
Healthcare remained one of the most targeted sectors for ransomware in 2025, accounting for 22% of disclosed attacks in one widely cited industry analysis. More broadly, 93% of healthcare organizations reported at least one cyberattack in the past 12 months. As of the end of 2025, at least 642 large healthcare breaches had been reported, affecting nearly 57 million individuals.
But the implications for the healthcare industry extends beyond traditional cybersecurity and data risk. First and foremost, healthcare is a patient safety environment. This means that AI security failures can become care-delivery failures, not just privacy incidents
As risks continue to become more frequent and consequential, generative AI (GenAI) is reshaping both the threat landscape and the operating model in healthcare. This powerful technology makes it faster, cheaper, and easier to launch sophisticated cyberattacks, such as by leveraging “vibe coding.” GenAI also allows for well-meaning employees to expose sensitive data to unsanctioned tools. In healthcare, the first AI problem is often not a malicious model attack, it is uncontrolled use of AI with PHI, clinical content, credentials, or internal workflows.
In light of these rapidly growing threats, healthcare organizations can no longer rely on preventing every breach. Instead, they must assume compromise and focus on resilience, maintaining safe operations and recovery with confidence.
The Reality of Modern Threats and Why Gen AI Changes Everything
The pace of innovation of GenAI is staggering. Everyday there seems to be a new innovation, which has accelerated with the rise of AI agents. Often, GenAI tools have low price points or are open source. With this democratization comes the ability to develop more sophisticated methods for using GenAI to enhance phishing, impersonation, malware development, reconnaissance, and social engineering.
Of course, the number one vector remains human error. This risk is amplified by AI-generated content and AI-assisted workflows. They make attacks more convincing and easier to execute.
GenAI risks in healthcare span multiple layers. Data leakage (PHI exposure), prompt injection and model manipulation, and integration risk across clinical and operational systems are all key concerns. There is also an expanded attack surface from copilots and agents, as well as identity and authorization drift when AI tools are connected to EHRs, collaboration tools, knowledge bases, and ticketing systems.
Beyond this, organizations must consider third-party and supply-chain risk from foundation model providers, AI plugins, model gateways, and embedded AI in SaaS platforms, along with insecure retrieval pipelines and retrieval-augmented generation (RAG) connectors that expose sensitive data. Furthermore, there is AI-generated output risk, including hallucinations. Then there are model and data provenance risks, in which organizations may not know what model they are using, what data it was trained on, or how outputs are being logged.
This is why it’s important to do the following with the adoption of GenAI:
- Full inventory of AI systems, models, agents, data sources, and connectors.
- Risk-tiering based on use case, data sensitivity, and level of autonomy.
- Human-in-the-loop requirements for higher-risk use cases.
- Logging of prompts, output, tool use, data access, and administrative changes.
- Vendor due diligence for model providers and AI-enabled software.
The New Mandate for CISOs: From Security to Resilience
For healthcare CISOs, AI security is now part of operational resilience. The question is no longer “Are we using AI?” Rather, it’s about, “Where is AI making decisions, summarizing information, triggering actions, or touching regulated data, and can we govern and recover those workflows safely?”
As for boards, they are asking another set of questions:
- “How fast can we recover?”
- “How do we maintain minimum viable operations if core clinical, administrative, identity, or AI-enabled workflows are degraded?”
What all these changes point to is a fundamental rethinking of cybersecurity. Again, it has become a patient safety issue. Ransomware and major cyber disruptions in healthcare are increasingly associated with patient care delays, diversions, and worsened outcomes. For example, a recent economics paper reports a 34–38% increase for patients already admitted when an attack begins. Other research shows that in-hospital mortality increased materially during ransomware incidents at attacked hospitals.
For CISOs, they must be able to explain AI risk in business terms: patient safety, downtime, trust, legal exposure, and recoverability. They must also be able to show the board where AI is being used, who owns it, how it is controlled, and how it will be operated during a cyber event
Compliance as a Resilience Enabler, Not a Checkbox
For AI risks in healthcare, HIPAA includes important updates, which are called the HIPAA Security Rule (proposed in December 2024). But for many organizations, there are other regulations that are becoming critical:
- HHS guidance on Security Rule implementations and cybersecurity expectations
- HITRUST
- PCI DSS for payment environments
- FDA expectations for AI/ML-enabled medical devices and medical device cybersecurity, where applicable
These reflect a major regulatory shift. There is more emphasis on faster reporting, including CIRCIA’s proposed requirement for covered entities to report covered cyber incidents within 72 hours and ransom payments within 24 hours.
As a result, healthcare organizations need to separate what is currently proposed, what is already in force, and what their state, contractual, payer, and partner obligations require. For example, the proposed HIPAA Security Rule would require written procedures to restore certain relevant systems and data within 72 hours.
This shift highlights that recovery speed and restoration prioritization are becoming explicit governance expectations, not just internal goals. Yet it is important to keep in mind that compliance is a point-in-time snapshot, which can change instantly. This underscores the need for continuous resilience.
With compliance frameworks, an organization will also be able to:
- Justify investments in resilience.
- Drive testing of systems.
- Build repeatable resilience processes.
Of course, compliance will not secure GenAI by itself. But CISOs should use compliance to force discipline around AI inventory, risk classification, data handling, human oversight, logging, vendor review, and recovery testing.
The winners of GenAI will not be those that adopt this technology the fastest – with insufficient controls. Instead, success will require organizations to adopt clear governance, strong boundaries, continuous oversight and proven recovery.
The CISO’s role is to make sure that adoption happens safely, responsibly, and in a way that protects care delivery when something goes wrong.
About Chris Bevil
Chris Bevil, a seasoned cybersecurity and compliance expert and former CISO, currently serves as principal, global cyber resilience & AI at Commvault. With a proven track record as a cybersecurity and compliance consultant, Chris has guided organizations through incident response, disaster recovery, and business continuity planning, helping them build robust cyber recovery strategies to mitigate potential threats. He transforms complex cybersecurity topics into practical, relatable insights, combining deep expertise with a passion for storytelling to connect with audiences and empower them to tackle today’s toughest challenges.

