Healthcare Organizations Must Accelerate Cybersecurity Response as AI Tools Speed Up Attacks
Healthcare providers need to fundamentally rethink their security strategies as artificial intelligence tools make it faster and easier for attackers to find and exploit software vulnerabilities, according to Jason Elrod, chief information security officer at MultiCare Health System.
The shift is urgent. Traditional vulnerability management-where security teams might have days or weeks to respond-no longer works when attackers can discover exploits in minutes.
Response Times Have Collapsed
Elrod said the speed of attacks has changed the math entirely. "I have to assume that something's going to be compromised now. And I have to assume it's going to be compromised faster in a way that I never could have expected," he said.
Healthcare organizations now operate under a 20- to 30-minute window to detect and contain breaches-or at most 24 hours. That compressed timeline forces a complete rethinking of how security teams operate.
Zero Trust and Microsegmentation Become Essential
Rather than trying to prevent all breaches, healthcare security teams must assume compromise will happen and focus on limiting damage. That means deploying microsegmentation, zero trust architectures, and stronger identity controls to slow attackers down.
These approaches reduce the blast radius if an attacker gains access to one system. Instead of a breach spreading across an entire network, it stays isolated.
The shift also requires security teams to become more agile. Slower, quarterly security reviews no longer cut it. Teams need to detect and respond to threats in real time.
HIPAA Rules Are Tightening
The proposed update to the HIPAA security rule reflects this new threat environment. Regulators are pushing healthcare organizations to adopt faster, more resilient security models-not just stronger perimeter defenses.
For healthcare IT leaders, this means budgets, staffing, and architecture decisions need to shift now. The organizations that move first will have time to implement these changes methodically. Those that wait will face pressure to do it under crisis conditions.
Elrod leads cybersecurity at MultiCare Health System, which operates 13 hospitals and 300 primary, urgent, pediatric, and specialty care locations across Washington, Idaho, and Oregon. He brings more than 30 years of experience building and maturing IT and information security programs in large organizations.
For healthcare professionals looking to understand how AI is reshaping security requirements, resources on AI for Healthcare and the AI Learning Path for Cybersecurity Analysts offer practical context for these emerging threats.
Your membership also unlocks:
