Securing Healthcare in the Age of AI-Driven Cyber Threats

On May 20, 2025, Kettering Health in Ohio awoke to a disruptive cyberattack. The Interlock ransomware group had infiltrated the hospital’s networks, encrypting electronic health records, billing platforms, and critical messaging tools. Overnight, nurses and physicians found themselves forced back to paper charts, outpatient services were disrupted, and for nearly two weeks, key digital systems remained locked down. By early June, Kettering restored essential EHR access—but only after nearly a terabyte of sensitive data, including patient and employee records, had been exfiltrated by the attackers.

Just weeks later, in late June 2025, another primary healthcare provider, McLaren Health Care in Michigan, began notifying more than 740,000 patients that their private data, including Social Security numbers, insurance details, and clinical records, had been compromised. Though the original breach dated back to a ransomware attack in mid-2024, the full extent and impact only became clear through forensic analysis months later. For patients, this meant learning in June that their identities and medical histories were now at risk, underscoring the long tail of damage that modern cyberattacks can inflict.

These incidents are far from isolated. This year, the U.S. Department of Health and Human Services has launched more than 300 breach investigations at a pace that threatens to surpass last year’s total and reflects a sector under siege by increasingly sophisticated, AI-powered adversaries (HHS Breach Portal). Healthcare has become one of the most attractive and vulnerable targets for cybercriminals. From disruptive ransomware to automated phishing campaigns and deepfake social engineering, attackers exploit outdated systems, budget constraints, and workforce shortages across hospitals, clinics, and research centers. The rapid adoption of generative AI and automated attack tools has made intrusions more frequent and severe, with the impacts often rippling far beyond the initial system lockouts, including the theft of highly sensitive patient information and long-term damage to public trust.

What’s driving this surge is not just technical vulnerability, but also the human element. Healthcare remains a highly targeted sector because employees, from doctors and nurses to administrative staff, are regularly exposed to phishing, social engineering, and increasingly, AI-generated voice and video deepfakes. With high staff turnover and limited cybersecurity training, attackers can easily bypass traditional defenses. Many organizations remain focused on meeting regulatory checklists rather than embracing proactive, risk-based security cultures, and the shift to hybrid and remote work in some administrative areas has further broadened the attack surface. Even as health systems invest in firewalls and anti-malware, today’s adversaries use AI to constantly probe for new weaknesses, automating network reconnaissance and using stolen credentials to move laterally through networks. These challenges affect organizations of all sizes, from major hospital networks to small clinics, underscoring the widespread urgency of robust cybersecurity in healthcare.

Industry leaders and policymakers are responding with a mix of urgency and innovation. The HHS Breach Portal, which publicly tracks major healthcare data breaches in the United States, now provides a eye-opening view of the accurate scale and diversity of incidents across the sector, helping organizations recognize emerging trends and benchmark their defenses. Federal agencies like the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA) have ramped up support, making sector-specific guidance widely available. The (CISA Healthcare and Public Health Sector Cybersecurity Toolkit) is a key resource, offering checklists, best practices, and self-assessment tools to help providers of all sizes identify and address vulnerabilities. At the same time, the Healthcare Sector Coordinating Council has released playbooks and collaborative recommendations (HSCC Publications), while individual providers are investing in advanced solutions—from zero-trust architectures to behavioral analytics and cloud-based security platforms.

Despite progress, significant challenges remain, particularly for resource-constrained healthcare organizations. The ongoing “arms race” between attackers and defenders, now fueled by artificial intelligence, means that modernization, collaboration, and a strong culture of cybersecurity are more crucial than ever. By investing in advanced defenses, prioritizing continuous staff education, and embracing shared responsibility across the sector, healthcare providers can better protect critical systems and patient trust. As the cyber threat landscape evolves, so must our defenses. By working together and staying vigilant, the healthcare sector can ensure that both patient safety and public trust remain at the heart of care.