chat
expand_more

When Trust Becomes a Threat: Securing Healthcare at the Human Level

Discover how healthcare security leaders are defending against AI-powered threats. Learn why identity and email are the new frontlines—and what it takes to protect the human element.
July 1, 2025

The healthcare sector is under siege. In 2024, cybercriminals compromised the records of 280 million patients, impacting 83% of the U.S. population. These aren’t isolated incidents. They’re part of a larger trend: smarter, faster, AI-powered attacks that sidestep traditional defenses and exploit the most vulnerable part of the system—humans.

In our recent webinar, Hacking Healthcare: Smarter Threats, AI Risks, and How Security Leaders Are Fighting Back, experts from BJC Health System, CrowdStrike, and Abnormal came together to unpack what’s happening and how security leaders are fighting back.

Why Healthcare Remains a Prime Target

Healthcare is a high-value, high-risk target. It’s a complex web of systems, users, and data, with legacy infrastructure and limited resources. That makes it ripe for exploitation.

“It’s not just one industry,” said Matt Modica, CISO at BJC Health System. “It’s education, research, finance, and critical infrastructure all rolled into one.”

Add in the urgency of care delivery, a sprawling network of third-party providers, and an environment where trust is paramount, and you have a perfect storm.

From Phishing to Deepfakes: Threats Are Getting Personal

Attackers are shifting from brute-force to brainpower. AI-generated emails, voice cloning, and real-time social engineering campaigns are becoming the norm.

“Threat actors aren’t just spoofing domains,” explained Mike Britton, CIO at Abnormal AI. “They’re mimicking behavior—down to how you greet your coworkers.”

Wael Eunan, Executive Strategist at CrowdStrike, pointed out that adversaries now operate at machine speed, often exploiting identity and MFA to get in unnoticed. And once they’re in, they move fast.

Human Risk, Human-Centered Training

When asked about his biggest challenge, Matt Modica didn’t hesitate: “One word—humans.”

Even with strong technical controls, it takes just one misstep—a click, a shared credential, a moment of trust—for an attacker to gain access. That’s why security strategies can’t stop at software. They need to support people.

Modica emphasized that traditional training won’t cut it. Annual slide decks and checkbox courses don’t drive behavior change. Instead, healthcare organizations must build a culture of awareness—one rooted in context, relevance, and consistency.

“Think like marketing,” Modica said. “Get your message across quickly and effectively.” Because when the risk is human, the defense must be too.

Defending with Behavior, Not Blocklists

To further counter evolving threats, security leaders are adopting a fundamentally different approach—one centered on behavior-based detection and artificial intelligence. Modica shared how BJC Health System reduced manual email triage by 75% with Abnormal’s platform, which uses identity and context to detect anomalies that evade legacy tools.

AI also enables consistent, real-time analysis at scale—an essential capability for organizations with thousands of endpoints. Britton noted that legacy security simply can’t keep up with attacks that move at machine speed. Human-powered detection can’t scale fast enough.

Eunan added that AI’s value lies in its ability to analyze behavior across assets—on-premises and in the cloud—to detect identity misuse and prevent social engineering. As healthcare threats grow more sophisticated, integrating tools that work in concert, not in silos, is essential.

Compliance Pressure Is Rising

Eunan pointed to the recent wave of regulations—including updates to HIPAA and new cybersecurity laws—as signals that healthcare must improve. While AI introduces new compliance questions, especially around data usage, Modica stressed that AI security tools are still just tools. With the right governance and validation, they can be safely integrated into compliance-driven environments.

“Compliance is the floor, not the ceiling,” said Britton. “Focus on actual risk. Compliance will follow.”

Fighting Tomorrow’s Attacks Today

Looking to the future, both Britton and Eunan flagged the rise of AI-powered social engineering. Deepfakes, voice cloning, and sophisticated spoofing campaigns are no longer theoretical—they’re here. And when attackers hijack legitimate identities, distinguishing threat from normal activity becomes even harder.

That’s why identity protection must be a top priority. As Eunan said, “When Wael becomes Matt, and Matt is doing his job—how do you detect that?”

The panel closed with a powerful reminder: speak the language of business. “Security is a business enabler,” said Eunan. “Frame the conversation around outcomes—not just risk.”

Britton added, “Don’t just ask what it costs to buy the tool. Ask what it’ll cost if you don’t.”

Want to hear the full conversation?
Watch the complete webinar for more insights on defending against AI-powered threats in healthcare—from credential compromise to deepfakes, and beyond.

Watch the Webinar
When Trust Becomes a Threat: Securing Healthcare at the Human Level

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Related Posts

B Healthcare
Discover how healthcare security leaders are defending against AI-powered threats. Learn why identity and email are the new frontlines—and what it takes to protect the human element.
Read More
10 Questions to Evaluate CES Cover
Explore 10 key questions to evaluate cloud email security solutions and uncover how AI-native behavioral intelligence can stop today’s most advanced email threats.
Read More
B Scattered Spider
Attacks rarely come through the front door anymore, and today’s actors use normal-sounding communications from legitimate suppliers as entry points. Behavioural AI can spot wider anomalies that legacy defences miss.
Read More
Reclaim the Inbox Cover pptx
Email overload is draining focus, frustrating employees, and distracting from real threats. See how Abnormal restores productivity by removing graymail at scale.
Read More
B Vendor Email Compromise Case Study Blog
See how a real vendor email compromise attack fooled multiple employees. Learn why VEC succeeds and how AI makes these threats more dangerous.
Read More
AI Innovation Using AI to Simplify Cover pptx
Explore how Abnormal's engineering team advances internal development with an AI-driven platform that standardizes infrastructure, reduces setup time, and enables both engineers and AI agents to build and deploy services more efficiently.
Read More