Notifications
Clear all
Topic starter
27/06/2026 2:06 pm
TL;DR: Healthcare attackers compromised 280 million patient records in 2024, or 83% of the U.S. population, as AI-driven phishing, deepfakes, and identity abuse pushed past legacy defenses, according to Abnormal AI. The governance gap is no longer awareness alone but whether identity, MFA, and behavioural controls can still separate normal activity from machine-speed impersonation.
NHIMG editorial — based on content published by Abnormal AI: Hacking Healthcare: Smarter Threats, AI Risks, and How Security Leaders Are Fighting Back
By the numbers:
- In 2024, cyber attackers compromised 280 million patient records, affecting 83% of the U.S. population.
- BJC Health System cut manual email triage by 75% using AI-based behavioral detection instead of legacy tools.
Questions worth separating out
Q: How should healthcare teams defend against AI-powered phishing and impersonation?
A: Start by treating identity verification as a workflow control, not just an authentication control.
Q: Why do MFA and traditional training still fail against machine-speed attacks?
A: MFA can confirm a login, but it does not guarantee that the actor remains trustworthy after access is granted.
Q: What signals show that identity misuse is happening inside healthcare workflows?
A: Look for changes in device, location, timing, message style, approval patterns, and task sequence.
Practitioner guidance
- Harden identity verification for high-risk requests Require secondary verification for payment changes, credential resets, directory edits, and other sensitive actions that arrive through email, chat, or voice.
- Add post-authentication identity analytics Use contextual detections that watch for unusual device, location, timing, and interaction patterns after MFA succeeds.
- Replace annual-only awareness with continuous, role-based messaging Deliver short, frequent training tied to current attack patterns, common request types, and local business processes.
What's in the full article
Abnormal AI's full blog post covers the webinar detail this post intentionally leaves for the source:
- Speaker-by-speaker commentary from BJC Health System, CrowdStrike, and Abnormal AI on current healthcare threat patterns.
- The full discussion of how AI-based behavioral detection reduced manual email triage by 75% at BJC Health System.
- More detail on how attackers use voice cloning, real-time social engineering, and identity abuse to move inside healthcare environments.
- The compliance discussion covering HIPAA updates and the practical governance questions raised by AI-enabled security tooling.
👉 Read Abnormal AI's webinar analysis of AI-powered healthcare attacks and identity risk →
AI-powered healthcare attacks: are identity controls keeping up?
Explore further
27/06/2026 3:43 pm
Identity compromise is now the primary healthcare attack surface. The article shows that attackers no longer need to brute-force their way through healthcare environments when impersonation, MFA abuse, and trusted third parties can open the same doors. That shifts the real control question from blocking bad traffic to verifying who, or what, is acting inside the workflow. Practitioners should treat identity assurance as the front line of healthcare resilience.
A few things that frame the scale:
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means many teams cannot confidently tell which machine identities are active at any moment, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who should own identity risk when attacks target both people and third-party access?
A: Identity risk should sit with security leadership, IAM, and operational owners together, because the attack path crosses technical and human controls. Healthcare especially needs shared accountability for onboarding, verification, third-party access, and offboarding, since one weak handoff can let an impersonation campaign move from message to action.
👉 Read our full editorial: AI-powered healthcare attacks are outpacing legacy identity controls
