Cyber attackers are using AI faster | HLTH 2025

News
Article

Baxter Lee of Clearwater says healthcare organizations are incorporating AI in their defenses, but not at the same speed as ransomware groups.

Las Vegas – Cybersecurity experts say AI can help hospitals and health systems improve their defenses against ransomware groups.

But cyber attackers are also using AI tools to hack into health systems, and they may be adopting AI more quickly, says Baxter Lee, president of Clearwater, a cybersecurity company that works with hospitals.

“I think attackers are probably using AI faster than we're using it to defend against it,” Lee tells Chief Healthcare Executive® in an interview at the HLTH conference. “So they're moving very quickly, and it's creating ways for them to just automate things a lot faster, and distribute their ransomware or other exploits in a faster way.”

To be sure, cybersecurity vendors are employing AI technology into their solutions to help organizations improve their defenses.

But healthcare organizations hold enormous amounts of personal information about the finances and health conditions of patients, and they have extremely complicated systems.

“Cybersecurity and healthcare is an integrated program across compliance, privacy, security, all your technology vendors,” Lee says. “It's a web of complexity with all the vendors and technology you're using. So, we’ve got to figure out, how do we think about risk broadly within all of that equation, and then where can AI help defend and plug those gaps?”

Lee says the ransomware attack on Change Healthcare last year, the most damaging cyberattack ever reported in the healthcare industry, “was absolutely a wakeup call.”

“There's a reason healthcare is the most targeted industry in the world for a cyber attack, because it’s rife with a lot of vulnerabilities that bad actors are exploiting,” Lee says. “And a lot of that's driven by those technology investments. So last year was a big wakeup call that, hey, this system is more interconnected. Data is flowing. Everybody's depending on each other, and the Change Healthcare attack really brought that to light.”

While some ransomware groups are going after hospitals and insurance companies, they are increasingly trying to hack into the many vendors that those organizations rely on every day. Nearly all of the hospitals and healthcare providers in the company were impacted by the Change Healthcare breach, because so many used Change Healthcare for some of their business services.

In describing the targets of ransomware groups. Lee says, “It's less frequently payers and large providers. It’s more their vendors now, so third parties that they're doing business with are the highest growing risk in health care.”

Lee also points to another growing area of interest from ransomware groups: the specialty provider market. As that market is evolving, attackers are eyeing those providers.

Those targets include urgent care centers, dermatology, and dental practices, he says. He also points to organizations with value-based care models, which are integrating primary care and other delivery models with analytics platforms.

“You're leveraging data and technology integrated into these multi-sites of care, multi-site operations, that create a lot of risk and vulnerabilities,” Lee says.

While this year hasn’t seen an attack with such a seismic impact on the healthcare industry, plenty of health systems have been dealing with breaches. In the first half of 2025, 343 data breaches have been reported to the U.S. Department of Health & Human Services. Tens of millions of Americans have been impacted by breaches of health data this year.

When asked about common vulnerabilities in health systems, Lee says some organizations need more granular detail on potential risks in their organizations.

“We think hospitals should really be doing an asset-level or system-level analysis of where their data exists, what are the vulnerabilities to those systems, what controls they have in place to protect those systems,” Lee says. “How can threats exploit those systems?”

“That's a very detailed and complex analysis that's hard to do, but given the severity of the situation we're dealing with and the criticality of these operations, it's important that you go deep enough to really understand where the risk is,” he adds.

Many organizations struggle to go to that level of depth due to budget or resource constraints, he says. They sometimes try to do a “top-down assessment,” he says. But that approach has limitations.

“To really understand risk, they need to look from the bottom up,” Lee says.

Lee was elevated to the role of Clearwater’s president after serving as chief financial officer. Last month, Clearwater announced a “strategic investment” from Sunstone Partners, a private equity firm.

“We're going to be investing a lot in enhancing our technology platform to really enhance our solutions that we provide to the market,” Lee says.

Read more: What it’s like to negotiate with ransomware gangs

Newsletter

Get the latest hospital leadership news and strategies with Chief Healthcare Executive, delivering expert insights on policy, innovation, and executive decision-making.

Recent Videos
Image: Ron Southwick, Chief Healthcare Executive
Image: Ron Southwick, Chief Healthcare Executive
Images: American Medical Association, American Nurses Association
© 2025 MJH Life Sciences

All rights reserved.