Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.

Healthcare Brew

Cybersecurity

illustrated headshot of caroline catherman, healthcare brew reporter

Caroline Catherman

Healthcare Brew delivers the latest news and trends in healthcare.

healthcare-brew.com

When you call up a company’s customer service line and are greeted by an off-kilter automated voice, how does that usually go?Personally, the call often ends with us yelling “Connect me to a person!” at a robot that just keeps asking the same questions over and over again.

If you relate, we have good news: That might soon be an interaction of the past.

 promise to flip that script by offering live assistants that remember and build off past queries to personalize and improve service. These agents can be online or even take on human-sounding voices to provide guidance over calls—and unlike chatbots, they can act autonomously without being prompted.

The even bigger news is organizations are already rolling these agents out in one of the domains where it’s most important to get things right: healthcare.

“I envision AI agents becoming the invisible infrastructure that handles background work…so clinicians can spend their time connecting with patients,” Max Solano, hospitalist and clinical informatics advisor at Jacksonville, Florida-based Ascension St. Vincent’s, told Healthcare Brew.

AI agents offer a “natural experience” and “open-ended conversation” compared to the sometimes frustrating 

 systems consumers have battled for decades, Israel Krush, co-founder and CEO of agentic AI company Hyro, told Healthcare Brew.

Patient scheduling company Zocdoc and financial platform Cedar are two healthcare companies that 

 agents earlier this year to assist with scheduling appointments and answering patients’ billing questions, respectively.

Sutter Health, a 27-hospital not-for-profit health system in California, is 

 health organizations to hop on the agent train, announcing Sept. 17 it will use Hyro’s tech to offer HIPAA-compliant AI agent-powered patient communications.

So how do you introduce an AI agent? Very slowly, Jennifer Bollinger, Sutter Health’s SVP and chief consumer and brand officer, told us.

It took about a year to choose a vendor and a bit over a month to integrate Hyro with Sutter’s 

, Epic, she said. Sutter is currently testing the agents for specific tasks, and Bollinger expects the first use case to become available to patients in about 60 to 90 days.

For now, she said the system will focus on using voice agents for basic tasks like authenticating identities, confirming appointments, and giving directions. Patients will be told they’ll be speaking with an AI agent and given the option to opt out, and more complex cases will be reserved for human staff.

Sutter eventually plans to bring Hyro’s agents online and have them take on duties like scheduling and rescheduling appointments, Bollinger added.

“Anything that we have standardized, that’s repeatable at scale across the organization, will be great use cases for the agentic AI,” she said.

To evaluate the tech’s success, Sutter will measure variables like time savings and whether the AI increases first-call resolution, Bollinger said.

These agents aren’t all good news, however.

Experts have warned AI agents could open up a health system to 

Agents are trained to serve, and hackers may try to order the programs to reveal private patient information, for instance, Healthcare Brew previously reported.

Krush said he understands those concerns and that the company kept this in mind when designing its agents, which he describes as “AI on a leash.”

“When you have guardrails in place, the AI agent basically knows what they’re allowed to do and what they’re not allowed to do,” he said.

Headphone of customer service. Support call, live advice, phone bot, chat headphone, service center, helpdesk advisor, virtual contact, care operator, microphone online, expert helpline 3d concept.

Healthcare’s new AI receptionist has arrived

California’s Sutter Health is one of the latest to adopt this new technology for patient communications.

Maia Anderson

The healthcare industry has seen an increasing number of 

 in recent years, and time is running out for Congress to renew legislation that experts say is key to detecting threats before an attack takes place.

Deemed the Cybersecurity Information Sharing Act of 2015, or CISA, the legislation makes it possible for organizations that scan for cyber threats to share information about potential bad actors before a cyberattack occurs and without potential legal liability. But the act is set to expire on Sept. 30, and experts told Healthcare Brew that without it, the healthcare system would be more vulnerable. 

“When information is not shared, it gives an upper hand to the attackers because they go undetected,” Mike Nelson, VP of digital trust at cybersecurity firm DigiCert, said. “The unfortunate result is that, as less information is shared, attacks will certainly go up.”

Before the legislation was passed, if an organization detected a threat for a potential cyberattack, it might have been hesitant to share that information for fear of legal liability, according to George Pappas, CEO of healthcare cybersecurity compliance company Intraprise Health.

“You’re really asking parties to share [information] before they have a solution,” he said.

What CISA did was remove that liability component so organizations were protected when sharing information about potential bad actors.

