Breaking
SpaceX And xAI Power A $1.77 Trillion Bet On AI Infrastructure GTA 6 Preorder Watch: Official Xbox Accounts Just Sent A Major Signal Russians Unimpressed As Putin Claims His Missiles Missed On Purpose Why ‘Obsession’ Actors And Crew Were Allegedly ‘Underpaid,’ Despite Record Success America Doesn’t Work Without Immigrants—Here’s Why SpaceX IPO Is A $1.77 Trillion Bet On An Orbital Economy OpenAI Confirms Confidential IPO Filing, With Big Stakes for the AI Boom How The U.S. Response To Ebola Shows Failures On Lessons From COVID-19 Apple's New AI Models Are Built With Gemini but Designed for Privacy Cursor Hits $4 Billion Annualized Revenue Ahead Of SpaceX IPO Apple Didn't Announce Smartglasses. It Announced Something Better Robotaxis Will Hit London's Notoriously Unruly Roads This Year. Are They Ready for Chaos?
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Cybersecurity ↓ Negative

Growing AI Cybersecurity Challenges Facing The Healthcare Industry

Healthcare exists at the confluence of significant trust and heightened cyber vulnerability

Forbes 2 min read 7/10
Growing AI Cybersecurity Challenges Facing The Healthcare Industry
Key Takeaways
  • Reported healthcare data breaches in the U.S. rose 93% year-over-year in 2025, exposing 133 million patient records (HHS Breach Portal).
  • The average cost of a healthcare data breach reached $11.2 million in 2025, the highest of any industry (IBM/Ponemon Cost of a Data Breach Report).
  • Generative AI tools like ChatGPT are being used by attackers to create highly convincing phishing emails that bypass traditional security training, increasing click-through rates by 38% (KnowBe4 research).
  • Adversarial AI attacks on medical imaging algorithms can induce false positives or negatives in cancer screenings, posing direct patient safety risks (MITRE/HL7 study).
  • Only 43% of healthcare organizations have a dedicated AI security strategy, despite 72% reporting AI-related security incidents in the past year (HIMSS Cybersecurity Survey 2025).
HOOK: A single ransomware attack on a hospital can shut down life-saving equipment, and AI is making these threats faster and harder to detect. LEAD: The healthcare industry is facing a surge in AI-powered cyberattacks, with data from the U.S. Department of Health and Human Services showing a 93% increase in large breaches reported in 2025 compared to the previous year, compromising over 133 million patient records. This intersection of advanced technology and critical infrastructure has made hospitals and health systems prime targets for criminals exploiting AI for phishing, deepfakes, and automated exploits. CONTEXT: Healthcare has long been a lucrative target because medical records sell for up to $1,000 on the dark web—10 times the value of credit card numbers. But the integration of AI into electronic health records, diagnostic imaging, and telemedicine platforms has expanded the attack surface. The shift to cloud-based systems during the pandemic, combined with legacy equipment running outdated software, created a perfect storm. Meanwhile, attackers use generative AI to craft convincing phishing emails that mimic doctors or administrators, and deepfake audio to trick staff into authorizing fraudulent transfers. KEY DETAILS: Notable incidents include the 2024 Change Healthcare breach that disrupted pharmacies nationwide, affecting 100 million individuals, and the 2025 attack on a major children's hospital that forced doctors to divert emergency patients. The Ponemon Institute reports the average cost of a healthcare data breach now exceeds $11 million. AI-powered ransomware can encrypt thousands of files in seconds, while adversarial AI can manipulate medical imaging results to alter diagnoses. The FDA has warned of vulnerabilities in AI-enabled medical devices, from insulin pumps to CT scanners. ANALYSIS: Experts argue that healthcare organizations are racing to adopt AI without commensurate security investments. Dr. Jessica Lee, a cybersecurity researcher at Johns Hopkins, notes: "We're putting AI in the loop of clinical decisions without hardening the loop against attack." Regulators are struggling to keep pace; the HIPAA Security Rule has not been substantially updated since 2013. The broader implication is a trust crisis: patients may hesitate to share data if they fear it will be weaponized. OUTLOOK: The Biden administration's 2025 executive order on AI safety includes healthcare-specific cybersecurity guidelines, but compliance deadlines stretch into 2027. Hospitals are investing in AI-powered defense tools, such as behavioral analytics and automated threat hunting. Milestones to watch: the first major legal case over liability for an AI-driven data breach, and potential new FDA mandates for AI medical device security testing.

"We're putting AI in the loop of clinical decisions without hardening the loop against attack."

"Medical records are the most sensitive personal data; their theft is a violation of trust that goes far beyond financial loss."

Frequently Asked Questions

They include AI-powered phishing attacks, ransomware that uses machine learning to evade detection, adversarial manipulation of medical imaging, vulnerabilities in AI-enabled medical devices, and the use of deepfakes to impersonate clinicians. These threats exploit the increasing digitization of healthcare systems.

Healthcare handles highly sensitive personal data worth up to $1,000 per record, uses legacy systems that are hard to patch, and has life-critical operations that make paying ransoms seem necessary. The rapid adoption of AI without adequate security layers creates new entry points for attackers.

Hospitals can implement AI-powered defense tools like behavioral analytics and automated threat detection, conduct regular security audits, train staff to recognize AI-generated phishing, segment networks to limit ransomware spread, and ensure all AI medical devices comply with FDA security guidance.

According to HHS, 2025 saw a 93% increase in large healthcare breaches compared to 2024, affecting over 133 million patient records. The average cost per breach hit $11.2 million, the highest of any industry. Over 70% of healthcare organizations reported an AI-related security incident.

The HIPAA Security Rule is the primary U.S. regulation, though it hasn't been updated since 2013. The 2025 White House Executive Order on AI Safety includes healthcare-specific cybersecurity provisions. The FDA also issues guidance on premarket cybersecurity for AI-enabled medical devices.

Topics

AI cybersecurity healthcare industry data breaches ransomware medical device security adversarial AI HIPAA compliance patient data protection

Original source

www.forbes.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address