Emphasis on Cybersecurity in Medical Practices Could Protect Both Patients and Health Care

Fact checked by: Giuliana Grossi

Key Takeaways

  • Healthcare data’s high fraud utility and broad clinical dependencies make ransomware uniquely harmful, coupling identity theft risk with disruptions to records access, communication, and care coordination.
  • The Change Healthcare attack illustrated systemic vulnerability in claims infrastructure, with prolonged outage and potential exposure of ~192.7 million individuals despite ransom payment.
  • Operational impacts are common; 44.4% of ransomware attacks disrupted care delivery, including electronic downtime, cancellations, and occasional ambulance diversion in 2016–2021.
  • Security maturity is uneven; lower cybersecurity ratings correlate with substantially higher annual breach probability, concentrating patient risk in smaller, rural, or resource-limited hospitals.
  • Core mitigations include stronger identity/access controls, telemetry-driven monitoring with rehearsed incident playbooks, third-party compromise recovery plans, and workforce training to reduce phishing-driven entry.

SHOW LESS

Data stored in hospitals, clinics, and medical practices make it a prime target for cyberattacks, making security important for continuity of care.

In an age where most personal data is stored online, and technology is needed to continue the workflow, cyberattacks have become more frequent and potentially more costly. Medical centers, including hospitals, clinics, and doctors’ offices, have become a prime target for cyberattacks due to the amount of information stored about each patient, potentially disrupting care for patients and leaving them more vulnerable if not addressed. Cybersecurity in health care has become more important as a result, with experts highlighting ways to protect patients, their data, and their care.

Medical Practices, Hospitals Are a Prime Target for Cyberattacks

As new digital workflows are added to the way that hospitals and other medical practices operate, including remote access or other cloud apps, the attack surface for cyberattacks has increased overall, making them more vulnerable than ever.

“In health care, those disruptions don’t just slow down business operations; they can interrupt care delivery,” said Tarun Sondhi, managing director of cybersecurity at Accenture. “…And when you unpack this a little bit further, it can affect access to records, communication, scheduling, and other systems that the teams depend on.”

Sung Choi, an associate professor at the School of Global Health Management and Informatics at the University of Central Florida, emphasized that health care data is uniquely valuable for potential attackers. “It has your financial information, personal information, even things like social security…you have all the different pieces that can be exploited for health care fraud or financial fraud.”

In February 2024, Change Healthcare, a clearinghouse that is part of 40% of all medical claims in the US, was targeted in a cyberattack that left the subsidiary of UnitedHealth offline for an extended period of time, potentially leaking the health information of approximately 192.7 million Americans.1,2 Despite UnitedHealth paying the ransom, the attack left patients vulnerable to unwanted consequences of their data being leaked, giving a real-world example of how cyberattacks on medical databases can affect patients.

Cybersecurity in health care could protect patient data and keep care from being interrupted | Image credit: adam121 – stock.adobe.com

A total of 69 of the 90 largest health care data breaches of all time have come in the 2020s,2 showing an increased interest in these files by potential attackers. Although the incidence of data breaches has decreased overall from 2024 to 2025, there were an average of 47 data breaches reported each month from September 1, 2025, to January 31, 2026, which can have consequences for patients and medical practices alike.

Cyberattacks Threaten Access to Care

Cyberattacks can not only leak patient data, but they can also shut down processes that are primarily online, such as prior authorizations and scheduling. Beyond the implications of data being exposed to bad actors, this can also disrupt the patient care experience.

“When you look at the systems that support care delivery and when they’re disrupted, teams are now focusing on downtime procedures, and what that can result in is delays [and] added risk,” said Sondhi. “It means slower access to clinical information, interruption to all the coordination that the clinicians need to do within the hospital itself or with an outside resource, whether it’s an imaging solution or imaging center.”

Sondhi also noted that workflows could be postponed, which could impact patient care. Employees within hospitals and clinics depend on their technology to get their work done, which could become a problem should there be a cyberattack.

“Hospitals, on average, are improving [in cybersecurity], but the gap between the strongest and weakest is wide, and most of the patient risk sits at the bottom, often smaller, rural, or under-resourced hospitals with the least slack to absorb a multi-week shutdown. For patients, the privacy harm is real [as] leaked records can fuel medical identity theft for years,” explained Choi.

