While every data breach is a little different, they usually have one common denominator — an element of human error.
In fact, one recent report from the risk management firm Kroll claims that up to 90 percent of all data breaches reported to the UK’s Information Commissioner’s Office (ICO) from 2017 to 2018 were the result of human error, not deliberate cybercriminals. Another report from the Ponemon Institute found that 51 percent of data breaches were caused by cyber-attacks, 25 percent came from negligent employees, and 24 percent were caused by glitches, including IT and internal process failures.
Bringing AI into cybersecurity seems like a no-brainer, especially considering how many data breaches happen as the result of human error. Here are a few ways AI is positively impacting some of the industries that are the most susceptible to cyber-attacks and data breaches.
Finance and banking
If you have ever tried to buy something with your debit card only to have it declined because your bank put a hold on your account, you can probably thank AI. Banks and financial institutions utilize AI to monitor consumer spending and flag an account if the account holder makes a purchase that varies from their normal behavior.
Machines are smarter than humans in this way; they can identify patterns of behavior and flag suspicious activity. So, for example, if you live in Los Angeles and your credit card is used in Japan, it will automatically get flagged and send you and your banking institution an alert. If you’re traveling, you will need to call and verify your travel plans with your banking institution. If you’re still settled at home in Los Angeles, not Japan, then you will have just been protected from credit card fraud, which is the most prominent form of identity theft and the most significant risk facing financial institutions.
The above example is a machine learning technique, and it’s one of many that hackers have become more adept at circumventing. That’s why a lot of financial institutions are investing in AI as well as machine learning to prevent cyber-attacks. Visa, for instance, has spent around $500 million since 2014 on AI and data infrastructure projects.
If that seems like a lot of money, consider this. The credit card company claims that one of its machine learning programs has prevented $25 billion in fraud. Further, they believe that AI that utilizes deep learning will be able to have an even more significant impact by using advanced algorithms to track and monitor consumer spending behavior.
Another way that banks utilize AI technology is with loan applications. The AI advisory company Emerj did a study that found that 15 percent of venture funding that AI vendors raised in the banking industry is dedicated to lending solutions. An AI can quickly scan loan applications to verify information, check for creditworthiness, and identify potentially fraudulent applications. This gives loan officers more time to speak with their legitimate customers instead of spending all their time reviewing loan applications for authenticity approval.
In recent years, healthcare has moved online as doctors, and healthcare providers have pushed to digitize healthcare records. We’ll talk more about how AI is impacting our medical treatment later. Right now, I’d like to talk about how AI is preventing identity theft and fraud by restricting access to patient records.
If you think that nobody cares about your health and medical records, think again. Some experts estimate that medical records can sell for up to 10 times more money than credit card information on the black market.
In particular, hackers are able to sell names, birthdates, diagnosis codes, billing information, and policy numbers. People can buy this data and use it to create fake identification that they can then use to purchase either drugs or medical equipment that they can re-sell at a premium. Additionally, hackers have used medical data to create false insurance claims, cashing in by combining a real patient number with a fake provider number.
Unlike credit card fraud, which you will notice as soon as you check your statement, medical fraud can go on for months or even years before a patient or provider catch on. This gives hackers a lot of time to use your information to make money that, in many cases, they will never have to pay back.
Hackers have been able to get away with this type of activity for a while because the medical industry has been slow to adopt new technologies and improve its security measures. After all, when it comes down to budgeting, many hospitals are more likely to spend their money buying equipment that can help save lives than they are to invest in encryption software.
The time has come, though, for the healthcare industry to catch up with the rest of the world. AI is an essential tool that many healthcare providers are using to catch fraudulent attempts to gain access and prevent exposing their patients’ healthcare records to the wrong hands.
As with catching fraudulent credit card and banking actions, AI can also detect fraudulent healthcare record access along with payments and reimbursements. If someone gains access to thousands of healthcare records in a span of minutes, the AI will pick up on that behavior much quicker than a human could.
Preventing patient identification fraud is important and necessary for several reasons. First, the hackers end up costing the entire healthcare industry a lot of money. Often, the added costs that hospitals and insurance companies endure end up being passed down to customers in the form of higher prices for services and premiums. Secondly, patients should never have to deal with surprise bills in their names that end up going to collection agencies and dramatically impacting their credit score and personal finances.
Finally, data breaches in healthcare violate patient trust. When patients don’t trust that their personal medical information will be kept private and secure, they become reluctant to offer it. This can lead patients to not seek medical care at all, which can result in serious health problems, or to withhold important information that could otherwise help doctors give them a proper diagnosis and treatment plan.
John Hopkins hospital is an example of a healthcare organization utilizing AI to prevent fraud and protect patient data. After undergoing a thorough investigation, the hospital found that most healthcare data breaches do not come from outside hackers but, instead, from internal employees. These employees understand just how valuable the information they have at their fingertips is, and they used their credentials to gain access to patient information and sell it to the highest bidder.
