Healthcare organizations need to be prepared for an increase in AI-assisted phishing attacks, according to Zack Martin, Senior Policy Advisor at Venable.
In an article for HIT Consultant, Martin explained that AI has made phishing attacks more convincing and easier to launch, posing a heightened risk to healthcare organizations.
“In the second half of 2024, phishing incidents surged by more than 700 percent – a spike that coincided with the mainstream adoption of generative AI tools,” Martin says. “These tools are now being used to create convincing emails, fake login pages, and impersonation campaigns that target both patients and staff. And in healthcare, where digital literacy can vary widely and data is especially sensitive, the consequences can be severe, leading to data breaches, ransomware, and system outages.”
Healthcare entities have a unique attack surface that makes them particularly vulnerable to social engineering attacks. Hospitals also face a heightened risk from ransomware attacks, since disruptions can affect patient care and put lives at risk.
“Hospitals and clinics serve a mix of internal users and external users – from employees logging into medical systems to patients and family members accessing portals,” Martin writes. “Many of these users may be unfamiliar with phishing tactics and could be more likely to trust realistic-looking login prompts or urgent alerts. The combination of accessible AI tools and a digitally inexperienced user base creates a perfect storm for credential theft.”
Martin concludes that employee awareness training can give healthcare organizations a necessary layer of defense against these attacks.
“A truly effective identity-first security strategy also includes continuous user education,” Martin writes. “Phishing emails – especially those enhanced by generative AI – can fool even the most experienced professionals. Regular awareness campaigns and simulated phishing exercises can help staff develop a reflex for spotting fake emails, verifying URLs, and reporting suspicious activity quickly.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
HIT Consultant has the story.
