Debate research

AI

Artificial Intelligence is the ability of a computer program to learn

and think. Everything can be considered Artificial intelligence if it
involves a program doing something that we would normally think
would rely on the intelligence of a human.

While every data breach is a little different, they usually have one
common denominator — an element of human error.

In fact, one recent report from the risk management firm Kroll
claims that up to 90 percent of all data breaches reported to the UK’s
Information Commissioner’s Office (ICO) from 2017 to 2018 were
the result of human error, not deliberate cybercriminals. Another
report from the Ponemon Institute found that 51 percent of data
breaches were caused by cyber-attacks, 25 percent came from
negligent employees, and 24 percent were caused by glitches,
including IT and internal process failures.

Bringing AI into cybersecurity seems like a no-brainer, especially

considering how many data breaches happen as the result of human
error. Here are a few ways AI is positively impacting some of the
industries that are the most susceptible to cyber-attacks and data
breaches.

Finance and banking

If you have ever tried to buy something with your debit card only to
have it declined because your bank put a hold on your account, you
can probably thank AI. Banks and financial institutions utilize AI to
monitor consumer spending and flag an account if the account
holder makes a purchase that varies from their normal behavior.

Machines are smarter than humans in this way; they can identify
patterns of behavior and flag suspicious activity. So, for example, if
you live in Los Angeles and your credit card is used in Japan, it will
automatically get flagged and send you and your banking institution
an alert. If you’re traveling, you will need to call and verify your
travel plans with your banking institution. If you’re still settled at
home in Los Angeles, not Japan, then you will have just been
protected from credit card fraud, which is the most prominent form
of identity theft and the most significant risk facing financial
institutions.

The above example is a machine learning technique, and it’s one of

many that hackers have become more adept at circumventing. That’s
why a lot of financial institutions are investing in AI as well as
machine learning to prevent cyber-attacks. Visa, for instance, has
spent around $500 million since 2014 on AI and data infrastructure
projects.

If that seems like a lot of money, consider this. The credit card
company claims that one of its machine learning programs has
prevented $25 billion in fraud. Further, they believe that AI that
utilizes deep learning will be able to have an even more significant
impact by using advanced algorithms to track and monitor
consumer spending behavior.
Another way that banks utilize AI technology is with loan
applications. The AI advisory company Emerj did a study that found
that 15 percent of venture funding that AI vendors raised in the
banking industry is dedicated to lending solutions. An AI can quickly
scan loan applications to verify information, check for
creditworthiness, and identify potentially fraudulent applications.
This gives loan officers more time to speak with their legitimate
customers instead of spending all their time reviewing loan
applications for authenticity approval.

Healthcare

In recent years, healthcare has moved online as doctors, and

healthcare providers have pushed to digitize healthcare records.
We’ll talk more about how AI is impacting our medical treatment
later. Right now, I’d like to talk about how AI is preventing identity
theft and fraud by restricting access to patient records.

If you think that nobody cares about your health and medical
records, think again. Some experts estimate that medical records
can sell for up to 10 times more money than credit card information
on the black market.

In particular, hackers are able to sell names, birthdates, diagnosis

codes, billing information, and policy numbers. People can buy this
data and use it to create fake identification that they can then use to
purchase either drugs or medical equipment that they can re-sell at a
premium. Additionally, hackers have used medical data to create
false insurance claims, cashing in by combining a real patient
number with a fake provider number.

Unlike credit card fraud, which you will notice as soon as you check
your statement, medical fraud can go on for months or even years
before a patient or provider catch on. This gives hackers a lot of time
to use your information to make money that, in many cases, they
will never have to pay back.

Hackers have been able to get away with this type of activity for a
while because the medical industry has been slow to adopt new
technologies and improve its security measures. After all, when it
comes down to budgeting, many hospitals are more likely to spend
their money buying equipment that can help save lives than they are
to invest in encryption software.

The time has come, though, for the healthcare industry to catch up
with the rest of the world. AI is an essential tool that many
healthcare providers are using to catch fraudulent attempts to gain
access and prevent exposing their patients’ healthcare records to the
wrong hands.

As with catching fraudulent credit card and banking actions, AI can

also detect fraudulent healthcare record access along with payments
and reimbursements. If someone gains access to thousands of
healthcare records in a span of minutes, the AI will pick up on that
behavior much quicker than a human could.
Preventing patient identification fraud is important and necessary
for several reasons. First, the hackers end up costing the entire
healthcare industry a lot of money. Often, the added costs that
hospitals and insurance companies endure end up being passed
down to customers in the form of higher prices for services and
premiums. Secondly, patients should never have to deal with
surprise bills in their names that end up going to collection agencies
and dramatically impacting their credit score and personal finances.

Finally, data breaches in healthcare violate patient trust. When

patients don’t trust that their personal medical information will be
kept private and secure, they become reluctant to offer it. This can
lead patients to not seek medical care at all, which can result in
serious health problems, or to withhold important information that
could otherwise help doctors give them a proper diagnosis and
treatment plan.

John Hopkins hospital is an example of a healthcare organization

utilizing AI to prevent fraud and protect patient data. After
undergoing a thorough investigation, the hospital found that most
healthcare data breaches do not come from outside hackers but,
instead, from internal employees. These employees understand just
how valuable the information they have at their fingertips is, and
they used their credentials to gain access to patient information and
sell it to the highest bidder.

