Healthcare's Cloud Security Risks Escalate with Home-Based Care and AI Adoption
Anahi Santiago, CISO of ChristianaCare, warns that expanding hospital-at-home programs and AI integration are significantly increasing cloud security risks for healthcare organizations.
The healthcare sector is navigating a complex and expanding cloud security landscape, driven by the rapid growth of hospital-at-home initiatives and the increasing adoption of artificial intelligence. Anahi Santiago, Chief Information Security Officer at ChristianaCare, highlighted these escalating challenges, noting that patient data is increasingly moving beyond the traditional confines of hospital networks. This shift necessitates robust security measures across public, private, and software-as-a-service cloud platforms, creating new protection demands for security teams.
Santiago explained that as healthcare delivery models evolve to include more remote patient care, the volume of sensitive information that needs to be secured has grown exponentially. "Because the care is taking place outside the four walls of the hospital, the data that is needed in order to care for those patients has to go up to the cloud, and so we're seeing just an exponential increase in what we have to protect and how we have to protect it," she stated during an interview at the recent HealthSec conference.
Compounding these challenges is the persistent issue of cloud vendor accountability. Santiago pointed out that many healthcare providers still rely on cloud service provider attestations rather than rigorously validating their own software-layer security controls. While progress has been made, continuous education and contractual requirements are still necessary to ensure vendors fully align with the shared responsibility model.
Beyond the complexities of cloud infrastructure and vendor management, the integration of powerful AI tools presents a new frontier of security concerns. Santiago emphasized the need for more agile vulnerability management programs to keep pace with the evolution of AI technologies, such as Anthropic's Claude Mythos. The dynamic nature of these tools requires a proactive and adaptive security posture.
To address these multifaceted threats, Santiago stressed the importance of strengthening foundational cybersecurity practices. She advocated for the adoption of recognized frameworks, including the National Institute of Standards and Technology's (NIST) Cybersecurity Framework and the U.S. Department of Health and Human Services' (HHS) Cybersecurity Performance Goals. These frameworks provide a structured approach to managing and mitigating cyber risks.
Santiago's insights underscore a critical juncture for healthcare cybersecurity. The move towards more patient-centric, remote care models, coupled with the transformative potential of AI, demands a strategic re-evaluation of security architectures and operational practices. Ensuring the confidentiality, integrity, and availability of patient data in this evolving ecosystem is paramount.
As CISO of ChristianaCare, Santiago oversees the organization's comprehensive cybersecurity and assurance program. Her extensive experience, including a decade at Einstein Healthcare Network and active participation in key industry groups like the Healthcare Sector Coordinating Council's Cybersecurity Working Group, provides valuable perspective on the sector's most pressing security issues. Her commentary serves as a crucial warning and call to action for healthcare organizations worldwide.