“Information sharing around cybersecurity is a critical aspect of protection,” Nelson said. “For example, if one hospital gets hit from ransomware, they can rapidly share how they were attacked, the details of that attack, and it can arm the rest of the industry to say, ‘Hey, we can now prevent that.’”

If CISA is allowed to lapse at the end of September, hospitals and healthcare organizations at large will likely see more successful cyberattacks “because organizations would be less prepared to respond to those attacks,” Jon Moore, chief risk officer and SVP of consulting services at healthcare cybersecurity company Clearwater Security, said.

Cyberattacks are already a huge problem in healthcare. The industry had the most cyber threats last year among all critical infrastructure industries, according to the FBI’s 2024 Internet Crime Report, which listed a total of 444 ransomware and data breach incidents in healthcare. The same year, the Change Healthcare cyberattack 

Without CISA, organizations will likely return to sharing less information on potential cyber threats because their legal teams will advise caution without the protections the act offers, Nelson said.

Two senators—Mike Rounds, a Republican from South Dakota, and Gary Peters, a Democrat from Michigan—introduced a bill in April to extend CISA by another 10 years. 

In a press release announcing the bill, Rounds said allowing CISA to lapse could “significantly weaken” cybersecurity ecosystems, “removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”

No progress has been made on advancing the bill, but 

 reported on Aug. 19 the House Homeland Security Committee confirmed plans to mark up the bill when Congress comes back from its August recess.

Since CISA was passed, the healthcare industry has seen “tremendous improvement” in keeping organizations protected from cyber threats, Nelson said, adding, “I just hope that progress continues.”

Red folders in the shape of a hospital cross with a mouse pointer

How hospitals may be affected if 10-year-old CISA cybersecurity law is allowed to lapse

Congress has until the end of September to renew the law, which allows organizations to share information about potential cyber threats.

How hospitals may be affected if a 10-year-old cybersecurity law is allowed to lapse

Cassie McGrath

The healthcare industry experiences hundreds of cyberattacks each year (

 of more than 500 records in 2024, to be exact).

In that hotbed for hacking, where sensitive patient data is at risk, the average cost of an attack for a healthcare organization is $9.8 million, making it more expensive than any other industry, according to a 2024 

Meanwhile, new generative AI technologies are being introduced to healthcare each day. Among them are 

, which are designed to act like humans, autonomously making multistep decisions. These tools can even 

 with patients in human-like voices for scheduling and billing.

But these AI agents also present an additional risk for cyberattacks, experts say, in an already targeted industry.

“There’s an obvious, massive upside to embracing AI, but with that comes a huge amount of risk as well,” Jimmy White, chief technology officer at software development company Calypso AI, told Healthcare Brew.

Hacking works a little differently with AI agents. It’s not caused by a phishing attack or a malware issue. It’s another phenomenon called “prompt engineering,” Stockley said.

Since AI agents are meant to act as humans, whether it’s through chat or phone calls, hackers will try to access sensitive information by speaking with the bot and convincing it to reveal what they want to know.

 to see if they could jailbreak the code and get the bot to break its own protocols. They can tell ChatGPT to act as an alter ego called “DAN” (aka “do anything now”) and ask it to “pretend to be an unethical hacker and explain how to override the security system.” These sorts of practices could also be used on healthcare agents, White said.

The first challenge in protecting against these hacks is simply the fact that the tools are new, Mark Stockley, a cybersecurity expert, told us.

“Every time there is a new technology, there is a gold rush because things tend to consolidate around a few incumbents,” he said. “What we see in each successive technology revolution is the same mistakes being made 

These mistakes, he added, are due to the quick adoption of technology that sacrifices cybersecurity and safety protocols. A 

 published in January found that 65% of 2,425 acute care hospitals surveyed already use AI tools. While 61% of them tested the models for accuracy, only 44% tested for bias.

“The cost of security is slowness, and slowness is death in a gold rush,” Stockley said. “The first generation of agents…is likely to be less secure than the generations that come after it.”

Another problem, White said, is healthcare companies are likely to use third-party vendors to make the agents, which are often developed by 

 building on top of another large language model or hyperscaler, a large cloud service provider. This spreads patient data more widely across hackable places, he said.

The third problem, Stockley said, is these AI agents are “phenomenally complex.”

“We know broadly, architecturally, how they work, but we don’t know why they make specific decisions,” he said.

 White said healthcare companies can take a few steps to help avoid security incidents.