Generally, these employees are those who have access to patients’ electronic health records (EHR). This includes a lot of people, to say the least. The whole goal of EHR is to make patient records available to anyone who needs them, such as clinician staff, nurses, and doctors.
Finding ways to combat fraud inside a system that is designed for large groups to access presented a challenge. First, John Hopkins researchers had to figure out the root causes underlying security challenges facing large healthcare organizations. These include the following:
Not performing comprehensive HIPAA review
Many organizations, including Johns Hopkins, are so busy checking boxes to ensure they are meeting HIPAA standards that they don’t take the time to do a comprehensive review of flagged records. Without in-depth reviews, organizations don’t have any way of proactively searching for data breaches. They are left to sit and wait to be notified of suspicious activity rather than finding ways to mitigate it and stop hackers before they are able to gain access to personal data.
Overworking and undertraining security officers
The human workforce is often overworked and undertrained when it comes to security, especially when there is a machine option. The security processes required to protect patient data are time-consuming and labor-intensive. Instead of following up on red flags, many security and privacy officers are spending all of their time sifting through data and reacting to breaches.
Healthcare organizations are right to be concerned about the growing number of people in their workforce who can access EHR. Yet, by avoiding implementing new security measures or restricting access, they aren’t doing anything to solve the root problem. Security and privacy measures need to advance within the healthcare systems as they rapidly grow.
Working with antiquated systems
The healthcare industry isn’t historically known for its ability to adopt new technology. Many healthcare organizations are working with antiquated systems that are simply not set up for new security technologies. This is especially true in lower-income areas. Once again, healthcare leaders are faced with the dilemma of using their budget to get new equipment or hire more staff versus investing in new technologies and software.
Fortunately, as you probably have guessed, AI technology is here to provide a solution that can help all healthcare organizations keep their patients’ data protected and prevent fraudulent attacks.
While implementing new technology will always come with an upfront cost, Johns Hopkins found that applying AI saved them valuable time and money in the long run. For example, traditionally, their security team would spend 75 minutes (on average) investigating one security issue. That time is brought down to just five minutes with their new AI technology. This frees up a significant amount of time to allow human security officers to investigate flagged security issues.
They also noticed their false-positive rates dropping from 83 percent all the way down to three percent, which indicates that nearly every notification that they had previously received was an actual data breach.
When healthcare organizations put their money into artificial intelligence, they will end up saving an incredible amount of time while lowering costs for their business and their patients.
The sheer amount of personal information that consumers have to give insurance companies (name, address, phone number, banking information, demographic information, etc.) makes it a prime target for cyber-attacks.
Additionally, some people will not be completely honest on their applications, hoping that the insurance companies won’t catch their discrepancies and they’ll end up with a better rate. One in 10 Americans has admitted to providing false information or leaving out relevant data when they apply for car insurance in an effort to get lower insurance premiums. Sometimes they’re caught. Often, though overworked insurance agencies let these fraudulent applications fall through the cracks, and people end up with a better rate than they should be entitled to. This amounts to stealing and eventually leads to higher insurance premiums for honest customers.
Individuals may also make false claims in order to collect an insurance payout. These false claims can range from an individual claiming a higher amount for a vehicle repair to get a few hundred extra bucks to staging accidents or faking injuries.
In all, fraudulent insurance claims cost around $80 billion in the United States every year. That accounts for 10 percent of all claims paid out by insurers over the course of a year.
Sorting out facts from fiction is time-consuming for insurance providers, and it has historically been done manually. AI’s ability to analyze large amounts of data quickly to identify patterns can help insurance companies flag suspicious activity and claims.
AI for insurance mitigates the insurance company’s risk by assessing applications (similar to financial institutions) to check for authenticity and identify any areas of fraud. Additionally, AI can protect customer data and shut down any fraudulent attempts to gain access to data.
The insurance industry has been relatively quick to accept and adopt new technologies that can help them with fraud prevention. An estimated 95 percent of all insurance companies are now using some form of anti-fraud technology.
One prominent example of an insurance company using AI to improve its processes is Allstate. This national insurance provider is fighting insurance fraud by combining human analysts with AI and machine learning tools.
In an interview with PYMNTS, Allstate’s Vice President of Data Science Greg Firestone revealed that the insurance company does not see AI as a way to replace their human workforce but rather as an essential tool that can help their employees stay on top of insurance fraud trends. As a large insurance provider that receives thousands of claims a day, it’s easy for fraudulent claims to get passed over by human workers. AI can flag suspicious-looking claims, giving more time to humans to review suspicious claims instead of analyzing each one separately.
As we’ve talked about already, AI can only take action based on whatever a human has input into it. So, when an AI encounters a new fraud method, it does not know what to do exactly. That’s when Allstate’s human-powered Special Investigative Unit (SIU) steps in to investigate further and develop a process for handling the new form of fraud.
By staying on top of existing fraud methods using AI and developing a plan for handling new methods as fraudsters become more innovative, Allstate will be prepared for whatever new challenges they face.