When Trust Becomes a Threat: Securing Healthcare at the Human Level

The healthcare sector is under siege. In 2024, cybercriminals compromised the records of 280 million patients, impacting 83% of the U.S. population. These aren’t isolated incidents. They’re part of a larger trend: smarter, faster, AI-powered attacks that sidestep traditional defenses and exploit the most vulnerable part of the system—humans.

In our recent webinar, Hacking Healthcare: Smarter Threats, AI Risks, and How Security Leaders Are Fighting Back, experts from BJC Health System, CrowdStrike, and Abnormal came together to unpack what’s happening and how security leaders are fighting back.

Healthcare is a high-value, high-risk target. It’s a complex web of systems, users, and data, with legacy infrastructure and limited resources. That makes it ripe for exploitation.

“It’s not just one industry,” said Matt Modica, CISO at BJC Health System. “It’s education, research, finance, and critical infrastructure all rolled into one.”

Add in the urgency of care delivery, a sprawling network of third-party providers, and an environment where trust is paramount, and you have a perfect storm.

Attackers are shifting from brute-force to brainpower. AI-generated emails, voice cloning, and real-time social engineering campaigns are becoming the norm.

“Threat actors aren’t just spoofing domains,” explained Mike Britton, CIO at Abnormal AI. “They’re mimicking behavior—down to how you greet your coworkers.”

Wael Eunan, Executive Strategist at CrowdStrike, pointed out that adversaries now operate at machine speed, often exploiting identity and MFA to get in unnoticed. And once they’re in, they move fast.

When asked about his biggest challenge, Matt Modica didn’t hesitate: “One word—humans.”

Even with strong technical controls, it takes just one misstep—a click, a shared credential, a moment of trust—for an attacker to gain access. That’s why security strategies can’t stop at software. They need to support people.

Modica emphasized that traditional training won’t cut it. Annual slide decks and checkbox courses don’t drive behavior change. Instead, healthcare organizations must build a culture of awareness—one rooted in context, relevance, and consistency.

“Think like marketing,” Modica said. “Get your message across quickly and effectively.” Because when the risk is human, the defense must be too.

To further counter evolving threats, security leaders are adopting a fundamentally different approach—one centered on behavior-based detection and artificial intelligence. Modica shared how BJC Health System reduced manual email triage by 75% with Abnormal’s platform, which uses identity and context to detect anomalies that evade legacy tools.

AI also enables consistent, real-time analysis at scale—an essential capability for organizations with thousands of endpoints. Britton noted that legacy security simply can’t keep up with attacks that move at machine speed. Human-powered detection can’t scale fast enough.

Eunan added that AI’s value lies in its ability to analyze behavior across assets—on-premises and in the cloud—to detect identity misuse and prevent social engineering. As healthcare threats grow more sophisticated, integrating tools that work in concert, not in silos, is essential.

Eunan pointed to the recent wave of regulations—including updates to HIPAA and new cybersecurity laws—as signals that healthcare must improve. While AI introduces new compliance questions, especially around data usage, Modica stressed that AI security tools are still just tools. With the right governance and validation, they can be safely integrated into compliance-driven environments.

“Compliance is the floor, not the ceiling,” said Britton. “Focus on actual risk. Compliance will follow.”

Looking to the future, both Britton and Eunan flagged the rise of AI-powered social engineering. Deepfakes, voice cloning, and sophisticated spoofing campaigns are no longer theoretical—they’re here. And when attackers hijack legitimate identities, distinguishing threat from normal activity becomes even harder.

That’s why identity protection must be a top priority. As Eunan said, “When Wael becomes Matt, and Matt is doing his job—how do you detect that?”

The panel closed with a powerful reminder: speak the language of business. “Security is a business enabler,” said Eunan. “Frame the conversation around outcomes—not just risk.”

Britton added, “Don’t just ask what it costs to buy the tool. Ask what it’ll cost if you don’t.”

Want to hear the full conversation?
Watch the complete webinar for more insights on defending against AI-powered threats in healthcare—from credential compromise to deepfakes, and beyond.