Nursing Informatics | What Are Cyber Threats and Vulnerabilities? | Common Cyber Threats in Healthcare | Systemic Vulnerabilities in Healthcare Settings | Impact of Cyber Threats on Nursing Practice | Role of Nurse Informaticists in Addressing Cyber Threats| Preventive Measures for Nurses and Health Facilities | Preventive Measures for Nurses and Health Facilities |

 

What Are Cyber Threats and Vulnerabilities?

In today’s digital age—especially in fields like healthcare, finance, education, and communication—understanding cyber threats and vulnerabilities is essential. These terms are often used in discussions related to cybersecurity and information protection. In simple terms, they refer to the risks and weaknesses in digital systems that could lead to unauthorized access, data loss, or system disruption.

---

🔐 Definition of Cyber Threats

Cyber threats are any potential malicious attempts that aim to damage, steal, disrupt, or gain unauthorized access to digital systems, data, or networks.

Cyber threats can come from:

• Hackers (individuals or groups)

• Malicious insiders

• Organized cybercriminals

• Nation-state actors

• Automated bots or malicious software (malware)

These threats can compromise sensitive data, shut down critical systems, and lead to major financial, legal, and reputational damage.

---

⚠️ Definition of Vulnerabilities

Vulnerabilities are the weaknesses or flaws in hardware, software, procedures, or human behavior that can be exploited by cyber threats to carry out attacks.

Examples include:

• Outdated software or unpatched systems

• Weak or reused passwords

• Poor user access controls

• Lack of encryption

• Human error or lack of training

A cyber threat becomes a real danger when it successfully exploits a vulnerability.

---

🧠 Types of Cyber Threats

1. Malware (Malicious Software):

   • Includes viruses, worms, trojans, spyware, and ransomware.

   • Can damage systems, spy on users, or encrypt files until a ransom is paid.

2. Phishing:

   • Deceptive emails or websites trick users into revealing personal information like login credentials or financial details.

3. Ransomware:

   • Encrypts user data and demands payment to unlock it.

   • A growing concern in healthcare, education, and government sectors.

4. Man-in-the-Middle (MitM) Attacks:

   • Hackers secretly intercept communication between two parties.

5. Denial of Service (DoS) & Distributed DoS (DDoS):

   • Overload systems or websites with traffic, making them unavailable to users.

6. SQL Injection & Code Exploits:

   • Attackers insert malicious code into vulnerable software or websites.

7. Insider Threats:

   • Employees or contractors who misuse access, whether intentionally or by accident.

8. Zero-Day Exploits:

   • Attacks that occur before the software vendor is aware of a vulnerability or has issued a fix.

---

🧱 Types of Vulnerabilities

1. Software Vulnerabilities:

   • Bugs or design flaws in programs and operating systems.

   • Example: A hospital using outdated EHR software.

2. Hardware Vulnerabilities:

   • Security flaws in physical devices or components.

   • Example: Unsecured Wi-Fi routers or medical equipment.

3. Network Vulnerabilities:

   • Poorly configured firewalls or open ports can be gateways for intrusions.

4. Configuration Vulnerabilities:

   • Improperly set permissions or default passwords.

5. User-Related Vulnerabilities (Human Factors):

   • Lack of awareness, phishing susceptibility, or unintentional data sharing.

---

🔍 Relationship Between Threats and Vulnerabilities

Think of it like this:

• A threat is like a burglar.

• A vulnerability is an open window.

• If the burglar enters through the open window and steals something—that’s a cyberattack.

---

🏥 Why This Matters in Healthcare and Nursing Informatics

• Patient Safety: Cyberattacks can delay treatment, affect monitoring devices, or lead to medication errors.

• Confidentiality: Patient data (e.g., Electronic Health Records) must be kept private under laws like HIPAA.

• Legal Implications: Organizations are legally bound to protect patient information and ensure system integrity.

• Trust: Patients expect their data and identity to be secure in a medical environment.

Common Cyber Threats in Healthcare :

In the digital age, healthcare institutions rely heavily on interconnected systems, electronic health records (EHRs), and network-enabled medical devices. While these innovations enhance care delivery, they also expose healthcare systems to various cyber threats. Understanding these threats is essential for all healthcare professionals, especially nurse informaticists, who play a crucial role in protecting sensitive patient data.

