Infosecurity Europe: Reactive Security Fails Healthcare, Experts Warn

At the Infosecurity Europe conference on June 4, cybersecurity experts delivered a stark warning: healthcare organizations must urgently adopt AI-powered security tools to detect and neutralize threats before they cause catastrophic harm, including patient deaths.

Sher Baig, CEO of Cyber Salus, told attendees that healthcare institutions worldwide confront identical threats and operational struggles. Legacy infrastructure, extreme connectivity across devices, and human analyst fatigue are creating a dangerous convergence of risk. In rare but devastating cases, cyber breaches have directly led to patient fatalities.

“If there was ever an industry where the potential harm bad actors can do is directly correlated to human impact, it’s healthcare,” Baig stated.

The sector remains the most targeted by cybercriminals, with ransomware posing an especially grave danger to clinical services. According to Proofpoint research, 93% of healthcare organizations experienced at least one cyberattack in 2025, with an average of 43 attacks per organization, up from 40 in 2024.

Connected medical devices like infusion pumps, imaging systems, patient monitors, and lab equipment are particularly vulnerable. Baig noted that these devices often remain in service for 15 to 20 years, running outdated operating systems that cannot be easily updated or replaced.

Traditional reactive security approaches are failing, Baig argued. Alert overload and time-consuming manual investigations leave defenders scrambling after vulnerabilities are already exposed. As AI accelerates the window for exploitation, this model becomes unsustainable. Attackers now use AI to find and exploit weaknesses in legacy systems faster than ever, while also supercharging phishing campaigns.

Yet AI can also empower defenders through continuous monitoring, faster anomaly detection, and automated threat prioritization, Baig continued. To protect both networks and patients, he recommended four steps: achieve full visibility into all devices and threats down to the software version; prioritize threats by clinical risk, addressing those that could impact patient care first; use AI for signal correlation to reduce SecOps alert fatigue; and patch where possible, segment networks to limit exposure, and apply compensating controls with AI assistance.

“That’s the game plan we should all be working on now, not once there is a breach,” Baig concluded.

Rob Demain, CEO at e2e-assure, agreed that moving from reactive to predictive security is the right direction for healthcare. However, he cautioned that predictive capability is not a product you simply switch on. “It is something you earn, and you earn it with telemetry,” Demain said. “Most healthcare organizations do not have clean complete data to reason over. Estates are sprawling, much of the kit cannot run an agent or be patched, and large parts of the network are invisible. No model predicts what it cannot see. The honest first move is not predictive AI, it is basic coverage of the estate.”

Chris Newton-Smith, CEO at IO, noted that AI is amplifying the speed, scale, and sophistication of cyber threats in healthcare, but it is mainly magnifying existing weaknesses rather than creating entirely new risks. On the defensive side, AI can help security teams identify anomalies faster, prioritize alerts more effectively, and improve incident response. However, AI alone cannot compensate for fragmented processes, weak governance, or overstretched teams.

“For healthcare leaders, the priority should be strengthening the fundamentals: governance, resilience, workforce capability, supplier assurance and risk management,” Newton-Smith added. “If you can get those foundations right, then you will hopefully be better positioned to benefit from AI while remaining resilient against the new risks it introduces.”