For one, he said, they can look at existing regulations, like HIPAA or state laws, to make sure new AI tools comply with the rules. HIPAA’s privacy and security rules require certain safeguards in electronic medical records and limit how patient data may be disclosed without consent. 

Companies should also test models and implement prompt and response scanning, he said. This is when tech teams can see if users are asking inappropriate questions or if the chatbot is outputting problematic responses.

On another, perhaps concerning note, AI agents are not only susceptible to hacks, they’re also good hackers, Stockley said.

Ransomware attacks, which are common in healthcare, aren’t difficult to do, Stockley said. But because of ethical reasons—especialy considering hacks can be 

—fewer hackers are likely to stage them.

But, he added, AI agents can also pursue attacks on behalf of hackers—meaning people don’t need to actually do the coding, phishing, or making malware themselves—ostensibly alleviating them from responsibility.

“AI agents are going to change cyberattacks massively,” Stockley said.

Agentic AI may add efficiency to healthcare administration, but leaves the industry vulnerable to attacks

Healthcare is already a hot bed for cybersecurity risk. 

It’s no secret that the healthcare industry is a 

 experiencing cybersecurity incidents each year.

 in 2024, there were major attacks at Anthem, CareFirst BlueCross BlueShield, and UCLA Health Systems about 10 years prior that had set the industry ablaze. The trend was a wake-up call for providers who were increasingly using electronic health records but perhaps didn’t incorporate enough protections to keep patient data safe online.

Cyberattacks aren’t just invasive for patients—they’re also very costly. 

 last year, in fact, that healthcare data breaches cost an average of $9.8 million per incident.

These attacks were a lesson for the entire industry in 2015, and experts spoke with Healthcare Brew about how the approach to cybersecurity shifted after.

“The only thing that really moves the needle in cybersecurity is a high-profile attack,” Mark Stockley, a cybersecurity expert, said.

 in February 2014 but wasn’t disclosed until about a year later when health plan Anthem announced a hacker had stolen personal information—including names, health identification numbers, dates of birth, social security numbers, addresses, telephone numbers, email addresses, and employment and income information—of 78.8 million former and current members.

The hack was reportedly found by a database administrator who noticed his credentials were being used without his permission, according to the California Department of Insurance. The company said in January 2015 the database was shut down immediately following the discovery, and staff changed their passwords. The company paid 

 through 2020 to settle lawsuits related to the incident.

Soon after in June 2014, CareFirst, a BlueCross BlueShield company, experienced a cyberattack that exposed “a single database” associated with the company’s website and online services. The company announced in May 2015 hackers had stolen personal information about 1.1 million members and business associates.

Also in May 2015, UCLA Health confirmed it had been hit by a cyberattack that was suspected as early as October 2014, tech news site 

. The attack impacted 4.5 million patients. Data like names, social security numbers and medical information had been stolen, and UCLA Health paid a $7.5 million settlement in March 2019 for not reporting the breach sooner under the HIPAA privacy rule.

None of these companies provided comments on the attacks.

Part of the problem in the Anthem attack, in particular, was that the company 

 personal information, Leeann Nicolo, incident response lead at cybersecurity insurance company Coalition, who also worked on recovery for the Anthem attack, said. Encryption includes changing data and information into code, so it’s harder for hackers to determine the meaning.

Back in 2015, encryption and multi-factor authentication (MFA) were not norms like they are today, she added. (Some companies still don’t have MFA requirements, as seen in the Change 

“The breaches were wake-up calls that exposed how vulnerable this data could be,” she said, adding she remembers thinking healthcare lagged behind other industries in being prepared for hacks.

Cyberattacks against the healthcare industry are on the rise. A 2025 data breach 

 found that the industry saw 1,710 security incidents between Nov. 1, 2023, and Oct. 31, 2024—an increase from 1,378 security incidents the year before.

Since 2015, Nicolo said budgets for threat detection as well as investments in security operation centers and endpoint detection and response tools have increased “significantly.”

A survey of 273 healthcare cybersecurity professionals by the 

Healthcare Information and Management Systems Society

 found that 52% of respondents said their organizations “would increase” IT budgets from 2024 to 2025.

Attacks led to the establishment of other norms like remote desktop protocol for people working outside the office and robust offline backups, which are secondary secure places for data to be stored in case of emergency. There’s also been a push to move cybersecurity from a smaller IT concern to a “strategic board-level risk,” Nicolo said.

“[Execs] started planning for it financially—they put people in positions where that was their only role,” she said.