---

a. Phishing Attacks

Definition:

Phishing involves deceptive emails, messages, or websites that trick healthcare professionals into sharing login credentials, clicking malicious links, or downloading harmful software.

Healthcare Context:

• Nurses and administrative staff are especially vulnerable as they frequently communicate via email and may not have formal IT security training.

• Phishing emails often impersonate hospital leadership, IT departments, or vendors.

• Some attacks include urgent messages like "Update Your Password" or "Patient Report Error" to prompt immediate action.

Impact:

• Compromised accounts can lead to unauthorized system access.

• Downloaded malware may infect entire networks.

• Patient data can be stolen or sold on the dark web.

Prevention:

• Verify email sources.

• Never click suspicious links or attachments.

• Use email filters and multifactor authentication (MFA).

---

b. Ransomware

Definition:
Ransomware is malicious software that locks or encrypts hospital data, demanding a ransom payment (often in cryptocurrency) for its release.

Healthcare Context:

• Critical systems such as EHRs, diagnostic tools, and appointment systems may become inaccessible.

• Attackers often target smaller clinics and hospitals with less robust cybersecurity infrastructure.

Impact:

• Disruption of patient care services.

• Ambulances may be redirected, surgeries canceled, and appointments delayed.

• Permanent data loss if backups are compromised.

Prevention:

• Regularly back up data and store it offline.

• Update antivirus and antimalware tools.

• Educate staff on suspicious email and software behavior.

---

c. Data Breaches

Definition:
Data breaches occur when unauthorized individuals access sensitive information, including patient health records, billing data, and personal identifiers.

Healthcare Context:

• Often the result of weak passwords, outdated systems, or lost devices.

• Can be external (hacking) or internal (employee misuse).

Impact:

• Violation of patient privacy.

• Legal consequences under HIPAA, GDPR, or other regulatory frameworks.

• Damage to reputation and trust.

Prevention:

• Encrypt sensitive data.

• Implement strong authentication and access controls.

• Conduct regular audits and vulnerability assessments.

---

d. Insider Threats

Definition:
An insider threat refers to a current or former employee, contractor, or vendor who misuses their authorized access to compromise data or systems.

Healthcare Context:

• May include unauthorized viewing of patient records or sharing sensitive data.

• Threats can be intentional (e.g., data theft) or unintentional (e.g., sharing passwords, leaving systems unlocked).

Impact:

• Breach of confidentiality and ethics.

• Regulatory penalties.

• Strained team dynamics and staff trust.

Prevention:

• Restrict access to only necessary information (least privilege principle).

• Monitor user activity and conduct background checks.

• Provide ongoing training on data handling and ethical standards.

---

e. Distributed Denial of Service (DDoS) Attacks

Definition:
A DDoS attack overwhelms a hospital’s network or servers with excessive traffic, rendering systems unavailable to legitimate users.

Healthcare Context:

• Can paralyze websites, EHRs, telemedicine platforms, and emergency alert systems.

• Often used as a distraction while another attack, like ransomware, is launched.

Impact:

• Delayed diagnosis and treatment.

• Emergency services and communication disruptions.

• Financial losses due to system downtime.

Prevention:

• Use firewalls and intrusion detection systems (IDS).

• Partner with internet providers for DDoS mitigation services.

• Ensure system redundancies and incident response plans are in place.

---

f. Social Engineering

Definition:
Social engineering exploits human psychology rather than technical vulnerabilities to gain unauthorized access to systems or data.

Healthcare Context:

• Attackers may pose as IT technicians, vendors, or even patients to deceive staff into revealing credentials or granting access.

• Common tactics include phone calls, physical infiltration, or impersonation.

Impact:

• Direct system breaches and data theft.

• Trust erosion within teams.

• Increased vulnerability to future attacks.

Prevention:

• Conduct regular staff awareness training.

• Establish and enforce identity verification procedures.

• Encourage a culture of security vigilance among nurses and clinical staff.

Systemic Vulnerabilities in Healthcare Settings :

In today’s digital healthcare environment, while technology enhances efficiency and patient care, it also introduces various points of weakness. These systemic vulnerabilities are often overlooked or underestimated, making healthcare institutions attractive targets for cyber threats. Nurses, especially nurse informaticists, play a critical role in identifying and mitigating these risks.

