Poll: Healthcare cybersecurity leaders overlook AI-enabled physical security gaps

Editor's Note

AI-powered attacks are breaching not only firewalls, but also hospital walls. That’s the urgent takeaway from a May 20 report from Black Book Research on the Black Book Q2 2025 poll, which reveals that while 93% of healthcare cybersecurity leaders feel confident in their digital defenses, only 18% have strategies to counter AI-enabled physical threats.

As detailed in the announcement, the poll surveyed 1,128 cybersecurity decision-makers across provider and payer organizations worldwide. The findings point to a troubling blind spot: hospitals and insurers are heavily investing in ransomware defense, endpoint protection, and firewalls, yet neglect the growing risk of AI tools that can mimic clinician voices, defeat voice authentication, manipulate security footage, and override building access systems.

Doug Brown, founder of Black Book Research, emphasized the urgency in the company’s announcement, stating that attackers are using generative AI to walk through hospital doors undetected, exploiting vulnerabilities that existing healthcare policy and procurement systems are too slow to address. He warned that organizations continuing to treat physical and digital threats as separate domains are relying on "outdated assumptions."

As detailed in the report, 71% of hospital executives admitted their physical security systems are not prepared for new attack methods such as deepfake badges or sensor spoofing. Meanwhile, 67% of payer organizations with physical locations or hybrid call centers were unaware that AI voice cloning could bypass IVR systems or receptionist-level verification.

Most concerningly, 82% of all respondents said they had not conducted a cyber-physical risk audit in the last year, despite growing threats like drone surveillance and AI-generated phishing.  

The full announcement contains additional detail, including a lengthy list of specific AI systems “with demonstrated relevance in detecting and mitigating advanced cyber-physical threats in healthcare environments.”