Healthcare organizations (HCO) must embrace AI-powered tools to spot and contain threats faster, or continue to risk potentially fatal consequences for patients, experts have warned.
Speaking at Infosecurity Europe on June 4, Cyber Salus CEO, Sher Baig, said HCOs across the globe face the same threats and operational constraints.
Legacy infrastructure, hyper-connectivity and human fatigue are fomenting a perfect storm of risk, he argued. In rare cases, breaches can lead to patient fatalities.
“If there was ever an industry where the potential harm bad actors can do is directly correlated to human impact, it’s healthcare,” Baig told attendees.
The sector is frequently described as the most targeted, with ransomware a particularly acute concern given its potential impact on clinical services.
Some 93% of HCOs suffered at least one cyber-attack in 2025, with an average of 43 attacks per organization, up from 40 in 2024, according to Proofpoint research.
Connected devices such as infusion pumps, imaging systems, patient monitors and lab systems are particularly exposed, Baig said.
“In healthcare, you don’t purchase medical equipment like an iPhone. These devices are in the field for 15 to 20 years running legacy operating systems,” he added.
Reactive approaches rooted in the past are failing HCOs, he argued – pointing to alert overload and time-consuming manual investigations. Discovering vulnerabilities after exposure and scrambling to assess and contain the risk is an increasingly unsustainable approach as AI collapses the exploit window.
AI is not only helping threat actors to find and exploit vulnerabilities in legacy systems and networks faster than ever, it’s also supercharging phishing.
However, it can also arm defenders through continuous monitoring and analysis, faster anomaly detection and automated threat prioritization, Baig continued.
Protecting Networks and Patients
With this in mind, HCO security teams should transition to a more proactive posture where threats are spotted and contained early. Baig highlighted four steps organizations should take:
- Aim for full visibility into devices and threats, with insight into device-level parameters right down to software version
- Prioritize threats by clinical risk to ensure threats to devices with a potentially critical impact on patient care are addressed first
- Use AI for signal correlation to reduce SecOps alert fatigue
- Patch where possible, segment to reduce exposure, and use AI to apply the most appropriate compensating control
"That's the game plan we should all be working on now, not once there is a breach,” Baig concluded.
Rob Demain, CEO at e2e-assure, told Infosecurity that “reactive to predictive is the right direction for healthcare.”
“The caveat is that predictive is not a product you switch on, it is something you earn, and you earn it with telemetry,” he added.
“Most healthcare organizations do not have clean complete data to reason over. Estates are sprawling, much of the kit cannot run an agent or be patched, and large parts of the network are invisible. No model predicts what it cannot see. The honest first move is not predictive AI, it is basic coverage of the estate.”
Chris Newton-Smith, CEO at IO, told Infosecurity that AI is changing the speed, scale and sophistication of cyber threats in healthcare, but that it’s amplifying existing weaknesses rather than creating new risks.
“On the defensive side, AI has the potential to help healthcare security teams identify anomalies faster, prioritize alerts more effectively and improve incident response. But again, AI alone cannot compensate for fragmented processes, weak governance or overstretched teams,” he added.
“For healthcare leaders, the priority should be strengthening the fundamentals: governance, resilience, workforce capability, supplier assurance and risk management. If you can get those foundations right, then you will hopefully be better positioned to benefit from AI while remaining resilient against the new risks it introduces.”