---

a. Legacy Systems

Definition:
Legacy systems refer to outdated software or hardware still in use because replacing or upgrading them is costly, complex, or disruptive.

Risks:

• These systems often lack support from vendors, including essential security updates and patches.

• They may not be compatible with modern encryption methods or authentication protocols.

• Attackers can easily exploit known vulnerabilities in outdated platforms.

Example in Practice:
A hospital running an outdated version of Windows on its EHR terminals may be vulnerable to ransomware attacks like WannaCry, which targeted such systems globally.

---

b. Poor Access Controls

Definition:
Access controls are the mechanisms that determine who can view or use system resources. Poor controls include shared credentials, easily guessed passwords, or unrestricted access to sensitive data.

Risks:

• Unauthorized access to Electronic Health Records (EHRs).

• Increased chances of insider threats (malicious or accidental).

• Lack of traceability when multiple users share the same login.

Example in Practice:
Multiple nurses using a single login at a nursing station makes it difficult to audit who accessed or modified patient records, posing a legal and ethical risk.

---

c. Lack of Cybersecurity Training

Definition:
Cybersecurity training involves educating healthcare workers about common threats, secure practices, and organizational protocols.

Risks:

• Staff may fall for phishing emails, download malware, or use weak passwords.

• Limited understanding of data protection responsibilities under laws like HIPAA or GDPR.

• Nurses and receptionists are particularly at risk due to high patient interaction and document handling.

Example in Practice:
A nurse clicks on a fake email link that looks like a hospital HR notice, unknowingly compromising the entire network with malware.

---

d. Insecure Medical Devices

Definition:
Medical devices such as ventilators, IV pumps, and ECG monitors connected to the hospital network (IoMT – Internet of Medical Things) are often not designed with cybersecurity in mind.

Risks:

• These devices can be used as entry points for attackers.

• In worst-case scenarios, hackers can alter device functions, putting patient lives at risk.

• Many devices do not support encryption or modern security protocols.

Example in Practice:
A smart infusion pump lacking encryption is accessed by an attacker, altering medication dosage delivery remotely.

---

e. BYOD Policies (Bring Your Own Device)

Definition:
BYOD allows healthcare staff to use personal devices like smartphones or tablets for work-related tasks, such as accessing patient records or communicating with colleagues.

Risks:

• Personal devices may lack security software or regular updates.

• Lost or stolen devices can leak sensitive data if not protected by encryption or password protection.

• Unregulated use of messaging apps (e.g., WhatsApp) for patient discussions increases data privacy risks.

Example in Practice:
A nurse uses her unsecured personal phone to access lab results over public Wi-Fi, risking interception by hackers.

---

f. Social Engineering

Definition:
Social engineering is a psychological manipulation technique used to trick individuals into divulging confidential information or performing actions that compromise security.

Risks:

• Attackers impersonate IT staff, administrators, or even patients to gain access.

• Bypasses technical security by targeting human behavior.

• Nurses and front-desk staff are common targets due to their high interpersonal interaction.

Example in Practice:
A cybercriminal calls a nurse pretending to be from the hospital’s IT department and asks for login credentials to “fix” an issue remotely.

Impact of Cyber Threats on Nursing Practice :

Cybersecurity threats in healthcare are not just technical issues—they have real-world consequences that directly affect patient care, nurse performance, legal compliance, and emotional well-being. As nurses are often at the frontline of patient interaction, any disruption in healthcare technology can significantly hinder their ability to deliver timely, safe, and effective care.

---

1. Delayed Patient Care Due to Inaccessible Systems

Overview: When a cyberattack such as ransomware or a system outage occurs, it often renders Electronic Health Records (EHRs) and other clinical systems inaccessible. This creates a domino effect, slowing down or even halting patient care processes.

Examples:

• Nurses may be unable to retrieve vital information such as medication history, allergy records, or lab results.

• Admission, discharge, and transfer processes become manual, increasing error risks.

• Diagnostic delays due to non-functional imaging systems or lab interfaces.

Impact:

• Increased patient wait times.

• Errors due to reliance on memory or handwritten notes.

• Reduced trust from patients and families.

---

2. Compromised Patient Safety

Overview: Real-time access to patient data is critical for nurses who must make prompt and accurate decisions. Cyberattacks that disrupt monitoring systems or data interfaces can compromise patient safety.

Scenarios:

• Disrupted access to real-time monitoring can prevent nurses from noticing vital sign changes.