Generally, these employees are those who have access to patients’

electronic health records (EHR). This includes a lot of people, to say
the least. The whole goal of EHR is to make patient records available
to anyone who needs them, such as clinician staff, nurses, and
doctors.

Finding ways to combat fraud inside a system that is designed for

large groups to access presented a challenge. First, John Hopkins
researchers had to figure out the root causes underlying security
challenges facing large healthcare organizations. These include the
following:

Not performing comprehensive HIPAA review

Many organizations, including Johns Hopkins, are so busy checking

boxes to ensure they are meeting HIPAA standards that they don’t
take the time to do a comprehensive review of flagged records.
Without in-depth reviews, organizations don’t have any way of
proactively searching for data breaches. They are left to sit and wait
to be notified of suspicious activity rather than finding ways to
mitigate it and stop hackers before they are able to gain access to
personal data.

Overworking and undertraining security officers

The human workforce is often overworked and undertrained when it

comes to security, especially when there is a machine option. The
security processes required to protect patient data are time-
consuming and labor-intensive. Instead of following up on red flags,
many security and privacy officers are spending all of their time
sifting through data and reacting to breaches.
Access concerns

Healthcare organizations are right to be concerned about the

growing number of people in their workforce who can access EHR.
Yet, by avoiding implementing new security measures or restricting
access, they aren’t doing anything to solve the root problem. Security
and privacy measures need to advance within the healthcare systems
as they rapidly grow.

Working with antiquated systems

The healthcare industry isn’t historically known for its ability to

adopt new technology. Many healthcare organizations are working
with antiquated systems that are simply not set up for new security
technologies. This is especially true in lower-income areas. Once
again, healthcare leaders are faced with the dilemma of using their
budget to get new equipment or hire more staff versus investing in
new technologies and software.

Fortunately, as you probably have guessed, AI technology is here to

provide a solution that can help all healthcare organizations keep
their patients’ data protected and prevent fraudulent attacks.

While implementing new technology will always come with an

upfront cost, Johns Hopkins found that applying AI saved them
valuable time and money in the long run. For example, traditionally,
their security team would spend 75 minutes (on average)
investigating one security issue. That time is brought down to just
five minutes with their new AI technology. This frees up a significant
amount of time to allow human security officers to investigate
flagged security issues.

They also noticed their false-positive rates dropping from 83 percent

all the way down to three percent, which indicates that nearly every
notification that they had previously received was an actual data
breach.

When healthcare organizations put their money into artificial

intelligence, they will end up saving an incredible amount of time
while lowering costs for their business and their patients.

Insurance

The sheer amount of personal information that consumers have to

give insurance companies (name, address, phone number, banking
information, demographic information, etc.) makes it a prime target
for cyber-attacks.

Additionally, some people will not be completely honest on their

applications, hoping that the insurance companies won’t catch their
discrepancies and they’ll end up with a better rate. One in 10
Americans has admitted to providing false information or leaving
out relevant data when they apply for car insurance in an effort to
get lower insurance premiums. Sometimes they’re caught. Often,
though overworked insurance agencies let these fraudulent
applications fall through the cracks, and people end up with a better
rate than they should be entitled to. This amounts to stealing and
eventually leads to higher insurance premiums for honest
customers.

Individuals may also make false claims in order to collect an

insurance payout. These false claims can range from an individual
claiming a higher amount for a vehicle repair to get a few hundred
extra bucks to staging accidents or faking injuries.

In all, fraudulent insurance claims cost around $80 billion in the

United States every year. That accounts for 10 percent of all claims
paid out by insurers over the course of a year.

Sorting out facts from fiction is time-consuming for insurance

providers, and it has historically been done manually. AI’s ability to
analyze large amounts of data quickly to identify patterns can help
insurance companies flag suspicious activity and claims.

AI for insurance mitigates the insurance company’s risk by assessing

applications (similar to financial institutions) to check for
authenticity and identify any areas of fraud. Additionally, AI can
protect customer data and shut down any fraudulent attempts to
gain access to data.

The insurance industry has been relatively quick to accept and adopt
new technologies that can help them with fraud prevention. An
estimated 95 percent of all insurance companies are now using some
form of anti-fraud technology.
One prominent example of an insurance company using AI to
improve its processes is Allstate. This national insurance provider is
fighting insurance fraud by combining human analysts with AI and
machine learning tools.

In an interview with PYMNTS, Allstate’s Vice President of Data

Science Greg Firestone revealed that the insurance company does
not see AI as a way to replace their human workforce but rather as
an essential tool that can help their employees stay on top of
insurance fraud trends. As a large insurance provider that receives
thousands of claims a day, it’s easy for fraudulent claims to get
passed over by human workers. AI can flag suspicious-looking
claims, giving more time to humans to review suspicious claims
instead of analyzing each one separately.

As we’ve talked about already, AI can only take action based on

whatever a human has input into it. So, when an AI encounters a
new fraud method, it does not know what to do exactly. That’s when
Allstate’s human-powered Special Investigative Unit (SIU) steps in
to investigate further and develop a process for handling the new
form of fraud.

By staying on top of existing fraud methods using AI and developing

a plan for handling new methods as fraudsters become more
innovative, Allstate will be prepared for whatever new challenges
they face.