Cybersecurity Enables Resilient, Distributed Healthcare Delivery
For IHS, cybersecurity strategy begins with ensuring clinicians can deliver care without disruption — even when systems are under stress.
Koshy emphasized that resilience is not just a technical goal but a clinical requirement. Systems must be designed so providers can continue their work seamlessly, even as IT teams respond to issues behind the scenes.
“If something unexpected happens on the IT side, the doctor does not have to modify his clinical practice,” he said. “To him, it’s almost transparent.”
Wilson added that the expansion of telehealth since the COVID-19 pandemic has significantly increased the complexity of IHS environments. Delivering both in-person and virtual care requires coordination across applications, data, networks and access controls — all of which must be continuously monitored.
“We don’t just deliver the technology — we deliver healthcare access,” Wilson said.
That mission is especially challenging given IHS’ distributed footprint, which includes facilities in remote areas where connectivity and resources may be limited. Ensuring consistent access to systems — and securing them — requires deep visibility into how users interact with data and services.
Koshy noted that real-time monitoring is also critical in IHS’ collaboration with external partners, including tribal organizations. In some cases, IHS can detect suspicious activity and alert partners before incidents escalate.
“Having that real-time visibility and the ability to act on it quickly has been not only beneficial to the Indian Health Service but also to our partners,” he said.
READ MORE: Indian Health Service establishes electronic records pilot.
AI Adoption Focuses on Augmentation, Not Replacement
As agencies explore artificial intelligence, IHS is taking a pragmatic approach centered on workforce support and mission alignment.
Koshy described AI as an additional tool for both security teams and clinicians, particularly in an environment where staffing constraints are common.
“It’s just another tool that we want you to learn to use,” he said.
On the security side, AI can help analysts process logs and prioritize threats more effectively. On the clinical side, IHS is exploring capabilities such as automated transcription for electronic health records, allowing physicians to focus more directly on patient interactions.
The technology can capture conversations and generate notes, but providers remain responsible for reviewing and approving all documentation.
Wilson cautioned that AI must be implemented thoughtfully, with an emphasis on user awareness and appropriate use. Without proper understanding, he said, tools can create confusion rather than clarity.
To support adoption, IHS is investing in training and communication to ensure staff understand both the benefits and risks of emerging technologies.
LEARN MORE: Here is how Native American tribes are using artificial intelligence.
Culture, Flexibility and Mission Focus Drive Security Strategy
Beyond tools, both speakers emphasized that culture and adaptability are essential to modern cybersecurity.
Koshy said IHS reinforces the idea that “cybersecurity is patient safety,” encouraging staff across the organization to see security practices as part of their role in delivering care. The agency supplements formal training with ongoing outreach, including newsletters and real-world examples, to keep awareness high.
Wilson highlighted the importance of continuing education and clear communication, particularly as threats evolve and technologies change.
For organizations looking to modernize their security posture, both leaders advised starting with mission priorities and building systems that can evolve over time.
“Whatever you’re putting in place now, five years from now your security is going to change,” Koshy said. “Trying to build in that flexibility as early as possible” is key.
