AI-Powered Phishing: A Growing Threat to Healthcare

Attacks on Healthcare Institutions

The healthcare sector is facing a sharp rise in phishing attacks, with their sophistication amplified by the use of generative artificial intelligence. According to available data, 2024 saw a more than 700% increase in attacks aimed at stealing login credentials.

Phishing—derived from the word "fishing"—is a type of cyberattack where attackers impersonate trusted entities such as vendors, insurers, or payment portals. The goal is to steal login details, install malware, or gain access to systems.

Hospitals and clinics are attractive targets because they manage vast databases of personal and health-related data, which can be exploited for financial fraud or identity theft. Other risk factors include operational decentralization, collaboration with external contractors, and a high volume of interdepartmental communication.

Enter AI

Generative tools like ChatGPT or Gemini enable attackers to create convincing emails and login pages in seconds. These mimic internal communication styles, names, logos, and writing tone of employees or vendors. What once required time and technical expertise is now available to virtually anyone.

AI also allows attackers to rapidly test message variations and optimize content to bypass filters and persuade recipients. Even experienced healthcare professionals can fall victim.

Compromised credentials often serve as a gateway for ransomware, system outages, or operational disruptions. The financial impact is significant—average costs of a cyber incident in healthcare reached nearly $11 million in 2023. Data leaks, system downtime, and reputational damage directly affect the quality of care and patient trust.

How to Defend

Defense must start with identity management. Every login attempt should be considered a potential threat. Crucial steps include multi-factor authentication, strictly enforced role-based permissions, and continuous activity monitoring. These measures hinder attackers’ movement within systems and increase the chance of early detection.

Technology alone is not enough. Without a responsible approach from employees, its effectiveness drops. Regular training, clear rules, and active leadership support help embed security practices into daily routines.

What Real Incidents Reveal

The consequences of phishing are illustrated by real-world events. In 2015, a single email led to a breach of nearly 79 million patient records at Anthem. Three years later, a malicious link triggered a ransomware attack at Hancock Hospital, resulting in a $55,000 ransom. In 2021, hackers attacked Ireland’s health service. The disruption lasted weeks, causing appointment cancellations and delays in acute care.

Implementing effective cybersecurity strategies in healthcare is no longer optional. It is essential for protecting patients, ensuring operational continuity, and preserving institutional trust. AI-driven phishing is a threat that cannot be countered with a single measure.

Editorial Team, Medscope.pro

Sources:

1. Priestman W., Anstis T., Sebire I. G. et al. Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health & Care Informatics 2019; 26(1): e100031, doi: 10.1136/bmjhci‑2019‑100031.

2. Abdi A., Bennouri H., Keane A. Emerging Cyber Risks & Threats in Healthcare Systems: A Case Study in Resilient Cybersecurity Solutions. Proceedings of MECO 2024, doi: 10.1109/MECO62516.2024.10577790.

3. Nifakos S., Chandramouli K., Nikolaou C. K. et al. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors (Basel) 2021; 21(15): 5119, doi: 10.3390/s21155119.

4. Biden administration proposes new cybersecurity rules to limit impact on healthcare. Reuters Technology, Dec 27, 2024. Available at: www.reuters.com/technology/cybersecurity/biden-administration-proposes-new-cybersecurity-rules-limit-impact-healthcare-2024-12-27

5. Average Cost of a Data Breach Rises to $11.88M; Falls to $10.77M in Healthcare. HIPAA Journal 2024. Available at: www.hipaajournal.com/cost-healthcare-data-breach-2024

6. Yeo L. H., Banfield J. Human Factors in Electronic Health Records Cybersecurity Breach: An Exploratory Analysis. Perspectives in Health Information Management 2022; 19(Spring): 1i. Available at: https://pmc.ncbi.nlm.nih.gov/articles/PMC9123525