AI is a cybersecurity friend – and a foe

When it comes to assessing the impact of artificial intelligence on health system cybersecurity, it’s safe to say AI giveth and taketh away. 

The good news: After a rough 2024, the number of data breaches reported to the Department of Health and Human Services, and the number of patients impacted, decreased last year (about 17% and 84%, respectively). So, too, did the cost of mitigating a breach, which IBM said dropped from $9.7 million to $7.4 million in healthcare. 

AI may play a part in this relative success. Across all industries, IBM found, companies extensively using AI in security spent 43% less to mitigate a breach that those without AI in place. To that end, a 2024 global survey found 82% of members of the cybersecurity certification organization ISC2 felt AI would improve their efficiency. 

Stay ahead of the evolving cyber threat landscape — connect with the leaders, practitioners, and innovators securing the future of healthcare at ViVE’s Cybersecurity Zone.

Common use cases for AI in healthcare cybersecurity include advanced threat detection, automated threat response, and analysis of user behavior to predict abnormalities or signs of threats. Organizations also benefit from automating key third-party risk management tasks such as audits, reviews, and vendor policy benchmarking. Evolutions in agentic AI models also show promise, with vendors touting 98% accuracy in event triage, containment in less than five minutes, and continuous monitoring of network activity.  

The challenge, of course, is that attackers also have access to AI.  

• Phishing attacks can modify their messages based on engagement metrics and success rates, just like the software producing automated marketing emails.  

• Deepfakes can mimic the voice of corporate leadership, call the IT help desk, request new passwords, and gain network access. 

• Social engineering attacks can launch video calls, convince employees they’re in mission-critical meetings with executives, and get them to do just about anything.  

• Malware powered by machine learning can change tactics in real time, allowing it to evade common means of detection once it’s penetrated a network. 

If there’s a silver lining, it’s that the tactics for responding to these evolving threats should sound familiar to healthcare leaders.  

Holistically, the American Hospital Association recommends treating cybersecurity risk as an enterprise-level issue, with at least one person leasing information security and “sufficient authority, status and independence to be effective.” The organization’s risk profile should be routinely profiled, and there should be little hesitation when it comes to implementing new security controls. 

Get inspired by the latest advances in healthcare AI—and see how leading organizations are putting them into practice at ViVE. AI Zone @ViVE 2026.

Healthcare’s security controls can take many forms, according to KPMG. There are tactical considerations such as vulnerability management and threat detection and response – now augmented by AI – along with business continuity and incident response planning. Stronger data and access controls also help, as they allow individuals and applications to access only that they need to complete a given task. Consolidating security platforms is a consideration as well, as it leaves security teams with fewer data streams to attempt to manage. 

McKinsey points to the importance of technology resilience (which helps respond to outages unrelated to cyberattacks, such as natural disasters). Getting this right means understanding how enterprise systems depend on each other, identifying workflows and applications with the highest risk exposure, and taking necessary steps to ensure continuous operation. Again, AI can play a role here; one example is automatically initiating an incident management scenario if a high-priority system is down. 

Brian Eastwood is a Boston-based writer with more than 10 years of experience covering healthcare IT and healthcare delivery. He also writes about enterprise IT, consumer technology, and corporate leadership.