What's Happening?
The healthcare industry is increasingly vulnerable to cybersecurity threats due to the rise of generative AI (GenAI). According to Chris Bevil, Principal of Global Cyber Resilience & AI at Commvault, healthcare accounted for 22% of ransomware attacks
in 2025, with 93% of organizations experiencing at least one cyberattack. GenAI is reshaping the threat landscape by making it easier to launch sophisticated cyberattacks, such as phishing and malware development. The primary concern is not just malicious attacks but also the uncontrolled use of AI with sensitive data, which can lead to data leakage and integration risks across clinical systems. Healthcare organizations are urged to focus on resilience, assuming breaches will occur and maintaining safe operations and recovery.
Why It's Important?
The implications of GenAI in healthcare extend beyond traditional cybersecurity concerns, impacting patient safety and care delivery. AI security failures can lead to care-delivery failures, not just privacy breaches. The rapid pace of GenAI innovation poses new challenges, as it democratizes the ability to enhance cyberattacks. Human error remains a significant risk, amplified by AI-generated content. The healthcare sector must adapt to these changes by implementing comprehensive AI system inventories, risk-tiering, and human-in-the-loop requirements for high-risk use cases. Compliance with regulations like HIPAA and FDA expectations for AI-enabled medical devices is crucial for maintaining operational resilience and patient safety.
What's Next?
Healthcare organizations need to prioritize resilience over prevention, focusing on maintaining operations during cyber events. This involves a shift in cybersecurity strategy, emphasizing recovery speed and restoration prioritization. Compliance frameworks will play a critical role in justifying investments in resilience and driving system testing. Organizations must adopt clear governance, strong boundaries, and continuous oversight to safely integrate GenAI into their operations. The role of CISOs is evolving to ensure that AI adoption protects care delivery and aligns with regulatory requirements. The healthcare sector must prepare for faster reporting requirements and adapt to new compliance expectations.
Beyond the Headlines
The integration of GenAI in healthcare raises ethical and legal concerns, particularly regarding data privacy and patient safety. The potential for AI-generated content to cause harm highlights the need for robust oversight and governance. As AI becomes more embedded in healthcare operations, organizations must navigate the complexities of third-party and supply-chain risks. The shift towards resilience over prevention reflects a broader trend in cybersecurity, emphasizing the importance of recovery and continuity in the face of inevitable breaches. This approach requires a cultural shift within organizations, prioritizing resilience as a core component of their cybersecurity strategy.