A study published in 2022 found that 44.4% of ransomware attacks disrupted the delivery of health care to patients, including cancellations of scheduled care in 10.2% of attacks, electronic system downtime in 41.7% of attacks, and ambulance diversion in 4.3% of attacks between 2016 and 2021.3 With the incidence of cyberattacks increasing, these disruptions have likely increased overall.

Sondhi also noted that, even though most processes can move to manual procedures if the system goes down, delayed care is still possible, as they have to get used to doing things a different way for a short amount of time, whether it be going to get imaging results in person while the system is offline or calling a pharmacy directly for medications as needed. “We depend on technology to be able to do that, and it’s very difficult to switch,” he said.

Protecting Medical Technology from Cyberattacks Should Be Top Priority

With the number of cyberattacks that happen per month, it is important that hospitals protect themselves from the potential of an attacker taking advantage of their system and leaving their patients vulnerable, both through data leaks and a delay in patient care.

In a study conducted by Choi and published in 2021, he and his coauthor found that hospitals had lower cybersecurity ratings when compared with Fortune 1000 firms, despite the gap closing between 2014 and 2019.4 Hospitals with low security ratings had a significantly higher risk of a data breach, ranging from a probability of 14% to 33% in a year.

“Unfortunately, ransomware attacks have been growing, so it’s a game of cat and mouse,” said Choi. “I think things have deteriorated, especially after COVID, where a lot of health care was moving online… Hospitals have probably gotten better, but also attackers have been getting more sophisticated as well.”

Sondhi emphasized that approaching cybersecurity should start with the basics and mature over time. There are 3 steps, he said, that can approach the critical weaknesses in cybersecurity. These include strengthening your identity and access, including reducing remote exposure with different devices; instrumentation of all telemetry data to monitor and clear incident response playbooks; and understanding the approach to figuring out what to do should a third-party vendor be compromised, including recovery plans and knowing how and when to sever ties. Having baseline knowledge could help to mitigate the problem should it arise.

“When cybersecurity is treated like a resilience, it protects not only data [but it also] protects access, continuity, and the ability to deliver safe care in a very cost-constrained environment,” said Sondhi.

Choi suggested that medical practices should use external ratings to measure their cybersecurity. Basic security, such as 2-factor authentication and offline backups, should be incorporated into the workflow. Security should be designed around the clinicians, and investment should be made to train employees on phishing and other dangerous ransomware attacks to limit the efficacy of such attacks.

“Most breaches still begin with a lost device, or a phishing click, which is a training and culture problem, not just a technology problem,” Choi explained.

Overall, the cybersecurity of hospitals, medical clinics, and doctors’ offices is crucial to protecting patients and providing timely care, without being inhibited by the online system shutting down or data being leaked through ransomware attacks. Prioritizing cybersecurity in the future should be a top concern as more care moves online.

References

  1. What we learned: Change Healthcare cyber attack. US House Energy & Commerce. May 3, 2024. Accessed May 4, 2026. https://energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack
  2. Alder S. Healthcare data breach statistics – updated for 2026. The HIPAA Journal. February 26, 2026. Accessed May 4, 2026. https://www.hipaajournal.com/healthcare-data-breach-statistics/
  3. Neprash HT, McGlave CC, Cross DA, et al. Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016-2021. JAMA Health Forum. 2022;3(12):e224873. doi:10.1001/jamahealthforum.2022.4873
  4. Choi SJ, Johnson ME. The relationship between cybersecurity ratings and the risk of hospital data breaches. J Am Med Inform Assoc. 2021;28(10):2085-2092. doi:10.1093/jamia/ocab142. #LivingSafeOnline, #Cybersecurity, #HealthcareSecurity, #MedicalCyberDefense, #PatientDataProtection, #DigitalSafety, #CyberRisk, #OnlineSecurity, #CyberCrime, #HealthTech, #RiskManagement, #CyberPolicy, #CyberPower, #NationalSecurity, #TechForGood
read more

Security Researchers Warn Rapid AI Adoption Is Creating Massive New Cybersecurity Risks

By Abdul Wasay

Security researchers from various cybersecurity firms have discovered that AI infrastructure exposes over 1 million services from 2 million hosts due to weak default configurations.

The findings reveal that businesses moving rapidly to self-host large language model infrastructure are sacrificing security for speed, putting decades of software security progress at risk as companies rush to adopt AI technology and deliver more value faster.

