October is Cybersecurity Awareness Month
Throughout the month we will take on cybersecurity subjects that continue to be challenging in healthcare today and ask our experts to weigh in.
Topic 1: Sophisticated Ransomware and AI-Driven Attacks
According to AHA Cyber Intel, sophisticated ransomware and AI-driven attacks pose an unprecedented threat to the healthcare sector, moving beyond simple data theft to a “threat-to-life” crime. AI accelerates and enhances the effectiveness of ransomware, while healthcare remains a prime target due to its valuable data and critical, low-downtime operations.
Dave Bailey, Vice President of Consulting Services, Clearwater Security
LinkedIn: David Bailey
Ransomware in healthcare has shifted from a data-theft problem to a patient-safety crisis. Sophisticated groups like Qilin, IncRansom, and Kawa4096 are targeting hospitals, labs, and specialty providers with tactics designed not just to steal information, but to shut down critical operations. Investigations in the U.K. have already linked ransomware disruptions to patient deaths, and in the U.S. we’re seeing canceled procedures and disabled EHR systems that put care directly at risk. This is what makes healthcare such an attractive target: the data is valuable, the networks are complex, and downtime is almost unthinkable.
AI is accelerating this shift. Attackers are leveraging AI-powered phishing, social engineering, and automation to scale campaigns, bypass defenses, and shorten the window between compromise and impact. The result is a faster, more adaptive threat landscape where extortion is coupled with disruption to maximize leverage. For CISOs, this means resilience can’t hinge on perimeter controls alone. It requires continuous risk analysis, layered identity and access protections, and incident response strategies that assume attackers will adapt as quickly as technology does. In this environment, cybersecurity isn’t just compliance, it’s clinical safety.
Lesley Berkeyheiser, Senior Director of Accreditation Strategy and Development, DirectTrust
LinkedIn: Lesley Berkeyheiser
The use of artificial intelligence (AI), and the associated technical changes, is unprecedented in terms of its impact on jobs and operations in the data exchange industry. Today, we have professional bad actors, who are often business and technical professionals armed with AI tools, using them to constantly probe our sometimes antiquated healthcare technical environments to exploit faults.
According to a recent fact sheet from CISA, FBI, and NSA entitled Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest, these bad actors are targeting poorly secured networks and internet-connected devices. Simultaneously, we know that small- and mid-sized healthcare organizations are the most vulnerable. Sandwiched between constant threats to reimbursement and this ever-mounting attack on their cybersecurity readiness, we still see many do not have adequate cybersecurity infrastructure, have not completed a recent risk analysis for AI, or appointed a senior-level cybersecurity leader to champion the issue.
According to the 2025 Black Book Research Report, “This year’s findings confirm that the majority lack the staffing, funding, and infrastructure to defend themselves against increasingly sophisticated attacks,” said Doug Brown, Founder of Black Book Research. So, what can a small- to mid-sized healthcare organization do today to increase its security stance against an attack? Leverage the many free resources available from HHS 405(d), CISA, WEDI, and others. Consider using third-party accreditation as a way to ensure, via an independent review from experts in the field, that your organization is best prepared. A cybersecurity attack is no longer a question of if, but of when.
Jeremy Carriger, Chief Information Security Officer, Arcadia
LinkedIn: Jeremy Carriger
Ransomware has become increasingly aggressive, adaptive, and deeply disruptive to healthcare operations and patient safety. Attackers are utilizing AI to identify targets and continually modify their tools to evade detection. Threat actors are also using AI to run highly personalized phishing campaigns — including messaging that references staff, meetings, or lingo that makes them appear as a credible impersonator. Deepfake calls that impersonate executives to bypass MFA or request credential resets are another example. Once attackers gain a foothold, they’re using AI to scan for high-value systems and paths to exfiltrate data silently. To defend themselves, healthcare organizations should continue to educate their employees regularly on best practices for frontline defense and conduct regular drills. I also recommend that healthcare organizations implement behavioral anomaly detection across channels, establish multi-factor authentication methods on all systems, segment their networks, and implement immutable backups, or secure copies of data that can’t be altered or erased.
Preston Duren, Vice President of Threat Services, Fortified Health Security
LinkedIn: Preston Duren
Ransomware has escalated into a “threat-to-life” risk as attackers exploit the healthcare industry’s critical need for uptime. AI enables these campaigns to be faster, smarter, and more convincing. To defend against them, health systems must strengthen fundamentals:
- Enforce multifactor authentication everywhere, patch systems consistently, maintain segmented backups, and test incident response plans.
- Train staff to spot phishing lures, which have become highly realistic with the use of AI.
- Pair this with modern detection and response tools (XDR/MDR) that use AI to identify anomalies and human expertise to eliminate false positives.
In today’s environment, resilience is no longer optional; patient care depends on the ability to withstand and quickly recover from attacks.
