Healthcare's Embrace of Artificial Intelligence and its Cybersecurity Implications
In the rapidly evolving landscape of healthcare, artificial intelligence (AI) is increasingly being adopted to streamline operations and enhance patient care. However, this technological advancement also brings new challenges, particularly in the realm of cybersecurity.
A recent survey conducted by ISC2, which polled over 1,000 of its members working in security roles, revealed that cybersecurity professionals are concerned about the potential misuse of AI by cybercriminals. The top concerns include the spread of misinformation through deepfakes, disinformation campaigns, and social engineering attacks.
One of the most significant concerns is the use of AI to craft highly personalized phishing emails that mimic healthcare organizations’ communication styles. These emails, difficult to detect due to their authenticity, can pose a serious threat to data security. AI-driven phishing can produce thousands of tailored messages rapidly, increasing attack scale and complexity.
The widespread use of generative AI platforms among employees also poses data privacy and security risks for organizations. With AI being used for various tasks such as work, learning, and entertainment, the potential for unauthorized access or misuse of sensitive data is a growing concern.
Healthcare organizations have not been immune to these risks. For instance, an earlier this year incident involved YouTube having to issue a warning about phishing emails featuring AI-generated clips of its CEO.
Stephanie Hagopian, vice president of physical and cybersecurity services at CDW, has expressed concerns about security with AI, security for AI, and security from AI. CDW has highlighted the challenge for organizations in parsing which AI-powered security solutions will deliver and integrate well with their needs and environment.
To combat these threats, healthcare organizations are turning to advanced security frameworks like Zero Trust security architecture tailored for AI environments. This ensures continuous verification and limits attack surfaces. Collaboration with partners to develop AI and security strategies, fostering a multidisciplinary approach, is also becoming increasingly important.
The National Institute of Standards and Technology has warned of malicious actors deliberately manipulating AI systems to make them malfunction. New York University has guidance for its campus community to be aware of AI-assisted social engineering attacks.
As AI platforms like ChatGPT see significant adoption among U.S. adults under 30, with 58% using it in early 2025, up from 33% in 2023, it is clear that the use of generative AI platforms significantly impacts cybersecurity in healthcare organizations.
AI is also being used to tackle time-consuming, lower-value functions such as user behavior pattern analysis, network traffic monitoring, and threat detection. In a 2024 ISC2 survey, 82% of respondents agreed that AI will improve their job efficiency in cybersecurity.
However, it is crucial for healthcare organizations to stay vigilant and adapt their cybersecurity strategies to the unique challenges posed by AI. Embracing AI-aware security architectures, continuous monitoring, AI-specific threat intelligence, and employee training are critical to defend against the sophisticated AI-driven threats targeting healthcare data and operations.
- The widespread adoption of AI in healthcare operations exacerbates concerns about cybersecurity, as demonstrated by the potential use of AI to craft highly personalized phishing emails, which can increase attack scale and complexity.
- In response to the growing threats posed by AI-driven attacks, healthcare organizations are turning to advanced security frameworks like Zero Trust security architecture and continuous employee training to counteract sophisticated AI-driven threats targeting healthcare data and operations.
