Embracing AI as a Shield Against Cyber Threats in Healthcare Organizations
In a rapidly evolving digital landscape, healthcare organizations (HCOs) are under increasing pressure to adopt advanced technologies, particularly artificial intelligence (AI), to detect and mitigate cyber threats more effectively. Experts have raised alarms about the potential ramifications of failing to act swiftly, warning that the consequences for patients could be dire.
During a session at Infosecurity Europe on June 4, Sher Baig, the CEO of Cyber Salus, underscored the pervasive threats and operational challenges that HCOs face globally. He articulated a grim picture of the healthcare industry, identifying legacy infrastructure, hyper-connectivity, and human fatigue as factors that are collectively creating an environment ripe for cyber incidents. Baig cautioned that in rare instances, these breaches could have fatal outcomes for patients.
He stated, “If there was ever an industry where the potential harm bad actors can do is directly correlated to human impact, it’s healthcare.” This sentiment reflects the unique vulnerabilities of the sector, which is frequently characterized as the most targeted by cybercriminals. Ransomware, particularly, poses a significant risk, jeopardizing clinical services and patient safety.
Recent research from Proofpoint has illustrated the severity of the situation: a staggering 93% of HCOs experienced at least one cyber-attack in 2025, with an average of 43 attacks per organization—up from 40 in the previous year. Such statistics reveal an alarming trend, indicating that the healthcare sector is increasingly becoming a battleground for cyber warfare.
Baig elaborated on the vulnerabilities associated with connected medical devices, such as infusion pumps, imaging systems, patient monitors, and laboratory systems, which often run outdated operating systems. “In healthcare, you don’t purchase medical equipment like an iPhone. These devices can remain in use for 15 to 20 years,” he explained, which further exacerbates the risks that HCOs face.
Highlighting the shortcomings of traditional security approaches, Baig argued that reactive strategies are outdated and ineffective. Organizations often find themselves overwhelmed by alerts and bogged down by time-consuming investigations. This outdated reactive stance leaves them vulnerable, particularly as AI technology accelerates the pace at which vulnerabilities can be discovered and exploited.
Yet, Baig also painted a more hopeful picture, emphasizing that AI can serve as a powerful ally for healthcare security teams. Continuous monitoring and analysis can facilitate faster detection of anomalies and automated prioritization of threats, ultimately leading to more efficient incident response and risk management.
To enhance their defensive capabilities, Baig outlined four crucial steps that healthcare organizations should consider implementing:
- Achieve Full Visibility: HCOs need to monitor all devices and potential threats, gaining insights into device-level parameters and software versions.
- Assess Threats by Clinical Risk: Prioritizing vulnerabilities based on their potential impact on patient care is essential to managing risks effectively.
- Leverage AI for Signal Correlation: Utilizing AI can help mitigate alert fatigue, allowing security teams to focus on the most pressing issues.
- Implement Robust Control Measures: AI should be employed to identify appropriate compensating controls while ensuring effective segmentation and patch management.
Baig concluded his presentation with a call to action, stating, “That’s the game plan we should all be working on now, not once there is a breach.” His emphasis on proactive measures resonated with the audience, highlighting the urgent need for change within the industry.
Rob Demain, the CEO of e2e-assure, reinforced Baig’s message, stating that a transition from reactive to predictive security approaches is the right direction for healthcare. However, he cautioned that predictive capabilities require substantial time and effort to develop, emphasizing the importance of clean and complete telemetry data. “Most healthcare organizations do not have clean complete data to reason over,” Demain noted, illustrating the challenges that lie ahead.
Chris Newton-Smith, CEO at IO, acknowledged that while AI is transforming the landscape of cyber threats in healthcare, it tends to amplify existing vulnerabilities instead of introducing entirely new risks. He stressed that AI can enhance the ability of security teams to identify anomalies, prioritize alerts, and improve incident responses. However, he emphasized that AI cannot replace the need for robust governance and effective operational processes.
According to Newton-Smith, healthcare leaders must prioritize strengthening foundational aspects such as governance, resilience, workforce capability, supplier assurance, and risk management. By addressing these core elements, HCOs would position themselves more favorably to take advantage of AI technologies while remaining resilient in the face of the emerging cyber threats that AI may also facilitate.
In summary, the pressing need for healthcare organizations to adopt AI-powered tools is not merely about keeping pace with technological advancements; it is about safeguarding patients and ensuring the integrity of healthcare services in an increasingly perilous digital landscape. The call for proactive measures, strategic prioritization, and foundational resilience resonates louder than ever as HCOs navigate the complex challenges ahead.