• Medication administration systems might be down, leading to delayed doses or incorrect medications.

• Lack of access to clinical decision support tools can result in inappropriate interventions.

Impact:

• Increased risk of adverse drug events, infections, or worsening conditions.

• Critical interventions may be delayed or improperly executed.

• Safety protocols may be bypassed due to system inaccessibility.

---

3. Legal and Ethical Implications

Overview: Nurses are bound by professional codes of ethics and privacy laws such as HIPAA (USA) or GDPR (Europe). When a cyberattack compromises patient data, it can lead to legal consequences and ethical dilemmas.

Examples:

• Exposure of Protected Health Information (PHI) through data breaches.

• Unauthorized access or sharing of patient information due to system vulnerabilities.

• Nurses caught in legal disputes as their login credentials may have been misused.

Impact:

• Legal liabilities for the institution and individuals.

• Loss of nursing licensure in extreme cases.

• Ethical concerns about the inability to maintain confidentiality or fulfill duties.

---

4. Emotional Stress and Decreased Morale Among Nursing Staff

Overview: Cyber incidents can create an environment of confusion, frustration, and fear. Nurses, already under high pressure, may feel helpless when they are unable to provide optimal care due to technology failures.

Contributing Factors:

• Fear of making mistakes without proper system support.

• Anxiety over legal or disciplinary consequences.

• Frustration from reverting to manual documentation and processes.

Impact:

• Burnout and fatigue due to increased workload during downtime.

• Decreased job satisfaction and morale.

• Potential increase in staff turnover in environments with frequent or poorly handled cyber incidents.

Role of Nurse Informaticists in Addressing Cyber Threats:

In the evolving digital landscape of healthcare, nurse informaticists play a critical role in bridging the gap between clinical practice and information technology (IT). With the increasing reliance on electronic systems for storing, processing, and transmitting patient data, the potential for cyber threats has escalated. Nurse informaticists are uniquely positioned to protect healthcare data while ensuring that clinical workflows remain uninterrupted and effective.

---

1. Advocating for Secure System Design That Supports Nursing Workflows

Nurse informaticists understand both clinical needs and technological capabilities. They:

• Ensure that electronic health records (EHRs) and other digital platforms are designed with security features such as automatic logout, encryption, and access logs.

• Advocate for user-friendly interfaces that prevent human errors, which are common sources of security breaches.

• Collaborate with developers to ensure that security protocols do not hinder patient care (e.g., ensuring quick emergency access with appropriate tracking).

• Provide feedback on alerts, notifications, and security prompts that integrate well with the clinical environment.

By contributing to secure-by-design systems, nurse informaticists help minimize vulnerabilities without compromising workflow efficiency.

---

2. Participating in Risk Assessments and Identifying Clinical Vulnerabilities

Nurse informaticists actively participate in cyber risk assessments, which help identify areas where:

• Patient data may be at risk due to outdated software or weak policies.

• Clinical procedures may be vulnerable to data breaches (e.g., shared login credentials, unencrypted communication).

• Healthcare devices, such as smart IV pumps or wireless monitors, might lack proper security protocols.

Their clinical experience allows them to detect workflow gaps or habits (like writing down passwords) that IT personnel might overlook. This helps in designing effective mitigation strategies.

---

3. Training Clinical Staff to Recognize Phishing and Social Engineering Attempts

Human error is one of the most common causes of cybersecurity breaches. Nurse informaticists play an educational role by:

• Conducting workshops and awareness sessions on recognizing suspicious emails, fake websites, and phone scams.

• Providing practical examples of phishing attempts and how to respond to them.

• Educating staff about secure email practices, password management, and the risks of using unauthorized USB drives or apps.

• Teaching how to report incidents promptly and efficiently.

Their presence in clinical settings gives them the advantage of communicating in a relatable and accessible way, promoting a culture of security awareness.

---

4. Collaborating with IT to Implement Multi-Factor Authentication and Role-Based Access

To reduce unauthorized access, nurse informaticists collaborate with IT departments to:

• Develop and enforce role-based access control (RBAC): Ensuring staff members can only access the information necessary for their job roles.

• Promote multi-factor authentication (MFA) using passwords, biometrics, or one-time codes to add a second layer of protection.

• Identify situations where emergency override access might be needed and help create protocols to track and audit such use.