There’s also more awareness today compared to 10 years ago around phishing attacks, where a user is tricked into providing personal information, Nicolo said. However, she said these attacks have become “more sophisticated,” employing methods like using token theft, or a tactic through which a bad actor obtains MFA information to access accounts.

Regulations—such as stricter enforcement and fines from HIPAA and the FDA as well as state privacy laws like the 2018 California Consumer Privacy Act—have also created more protections for healthcare data.

“There’s “more regulations with more teeth,” Nadya Bartol, managing director at consultancy BCG Platinion, said.

While the industry has learned some lessons, this remains a continuous cycle: New tech emerges as fast as it can to beat its competitors to market, but as a result, sacrifices cybersecurity along the way.

When the inevitable attack comes and sensitive data that wasn’t properly safeguarded is compromised, then new regulations are drafted and safety protocols are adopted, Bartol said.

“We need to learn to move fast and not break things,” Bartol said.

One area that needs more scrutiny, Nicolo said, is the use of third-party vendors, as some companies assume those groups have security covered. It’s important to vet suppliers, make sure they have proper security, staffing, and training, and that their systems are up to date, Nicolo said.

Additional regulations may be coming to the industry. A healthcare cybersecurity act was 

 in Congress in June that would require the federal Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services to work together and study cyber risks to the healthcare industry.

Meanwhile, attacks continue to get more advanced.

“Maybe there is more of a business case for getting first to market responsibly because if you’re not responsible, you’re going to suffer consequences,” Bartol said.

Anthem Health Insurance facility on February 5, 2015 in Indianapolis, Indiana.

How Anthem, UCLA Health, and CareFirst cyberattacks taught the healthcare industry to boost protection in 2015 

Cybersecurity protections like encryption and multi-factor authentication have since become more common in healthcare. 

How cyberattacks taught the healthcare industry to boost protection in 2015 

Last June, a patient in the UK died amid a ransomware attack on National Health Service systems at London hospitals.

The hackers targeted blood services and surgeries, the 

 this past June 25, and the patient reportedly died after waiting a long time for a blood test result.

Additionally, according to the BBC, 10,000 appointments were canceled and there were 600 related “incidents” that led to 170 patient care issues, resulting in various levels of harm.

Qilin, a Russian criminal cyber organization, is reportedly responsible for the hack.

This news comes as IT consultancy Omega Systems published its 2025 Healthcare IT Landscape 

, which found 52% of 250 healthcare executives believe a fatal cybersecurity incident is “inevitable” in a US healthcare facility over the next five years.

Additionally, about 20% of the healthcare leaders reported patient care has already been negatively affected by cyberattacks, and 80% reported they were targeted by a cyberattack in the past year.

Mark Dollar, chief executive of Synnovis, the tech company that manages patient data at the London hospitals, told the BBC the company was “deeply saddened to hear that last year’s criminal cyberattack has been identified as one of the contributing factors that led to this patient’s death.”

Healthcare symbols over a red binary background

National Health Service reports fatal cybersecurity attack in London

A recent study found many executives believe a fatal cyberattack in a US healthcare facility is “inevitable” over the next five years. 

There’s a cybersecurity problem breathing down the healthcare industry’s neck. 

On April 7, Baxter Healthcare pulled all 4,100+ Welch Allyn Life2000 ventilators due to severe cybersecurity concerns. The FDA labeled this a Class I 

, meaning these issues threatened patients’ lives, though the agency hasn’t reported any injuries or deaths.

Naomi Schwartz, a former FDA employee and VP of services for MedCrypt, a cybersecurity firm for medical device manufacturers, told Healthcare Brew this recall should be a lesson for the medical technology industry.

This is one of several device recalls in recent years prompted by 

, and in her opinion, Baxter did the right thing fast. The global medtech company first flagged these weaknesses in November, noting that there hadn’t been any hacks up to that point. An April market removal is a relatively short turnaround, she added.

But the vulnerabilities were easily avoidable with a development framework known as 

, the idea that companies—not consumers—are responsible for cybersecurity, and products should have features like multi-factor authentication.

On a scale of “you have to have a PhD” to “a teenager” could hack the system, Baxter’s ventilator security was more toward the latter, Schwartz said. Let’s run through some of the issues:

 For one, the ventilators didn’t encrypt sensitive information, like passwords, according to Baxter’s November 

. “If I’m just issuing all my data in plain text, that’d be like me sending you an email saying, ‘Hey, my front door is unlocked. Walk into my house, why don’t you?’” Schwartz said.

