AI healthcare concepts.
getty
Healthcare exists at the confluence of significant trust and heightened cyber vulnerability. Patient records, medical equipment, diagnostic systems, and associated networks contain very sensitive personal information; unfortunately, advanced hackers are targeting them.
The sector’s digital development has outpaced its security measures. The integration of AI, IoT medical devices, cloud migration, and legacy systems has resulted in a vast attack surface that attackers are exploiting with notable efficiency.
The Magnitude of the Threat: Disturbing Statistics
Recent data highlights the immediacy. The IBM Cost of a Data Breach Report 2025 indicates that the average cost of a healthcare data breach in the U.S. has reached $7.42 million, marking the highest figure across all industries for the 14th or 15th straight year, despite fluctuations from previous peaks of approximately $9 to $9.77 million. Healthcare breaches require an extended duration for identification and containment, averaging 279 days, which exceeds the global average by over a month. Refer to: https://www.bakerdonelson.com/webfiles/Publications/20250822_Cost-of-a-Data-Breach-Report-2025.pdf
In 2025, the FBI identified healthcare and public health as the primary industry vulnerable to cyber threats, recording 460 ransomware attacks and 182 data breaches, amounting to a total of 642 incidents. Healthcare constituted approximately 17% of all ransomware incidents across various sectors, with 67% of companies affected and 77% targeted in the previous year, according to certain studies.
Refer to: FBI: Healthcare was the primary target for ransomware and other cyber threats in 2025 | AHA News https://www.aha.org/news/headline/2026-04-10-fbi-health-care-was-top-target-ransomware-other-cyberthreats-2025
Significant breaches persist at an elevated frequency: hundreds are reported annually to HHS OCR, with previous instances demonstrating substantial effects, such as the Change Healthcare incident impacting about 190 to 192.7 million individuals.
Ransomware continues to be a favored tactic as healthcare institutions frequently prioritize the continuity of patient care and may experience pressure to comply with payment demands. The expenses of recovery, interruptions in operations, and dangers to patient safety exacerbate the harm. Insiders, whether malicious or careless, are responsible for over 70% of breaches, according to various assessments, while external actors exploit unpatched vulnerabilities—reportedly increasing over 180% year-over-year—along with phishing and supply chain vulnerabilities.
digital transformation. AI data. innovations and technology.
getty
Artificial Intelligence and Emerging Technologies: Double-Edged Swords
Artificial intelligence is positively revolutionizing healthcare by expediting drug discovery, facilitating predictive analytics for individualized care, enhancing diagnostics, and aiding remote monitoring through Internet of Things devices. In my recent Forbes piece regarding the influence of AI, I highlighted its potential in domains such as protein structure prediction and operational efficiencies.
Nonetheless, these technologies also enable attackers. Generative AI enhances phishing and social engineering through very persuasive deepfakes and customized tactics.
Automated instruments swiftly examine networks for weaknesses. AI-driven assaults incur higher remediation costs, while “shadow AI” (unauthorized internal usage) contributes an average of hundreds of thousands to breach expenses. Adversaries utilize AI for data poisoning, zero-day exploits, and expedited reconnaissance.
The proliferation of IoT and medical devices, frequently characterized by inadequate security, alongside cloud and edge assets and integrated operational and information technology systems, amplifies vulnerabilities. Numerous devices, such as infusion pumps and monitoring, transmit wirelessly, hence generating chances for remote exploitation.
Supply chain assaults and breaches involving third-party vendors, which account for a substantial share of claims, pose additional risks to the ecosystem. 5G and edge computing exponentially increase the number of endpoints.
Quantum Computing Concept.
getty
The Imminent Quantum Threat:
In the future, quantum computing presents a significant long-term threat. It poses a risk to existing encryption standards (such as RSA and ECC) employed to safeguard patient records and medical data through algorithms like Shor’s. Attackers may utilize “harvest now, decrypt later” tactics, acquiring encrypted data presently for subsequent decoding. The healthcare sector must commence preparations for post-quantum cryptography to protect sensitive information.
The healthcare sector’s distinctive role as vital infrastructure—85% privately managed yet crucial for public health—heightens the risks. Disruptions not only jeopardize data but can postpone treatments, undermine devices, and diminish trust. A cyberattack against healthcare constitutes an assault on susceptible individuals.
Pathways Forward: Resilience, Collaboration, and Security by Design
The resolution resides in perceiving cybersecurity as essential to patient safety and clinical operations, rather than a segregated IT role. Essential recommendations derived from my analyses encompass:
• Implement Security by Design and Zero Trust: Integrate resilience into systems from inception, utilizing network segmentation (particularly IT/OT), robust identity management, multi-factor authentication, encryption, and routine patching. Mitigate old vulnerabilities.
• Utilize AI Defensively: Employ AI/ML for real-time anomaly detection, threat hunting, automated responses, and predictive analytics—while regulating “shadow AI” and assuring ethical utilization. Achieve equilibrium between offensive and defensive strategies.
Enhance Governance and Risk Management: Transition from mere compliance checklists (HIPAA, NIST advice) to ongoing corporate risk management, vendor supervision, and validated incident response protocols. Boards must engage, as breaches affect reputation, finances, and lives.
• Invest in Personnel and Cooperation: Mitigate worker deficiencies via training and cybersecurity practices. Encourage public-private collaborations, facilitate information exchange (e.g., through Health-ISAC), and promote international collaboration. Patients merit transparency and assistance following a violation.
• Emphasize resilience and preparedness for emerging technologies: Prepare for AI-enhanced attacks, supply chain vulnerabilities, and quantum advancements using flexible frameworks, redundancies, and simulations. In Inside Cyber, I emphasize the necessity for flexible, integrated cyber operations in the Fourth Industrial Era.
The data is unequivocal: Healthcare continues to be the most targeted and expensive sector for breaches, with AI amplifying both innovation and risks. The era of incremental change has concluded, as I have contended across various venues. Cybersecurity should be regarded as a strategic necessity directly linked to mission execution and human welfare.
By emphasizing proactive defense, ethical technology implementation, and collaborative efforts, the industry may enhance patient protection and establish a more secure digital health ecosystem. The well-being of our society is fundamentally reliant on it.