This ensures a balance between security and usability, especially in high-pressure clinical environments like ICUs or emergency departments.

---

5. Monitoring System Logs and Access Reports to Detect Unusual Activity

Nurse informaticists are increasingly involved in monitoring system activity to:

• Identify unauthorized access attempts or unusual login patterns.

• Spot data breaches early by tracking who accessed what information and when.

• Help correlate access records with clinical events to detect improper use (e.g., accessing patient data out of curiosity rather than need).

• Support compliance with data protection regulations such as HIPAA, GDPR, or HITECH.

By working with cybersecurity teams, they help develop alerts and dashboards for timely identification of potential threats.

Preventive Measures for Nurses and Health Facilities :

a. Use Strong Authentication

Overview
Strong authentication mechanisms are the first line of defense against unauthorized access to sensitive healthcare systems and patient data.

Key Strategies:

• Multi-Factor Authentication (MFA):
  

  Nurses and healthcare staff should be required to verify their identity using at least two different methods—e.g., a password plus a one-time code sent to a mobile device, or a biometric scan (fingerprint or facial recognition). MFA significantly reduces the risk of unauthorized access, even if passwords are compromised.

• Complex Passwords:
  Encourage the use of passwords that are at least 8–12 characters long, combining uppercase, lowercase, numbers, and symbols. Avoid common or easily guessable passwords.

• Frequent Password Changes:
  Implement policies that require users to change passwords every 60–90 days, and avoid reusing previous passwords.

• Avoid Shared Credentials:
  Each nurse and staff member should have a unique login to ensure accountability and traceability.

---

b. Routine Updates and Patches

Overview
Outdated software and systems are prime targets for cybercriminals, as they often contain known vulnerabilities.

Key Strategies:

• System Updates:
  Regularly update operating systems (OS), software applications, and medical device firmware to the latest versions.

• Patch Management:
  Apply security patches and hotfixes released by vendors as soon as they are available. Delaying patches exposes the organization to threats.

• Automated Update Systems:
  Where possible, enable automatic updates to reduce human oversight errors.

• Inventory of IT Assets:
  Maintain an up-to-date list of all devices and systems that require regular updates.

---

c. Regular Training and Simulations

Overview
Human error is a significant contributor to cybersecurity incidents. Training nurses and staff on best practices is essential.

Key Strategies:

• Cyber Hygiene Training:
  Provide annual or biannual training sessions on topics like password safety, recognizing phishing emails, and secure device use.

• Phishing Simulations:
  Conduct mock phishing email campaigns to test staff responses and raise awareness in a safe environment.

• Emergency Protocol Education:
  Train staff on what to do if a cybersecurity event occurs—e.g., whom to contact, how to secure systems, and what steps to follow.

• Policy Familiarization:
  Ensure staff are familiar with institutional policies regarding data privacy, acceptable use, and incident reporting.

---

d. Data Encryption

Overview
Encryption protects data by making it unreadable to unauthorized users. It is a critical step in maintaining the confidentiality of patient information.

Key Strategies:

• Encryption in Transit:
  Use secure communication protocols like HTTPS, SSL/TLS, and VPNs to protect data while it’s being transmitted across networks.

• Encryption at Rest:
  Encrypt stored data on servers, databases, and backup systems, ensuring it remains protected even if physical devices are stolen.

• Device-Level Encryption:
  Ensure that all laptops, tablets, and mobile phones used in healthcare settings have built-in encryption enabled.

• Access Controls:
  Combine encryption with access restrictions to ensure only authorized users can decrypt and view patient information.

---

e. Secure Backup Systems

Overview
Backup systems are essential to restore operations quickly and minimize downtime in the event of data loss or a ransomware attack.

Key Strategies:

• Regular Backups:
  Perform daily or weekly backups of critical patient records, software configurations, and operational data.

• Offline and Cloud Storage:
  Store backups in secure, redundant locations—both offline (e.g., external hard drives) and online (e.g., encrypted cloud platforms).

• Backup Integrity Testing:
  Routinely test backup systems to ensure that the data can be successfully restored and that backups aren’t corrupted or outdated.

• Ransomware Resilience:
  Design backups in a way that isolates them from the primary network so they aren’t encrypted or compromised during a ransomware attack.

Legal and Regulatory Considerations :

• HIPAA (U.S.): Sets standards for protecting electronic PHI.