Robert Eikel, Chief Information Security Officer & Privacy Officer, P-n-T Data Corp.
LinkedIn: Robert Eikel
Ransomware already has contributed to several hospital bankruptcies, including Waterbury Hospital here in my home state of Connecticut. Even worse, ransomware has caused patient safety events and even losses of life in hospitals. Any hospital or provider who doesn’t take resiliency seriously—especially with networked medical devices and other operational technology—runs an unacceptable risk of patient harm.
David Finn, HIT Advocate, Recovering HC CIO, Principal, Cyber Health Integrity, LLC
LinkedIn: David (Samuel) Finn
In 2025, cyber threats have become faster, smarter, and more disruptive—especially in healthcare. Ransomware attacks now leverage artificial intelligence to exploit weak authentication, outdated systems, and even trusted identities. These aren’t just IT problems; they’re enterprise-wide risks that delay procedures, compromise patient data, and erode trust. Generative AI is being weaponized to craft convincing phishing emails, deepfake audio, and synthetic personas that can deceive even the most experienced professionals. During Cybersecurity Awareness Month, it’s critical for leaders—from clinical operations to finance—to treat cybersecurity as a strategic imperative. Vigilance, multi-factor authentication, and continuous staff education are no longer optional—they’re essential to protecting the integrity of care delivery.
Patty Hayward, General Manager of Healthcare and Life Sciences, Talkdesk
LinkedIn: Patty Hayward
As AI becomes embedded in healthcare contact center workflows, the ‘front doors’ that must be secured have evolved and shifted. Leaders must establish clear policies and operating procedures that guide how staff adopt and use AI responsibly, especially when using it to serve patients in more than just clinical encounters. Access and revenue cycle conversations are at the forefront of automation efforts, and security leaders need to be confident their technology stack is helping staff improve security, instead of opening up new vulnerabilities. IT should prioritize ongoing education to ensure compliance and reinforce best practices as new tools emerge. Strong governance, human-in-the-loop workflows, and vigilant monitoring of AI-driven processes are essential to safeguard patient information and uphold trust.
Mike Hoxter, Chief Technology Officer, Lightbeam Health Solutions
LinkedIn: Michael Hoxter
HITRUST-certified and HIPAA-compliant data sources with FHIR interoperability are mission-critical for AI in healthcare, helping protect against the growing wave of AI-enabled attacks. Healthcare organizations must evaluate AI platforms and services for these safeguards before investing, to reduce risk of cyberattacks and ransomware while ensuring the ROI and value that remain elusive.
John Layne, Director of IT, HSBlox
LinkedIn: John Layne
Ransomware attacks are a serious concern for the healthcare industry because they not only potentially expose patient data but also can disrupt healthcare services and delay critical care for those who depend on it. Many ransomware attacks include a data exfiltration component, so it is important to have both adequate network segmentation as well as data encryption. If data is shared with third-party partners and vendors, it is imperative to conduct extensive and ongoing risk management reviews to ensure both data security and business continuity in the event of a ransomware attack. Additionally, a well-documented recovery process needs to be established, and regular tabletop exercises performed to ensure readiness to respond to a worst-case scenario as efficiently and reliably as possible. As part of recovery preparedness, continuous backups of critical data should be established to offsite and/or immutable storage to ensure reliable data recovery.
Lance Reid, CEO, Telcion Communications Group
LinkedIn: Lance Reid
Cybersecurity has become a patient safety issue. It’s no longer just about protecting data — it’s about protecting lives. We’ve seen ransomware attacks shut down EHR platforms, delay treatments, cancel referrals, and stop pharmacy orders in their tracks. That’s real harm.
Most of these attacks are financially motivated, but AI has made them faster and more convincing. We see phishing emails that are nearly impossible to spot, even for savvy users. When someone clicks, it opens the door. From there, attackers can encrypt your most critical data, access PHI, and demand payment. Even when organizations pay, attackers often still leak the data or sell it again.
These aren’t hypothetical risks. They’re things we see every day.
That’s why cybersecurity can’t sit on the back burner. It’s everyone’s responsibility, not just IT’s. And it starts with a layered defense, regular testing, and training that actually works. If you haven’t assessed your environment lately, now’s the time.
Clay Ritchey, CEO, Verato
LinkedIn: Clay Ritchey
In healthcare, everything comes down to one thing: knowing ‘who is who’. If you can’t trust your identity data, you can’t protect patients, secure systems, or deliver care safely. Cyber criminals know this, and they’re exploiting it — impersonating doctors over the phone, resetting credentials, and slipping into the core of our systems. With one in five providers changing jobs every two years and records scattered across EHRs, credentialing, and reimbursement platforms, the attack surface continues to grow. Firewalls and MFA certainly help, but the industry needs more to safeguard its information. Identity intelligence and master data management must become core infrastructure. Everything else follows from that.