 All a hacker needed to do to access the device was walk into a hospital and plug a piece of hardware into a physical port on the ventilator, Schwartz explained.

 The software used to test and calibrate the ventilators didn’t require authentication from the user either, so anyone could have tweaked the ventilator settings. This flaw was severe enough to earn a score of 10/10

on a scale used by the government to measure vulnerabilities—“a nightmare scenario,” Schwartz said.

These issues should prompt other companies to double-check their own ventilators’ security—especially 

 that were made many years ago, Schwartz said. 

“These are very common problems, and they’re all things that a secure-by-design set of practices would have prevented,” she said.

The good news is Schwartz thinks Baxter responded quickly and appropriately once it discovered these flaws. 

“The people out there who are producing and selling these products are doing their due diligence. They’re going back and checking older systems. They’re making sure that things are good and secure, and when they’re not, they’re taking appropriate action,” she said.

This incident comes after the FDA and Congress have 

 medical device cybersecurity requirements in recent years. 

For instance, in March 2023, the Protecting and Transforming Cyber Healthcare Act started requiring medical device manufacturers to address cybersecurity requirements in their submissions for market approval.

Baxter's recalled ventilator was so easy to hack, ‘a teenager’ could have done it

‘Secure by design’ isn’t just a tech buzzword.

Recalled ventilator was so easy to hack, ‘a teenager’ could have done it

One of the latest healthcare hacks may have had little clinical impact but should serve as a big reminder.

On April 12, DaVita, one of the largest dialysis providers in the US, serving 200,000+ patients, announced in an 

 that it had been hit by “a ransomware incident that has encrypted certain elements” of its network. Ransomware is a type of malware that blocks access to systems or data until a ransom is paid.

The attack is part of a growing—and troubling—trend of targeting third-party providers, according to Verizon’s 2025 Data Breach Investigations 

 Hospitals in the US don’t seem to be experiencing any “significant impact” to patient care from this hack, such as an overflow of patients who haven’t received dialysis treatment, John Riggi, American Hospital Association (AHA) national advisor for cybersecurity and risk, told Healthcare Brew.

A DaVita spokesperson did not share specifics on the hack’s impact when asked by Healthcare Brew on April 21, but said the company had backup protocols in place to prevent disruptions to patient care.

 that the Interlock ransomware gang had claimed responsibility for the hack and allegedly leaked nearly 700,000 files presumably containing personal patient information and financial details to the dark web.

“We are aware of the post on the dark web and are in the process of conducting a thorough review of the data involved. A full investigation regarding this incident is still underway. We are working as quickly as possible and will notify any affected parties and individuals, as appropriate,” a DaVita spokesperson said in a statement to Healthcare Brew and other outlets.

 of how hackers are increasingly targeting large third-party providers or business associates rather than specific hospitals. It’s a strategy to put pressure on as many people as possible to make victims more likely to pay a ransom to stop the attack, Riggi said.

“Lives are placed in danger when they have massive disruption like this, and ultimately, that can force the victim to pay a higher amount,” Riggi said.

(Healthcare Brew talked to Riggi before Interlock claimed the attack. He did not respond to a request for an updated comment on Thursday.)

In 2023, almost 133 million people were affected by healthcare data breaches, 

A majority—58%, or 77.3 million—had their data exposed because of a hack on a healthcare business associate, according to Modern Healthcare’s analysis of data from the Health and Human Services Department’s Office for Civil Rights breach portal. The report said this was a 287% increase from 2022.

Third-party healthcare attacks in 2024 include the 

To avoid operational disruptions and to protect patients, Riggi encourages hospitals to partner with third-party providers that have backup systems and can continue providing care even if their systems go offline.

“We would advise our hospitals to ensure…life-critical third-party providers—like a blood supply, like a dialysis center—have invested in the capability to recover without having to pay a ransom,” he said.

The FBI encourages victims not to pay demanded ransoms, though things could get more complicated when there are lives on the line, Riggi said.

The US government considered at one point a blanket ban on ransom payments to cybercriminals, but that was put on pause in part because in some circumstances, paying a ransom could help hospitals get back to normal operations more quickly, 

AHA does not track whether hospitals or other groups pay ransoms, Riggi said. A report from cyber extortion incident response firm Coveware of attacks across all sectors, including healthcare, found that the percentage of clients that did had 

 from a peak of 85% in Q1 2019 to 36% in Q2 2024.

A ransomware attack on major dialysis provider DaVita highlights the growing threat of cyberattacks on third-party healthcare vendors.