• GDPR (EU): Enforces strict consent and protection measures for personal data.

• HITECH Act: Promotes secure EHR systems with financial penalties for breaches.

REFERENCE AND CREDIT:👇

https://www.journalofnursingregulation.com/article/S2155-8256%2820%2930014-4/fulltext

https://www.cisa.gov/topics/cybersecurity-best-practices/healthcare

https://psnet.ahrq.gov/perspective/cybersecurity-and-how-maintain-patient-safety

https://www.cisa.gov/resources-tools/resources/mitigation-guide-healthcare-and-public-health-hph-sector

https://www.healthit.gov/sites/default/files/Top_10_Tips_for_Cybersecurity.pdf

https://cnicollege.edu/blog/nursing/nurses-combat-cyber-threats-in-healthcare/

https://www.myamericannurse.com/cybersecurity-awareness/

NOTE :👇

This BLOG does not serve as a substitute for professional medical, legal, or technological advice. Readers are encouraged to consult with healthcare professionals, nursing informatics specialists, legal advisors, local policies or IT experts before implementing any concepts, strategies, or recommendations discussed in the text.

---

Comprehensive Blood Report Analyzer

Patient Information

Full Name:

Age:

Sex: Male Female

Patient ID:

Complete Blood Count (CBC)

Hemoglobin (g/dL):

WBC (cells/μL):

RBC (million/μL):

Platelets (×10³/μL):

Hematocrit (%):

MCV (fL):

Liver Function Tests

SGPT/ALT (U/L):

SGOT/AST (U/L):

ALP (U/L):

Total Bilirubin (mg/dL):

Kidney Function & Electrolytes

Serum Creatinine (mg/dL):

Blood Urea (mg/dL):

Sodium (mEq/L):

Potassium (mEq/L):

Lipid Profile

Total Cholesterol (mg/dL):

HDL (mg/dL):

LDL (mg/dL):

Triglycerides (mg/dL):

Other Tests

Fasting Glucose (mg/dL):

HbA1c (%):

TSH (μIU/mL):

Analysis Report

Complete Blood Count (CBC)

Parameter	Value	Status	Reference Range

Liver Function Tests

Parameter	Value	Status	Reference Range

Kidney Function & Electrolytes

Parameter	Value	Status	Reference Range

Lipid Profile

Parameter	Value	Status	Reference Range

Other Tests

Parameter	Value	Status	Reference Range

Clinical Interpretation

AI-Powered Clinical Decision Support BETA

Augmenting clinical decision-making with artificial intelligence

Patient Assessment

Chief Complaint

History of Present Illness

Past Medical History

Current Medications

Vital Signs

Physical Exam Findings

Laboratory Results

Imaging Findings

AI Analysis Results

Enter patient data and click "Analyze with AI" to generate differential diagnoses, risk assessments, and management recommendations.

The AI will analyze the clinical information and provide decision support based on current medical knowledge and guidelines.

Important Disclaimer

This AI clinical decision support system is intended for healthcare professional use only and is not a substitute for independent professional judgment.

Intended Use: This tool is designed to assist qualified healthcare providers in clinical decision-making by providing additional information to consider. It does not provide medical advice or make diagnoses.

Clinical Responsibility: The ultimate responsibility for patient care decisions remains with the treating healthcare professional. Users must exercise their own clinical judgment and verify all AI-generated recommendations against current guidelines and patient-specific factors.

Limitations: This system has important limitations:

• May not include all possible diagnoses or treatment options
• Recommendations are based on patterns in training data and may not reflect the most current evidence
• Performance depends on input data quality and completeness
• May not account for rare conditions or exceptional patient circumstances

Not for Emergencies: This tool is not designed for use in emergency situations. For urgent medical issues, follow standard emergency protocols.

Data Privacy: This demonstration tool processes data locally in your browser. In a clinical implementation, all patient data must be handled in compliance with HIPAA, GDPR, and other applicable privacy regulations.

Regulatory Status: This is a demonstration system and has not been cleared or approved by the FDA or other regulatory bodies for clinical use.

By using this system, you acknowledge that you are a qualified healthcare professional and understand these limitations.

ALWAYS VERIFY AI RECOMMENDATIONS WITH CLINICAL JUDGMENT AND CURRENT GUIDELINES.