Researchers used certificate transparency logs to identify approximately 2 million hosts with 1 million exposed services. The investigation found that AI infrastructure was more vulnerable, exposed and misconfigured than any other software category previously examined. A significant number of hosts had been deployed straight out of the box with no authentication in place because authentication simply is not enabled by default in many of these projects.

Security researchers discovered numerous chatbots that left user conversations exposed. More concerning were generic chatbots hosting a wide range of models including multimodal LLMs freely available to use without authentication. Malicious users can jailbreak most models to bypass safety guardrails, a technique where attackers craft prompts that sneak past or override built-in safeguards by playing with instructions, context or hidden tokens to produce content that is supposed to be off-limits.

CyberArk researchers demonstrated that jailbreaks can work across practically any text-based model using automated methods. Their open-source framework FuzzyAI uses fuzzing techniques to systematically test LLM security boundaries by generating and testing adversarial inputs against models. The tool applies over 15 attacking methods including passive history which frames sensitive information within legitimate research contexts, taxonomy-based paraphrasing using persuasive language techniques, and best of N which exploits prompt augmentations through repeated sampling.

Researchers discovered exposed instances of agent management platforms including n8n and Flowise. The investigation identified over 90 exposed instances across sectors including government, marketing and finance with all chatbots, workflows, prompts and outward access open to anyone. One of the more surprising findings was the sheer number of exposed Ollama APIs accessible without authentication. Of 5,200 servers queried, 31% answered without requiring credentials with 518 models wrapping well-known frontier models from Anthropic, Deepseek, Moonshot, Google and OpenAI.

After analyzing applications in a lab environment, researchers found repeated insecure patterns including poor deployment practices with insecure defaults and misconfigured Docker setups, no authentication on fresh installs dropping users straight into high-privilege accounts, hardcoded credentials embedded in setup examples, and new technical vulnerabilities including arbitrary code execution discovered within days. Some projects powering large language model infrastructure have abandoned decades of security best practices in favor of shipping fast.

#LivingSafeOnline, #Cybersecurity, #AIThreats, #RapidAI, #DigitalSafety, #CyberDefense, #CyberRisk, #OnlineSecurity, #NationalSecurity, #CyberCrime, #AIinSecurity, #RiskManagement, #CyberPolicy, #CyberPower, #TechForGood

read more

India’s PNB hikes cybersecurity spend as AI models including Anthropic’s Mythos raise risks

Story by Nishit Navin and Ashwin Manikandan

BENGALURU/MUMBAI, May 5 (Reuters) – India’s Punjab National Bank is stepping up investments in cybersecurity and accelerating procurement of technology to guard against rising digital threats including those from advanced AI models, a senior executive said on Tuesday.

AD

The country’s third largest state-run lender by market capitalisation has earmarked about 20% of its technology budget for cybersecurity, or roughly 7 billion to 8 billion rupees ($73.5 million – $84 million) for the current financial year, executive director D Surendran told Reuters in an interview, adding that this allocation is more than 50% higher than the previous year.

“We don’t want to compromise on this kind of expenditure,” Surendran said, adding the bank will increase the spending further if required.

PNB’s move comes amid heightened regulatory focus on risks emerging from advanced AI models including Anthropic’s Mythos.

Last month India’s finance minister Nirmala Sitharaman met with heads of top banks to gauge preparedness against AI-related cybersecurity risks. India’s central bank has also been in talks with global regulators, lenders and government officials to understand the potential risks, Reuters has reported.

PNB is also fast-tracking purchases of security tools, including firewalls and other systems to address vulnerabilities, Surendran said.

“We have increased our frequency of audit… now we have made our audit process 24/7 so that the criticality will be identified fast,” Surendran said.

PNB SEES SUSTAINED LOAN GROWTH

The New-Delhi based lender, earlier in the day, posteda more than 14% rise in net profit to 52.25 billion rupees, helped by healthy loan growth and improving asset quality.

Loans grew 12.7% year-on-year while deposits rose 9.2%.

The bank will target 12-13% loan growth in financial year 2026/27, Surendran said, driven by credit to small and medium-sized enterprises and retail loans, he said.

The bank expects deposits to grow around 9-10% for the year.

