AI in Healthcare Cybersecurity: Navigating Risks & Strategies
Artificial intelligence, particularly with the rise of generative AI platforms, has rapidly transitioned from specialized technical applications to widespread consumer use. By early 2025, a Pew Research Center study indicated that 58% of U.S. adults under 30 had utilized ChatGPT, a significant increase from 33% in 2023. This widespread adoption means that employees are likely already familiar with or using generative AI services, even without formal organizational policies, often relying on publicly available tools. This scenario introduces considerable data privacy and security risks for organizations.
Compounding this challenge, cybercriminals also have access to these advanced AI tools, leveraging them to orchestrate more sophisticated attacks. For instance, New York University has issued guidance to its campus community, cautioning against AI-assisted social engineering threats. As AI becomes an increasingly ubiquitous presence across industries, understanding its profound impact on cybersecurity is crucial, especially for healthcare organizations navigating this evolving landscape.
The Dual-Edged Sword: Concerns with AI in Cybersecurity
Cybersecurity experts broadly categorize AI-related security considerations into three perspectives: security with AI, security for AI, and security from AI. Each presents unique challenges for organizations.
Security with AI: Many modern security platforms now incorporate AI-powered features for enhanced threat detection and response. The primary challenge for organizations lies in discerning which solutions effectively integrate with their existing infrastructure and specific needs, ensuring they deliver tangible security benefits.
Security for AI: In healthcare, AI use cases have been piloted and deployed for several years, ranging from computer vision in virtual nursing programs to chatbots assisting clinicians with administrative tasks. These applications demand stringent safeguards. The National Institute of Standards and Technology (NIST) has warned of the risk of malicious actors deliberately manipulating AI systems to induce malfunctions, highlighting the critical need to secure the AI systems themselves.
Security from AI: Perhaps the most pressing concern is the potential for cybercriminals to weaponize AI. A 2024 ISC2 survey revealed that cybersecurity professionals are deeply worried about the use of AI to spread misinformation, with deepfakes, disinformation campaigns, and social engineering attacks topping their list of concerns. Earlier this year, YouTube issued a warning about phishing emails featuring AI-generated clips of its CEO, illustrating the tangible threat of AI-powered deception.
Leveraging AI for Enhanced Cybersecurity Defenses
Despite the inherent risks, AI also offers significant advantages for bolstering cybersecurity. The same ISC2 survey, which polled over 1,000 cybersecurity professionals, found that 82% agreed AI would improve their job efficiency. A majority anticipate AI will excel at handling time-consuming, lower-value functions, such as analyzing user behavior patterns, monitoring network traffic, and detecting threats.
This capability is particularly vital for healthcare organizations grappling with persistent staffing shortages, not only in clinical departments but also within their cybersecurity teams. Depending on their size and budgetary constraints, some health systems may lack the resources for continuous, around-the-clock security monitoring. In these scenarios, automated processes and managed services, often augmented by AI, can provide crucial support, enabling robust security oversight even with limited internal resources.
Ultimately, establishing strong AI and data governance frameworks will be paramount for healthcare organizations as these emerging technologies and processes become more pervasive. Just as clinical teams collaborate for patient care, organizations can foster a multidisciplinary approach by working with partners to develop comprehensive AI and security strategies, ensuring a resilient and secure digital environment.