“The expansion was necessary and required, and it should continue in a controlled manner in an expanding concentric circles of trust approach,” said Glynn Stanton, senior vice president and CIO and chief information security officer of Yale New Haven (Conn.) Health. “Focus for expansion must be to ensure that critical infrastructure providers such as healthcare are prioritized. Giving as much lead time on the announcement of new threats and vulnerabilities is key to ensure that patient care is uninterrupted.”
Yale New Haven Health has been receiving communication from its partners about their participation, he added.
Baltimore-based Johns Hopkins Medicine is part of another cybersecurity project with another AI developer, which it can’t disclose because of a nondisclosure agreement, said Senior Vice President and CIO Richard Mendola, PhD.
“If I were betting, I would say I think the next two years are going to be some of the most difficult years we face from a cybersecurity standpoint, given the emergence of these models, until we’ve literally got workflows baked so that nothing ever gets out with a zero-day flaw or any other type of vulnerability,” he said.
Dr. Mendola said he is grateful that healthcare and academia — he’s also the enterprise CIO of Johns Hopkins University — are part of this discussion but understands AI companies’ hesitation to open it up to more partners.
“Tell 150 people a secret,” he said. “It’s not a secret.”
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.