Geopolitical tensions, AI cyberthreats challenge healthcare resilience

As geopolitical tensions rise, critical infrastructure organizations are increasingly concerned about cyberwarfare, according to a new report from cybersecurity company Armis. More than half of the health IT leaders surveyed said they reported an act of cyberwarfare to authorities, up from 37% last year, the report found.  

The research was conducted by Censuswide, which surveyed 1,900 IT decision-makers at companies with more than 1,000 employees across several industries, including healthcare. 

In a foreword, Nadir Izrael, chief technical officer and co-founder of Armis, wrote that the report describes the rapid shift in the global threat landscape in recent years, from a "state of quiet concern to a total pressure cooker." 

"The acceleration we've witnessed over such a short period is a sobering reminder that our traditional timelines for defense are obsolete. We have entered a triple-threat era defined by fragmented geopolitics, the democratization of state-level destructive power via agentic AI, and a widening readiness gap," Izrael wrote.  

"While awareness and fear of cyberwarfare have reached an all-time high and many industry-wide have made great strides to improve our readiness, our collective ability to defend is not yet keeping pace with the sheer velocity of our adversaries." 

Cyberthreat actors are continuing to ramp up their attacks, and AI is enabling them, the report suggested. Nearly 80% of IT decision-makers across all industries said they are now concerned that nation-states will use AI to develop more sophisticated and targeted cyberattacks, compared to 73% in last year's report. 

AI is enabling "non-state actors to operate with nation-state-level sophistication," the report stated. "The barriers to entry are gone, even as the impact of attacks continues to rise." 

Specifically, the report examined the growing threat posed by autonomous AI-driven cyber agents. Armis data suggests that the Mean Time to Compromise drops from hours to seconds when agentic AI is in play.  

In healthcare, 64% of respondents agreed that most organizations are unprepared for the scale of investment required to keep pace with AI-powered cyberattacks. What's more, 58% said their organization lacks the budget and resources to invest in AI-powered cybersecurity solutions, up from 50% last year. 

Healthcare is not the only sector concerned about its ability to keep pace with increasing attack volume and sophistication. In government, nearly a third of respondents said that having insufficient budget to fully scale cybersecurity operations was their biggest security gap. 

Globally, companies across industries reported enforcing strong password policies, implementing advanced security awareness training and automating and centralizing asset protection to combat AI-powered cyberthreats. 

The rapid shift in the cyberthreat landscape has widened existing security gaps and necessitated a resilience-minded approach to cybersecurity, in which organizations anticipate risk and adapt quickly to emerging technologies and threats. 

"What began as a misunderstood risk has become an always-on condition shaped by geopolitics, technology and systemic dependency," the report stated. "AI did not create cyberwarfare, but it removed the pauses. And in a world defined by constant tension, speed and uncertainty, that reality is likely to worsen, unless action is taken." 

Jill Hughes has covered health tech news since 2021.