Health insurance payers, healthcare providers, and their associated contractors who handle patient data have all been forced to reckon with heightened cybersecurity concerns. For the entire industry, a proactive approach — rather than a reactive approach — is more important than ever.
The data around expensive security breaches and other cyberattacks do not tell the complete story of what’s happening in healthcare. Payers and providers are being inundated with alerts — almost all of which never end up being reported in the media. In a sense, this is a welcome development. A vigilant approach to cybersecurity will detect more potential threats, not fewer. At the same time, the volume and severity of these warnings might not even be captured in survey responses, as AI tools increasingly assume the task of assessing threats and bringing only the most urgent alerts to the surface.
Against this backdrop, bad actors on a global stage are only continuing to increase their malicious activity. As of 2024, 67% of healthcare organizations worldwide said they had experienced ransomware attacks in the past year, compared to 34% in 2021. Here are the implications for the healthcare industry in 2025.
A multi-billion-dollar problem
In February 2024, Change Healthcare suffered a significant ransomware attack. The breach exploited a server lacking multi-factor authentication, allowing hackers to access sensitive data and disrupt operations. The attack compromised personal health information of more than 100 million individuals, marking it as one of the largest healthcare data breaches in U.S. history. The total cost of the response is now predicted to be between $2.3 billion and $2.45 billion.
The incident prompted investigations by the U.S. Department of Health and Human Services and led to increased scrutiny of cybersecurity practices within the healthcare sector. The market responded, as well. Google recently announced it reached agreement on a $32 billion acquisition of Wiz, a cloud security firm founded in January 2020. If it receives the regulatory approvals necessary to close, it will be the largest single acquisition in the history of Alphabet/Google.
Benefits of a proactive vs. reactive approach
Simply put, a defensive posture will not allow organizations to keep up with the cybersecurity alerts they receive. Discerning the signal in the midst of the noise is too much of a challenge. A proactive security stance allows organizations to prioritize the most critical vulnerabilities they can remediate.
Leveraging AI tools is essential to this effort. Scripts can be trained to separate signals from noise and find efficient, effective pathways to preventing the most critical incidents — effectively telling a user, ”these are the most important things you need to focus on today.”
AI agents can help identify the likely path an attacker would take. That not only helps remediate individual vulnerabilities, but hedges against future threats as well. The first breach is bad enough. The second, third, fourth, and onward — a sign a bad actor has learned how to leapfrog systems — is where the real damage can be done.
Healthcare-specific risks
The U.S. Department of Health and Human Services Office for Civil Rights was informed of about 720 healthcare-related cybersecurity incidents between Jan. 1 and Dec. 31, 2024. Information stored on network servers was the most frequently breached data in the healthcare industry in the first half of 2024.
Network servers are likely to become a more enticing target. As organizations share their members’ data, one breach only unlocks more individual information. Generally speaking, the risk of a cybersecurity incident is slightly greater to payers than to providers, because consolidation among health insurance firms has created larger user bases for a few big industry players. The seven biggest health insurance companies control almost 75 percent of the market; the market share among the largest healthcare providers is more broadly distributed.
Conclusion
The shift from reactive security postures to proactive is in direct response to an ever-rising wave of attacks healthcare industry organizations are facing. That will only prove more true as health systems and payers consolidate their user bases. Leveraging GenAI and similar tools can predict attack plans, analyze vulnerabilities faster, and remediate vulnerabilities before a breach or attack occurs to keep it out of the news.
Zach Evans is the Chief Technology Officer at Xsolis, the AI-driven health technology company that enables collaboration between healthcare providers and payers.