($1 = 95.2800 Indian rupees)

(Reporting by Nishit Navin and Ashwin Manikandan; Editing by Ronojoy Mazumdar)

#LivingSafeOnline, #Cybersecurity, #PNB, #IndianBanks, #AIThreats, #AnthropicMythos, #DigitalSafety, #CyberDefense, #FinancialSecurity, #BankingRisk, #CyberInvestment, #AIinFinance, #NationalSecurity, #CyberRisk, #FinTechSecurity, #CyberPolicy, #CyberCrime, #RiskManagement, #CyberPower.
read more

“The Nuclear Weapons of Cybersecurity”: Why Treasury Just Warned Banks About AI’s New Power

24/7 Wall St
Omor Ibne Ehsan

Quick Read

  • Check Point Software (CHKP) CEO Nadav Zafrir says the cybersecurity landscape is undergoing a fundamental shift as AI accelerates both threats and defenses.

  • Cybersecurity vendors defending against AI-powered attacks gain a tailwind as regulators treat frontier AI as systemically relevant to financial institutions.

  • The analyst who called NVIDIA in 2010 just named his top 10 stocks and Check Point Software wasn’t one of them. Get them here FREE.

It is unusual for the Treasury Secretary to call the heads of the largest Wall Street banks into a room to discuss a software system. It is even more unusual when the Federal Reserve Chair joins him. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell recently gathered the CEOs of major Wall Street banks to warn them about Anthropic’s newest AI platform, Mythos, an artificial intelligence system reportedly so capable at hunting down software vulnerabilities that the company has only handed a preview to a handful of big tech and finance firms so they can patch holes before the rest of the world catches up.

That is the backdrop for a striking line from Steven Weber, the retired UC Berkeley professor who led the Center for Long-Term Cybersecurity. “Zero-day exploits are the nuclear weapons of the cybersecurity world,” Weber said. He argues that the rapid coding ability of frontier large language models has made this moment inevitable.

What a Zero-Day Actually Is

A zero-day is a software flaw the vendor has not yet discovered, which means defenders have zero days to fix it before an attacker can use it. Historically, finding one took elite human researchers weeks or months. AI systems trained on vast code corpora can now sift through software at machine speed, and that is the capability that has regulators alarmed.

The analyst who called NVIDIA in 2010 just named his top 10 stocks and Check Point Software wasn’t one of them.Get them here FREE.

OpenAI’s latest model, GPT-5.4 cyber, is raising similar concerns, and both Mythos and GPT-5.4 cyber excel at detecting zero-day exploits. The same skill that lets a defender harden a trading system lets an attacker compromise it. That is the dual-use problem in one sentence.

Why the Treasury Convened Bank CEOs

Banks sit on top of layers of legacy code, vendor software, and custom trading infrastructure. If an AI system can find unknown bugs faster than human teams can patch them, the asymmetry favors whoever deploys the model first. Bessent and Powell appearing together signals that policymakers now treat frontier AI as systemically relevant, in the same category as liquidity stress tests and counterparty risk.

The cybersecurity industry is reading the same signals. On Check Point Software‘s (NASDAQ:CHKP) most recent earnings call, CEO Nadav Zafrir said, “The cybersecurity landscape is undergoing a fundamental shift as AI accelerates both the scale and sophistication of threats. Our strategy is purpose-built for this environment. With our four-pillar architecture, we are well positioned to benefit from accelerating demand for secure, enterprise-grade AI transformation at scale.”

What Investors Should Watch

The arms race has two sides. AI defenders (endpoint security, identity, cloud security, and SOC automation vendors) gain a tailwind every time a regulator raises the alarm. AI attackers, in the wrong hands, raise tail risk for every financial institution running unaudited code. For more on the regulatory backdrop, the Treasury Department’s press release feed is the authoritative source for any formal follow-up to this private meeting.

Weber’s nuclear analogy is uncomfortable for a reason. Once a capability exists, the question shifts from whether it will be used to who controls its use, and on what timetable. Bank CEOs now have that timetable on their calendars.

The analyst who called NVIDIA in 2010 just named his top 10 AI stocks

#Cybersecurity #AIThreats #DigitalWeapons #TreasuryWarning #BankSecurity #FinancialSafety #ArtificialIntelligence #CyberDefense #NationalSecurity #RiskManagement #CyberWarfare #AIRegulation #FinTechSecurity #CyberCrime #DigitalSafety #OnlineSecurity #CyberRisk #FinancialInstitutions #CyberPolicy #CyberPower #LivingSafeOnline

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 8.9/10 based on 11 reviews.
Verified by MonsterInsights