Healthcare organizations are relatively unlikely to have serious cybersecurity vulnerabilities compared to other industry sectors, as they are generally good at prevention; however, when vulnerabilities are identified, healthcare lags other sectors when it comes to remediation. These are the findings from a recent analysis of penetration testing data and a survey of 500 U.S. security leaders by the Pentest-as-a-service (PTaaS) firm Cobalt. The findings are published in its State of Pentesting in Healthcare 2025 report.

Serious cybersecurity vulnerabilities are relatively rare in healthcare, with the industry ranking 6^th out of the 13 industries represented in the data, with only 13.3% vulnerabilities identified through pentesting qualifying as serious. When penetration tests identify serious vulnerabilities, they need to be remediated promptly. As long as a vulnerability remains unaddressed, it can potentially be exploited by a threat actor.

The standard for measuring the time to perform a security action is the median time to resolve (MTTR), which, for serious vulnerabilities in healthcare, was 58 days. Healthcare ranked 11^th out of 13^th industries on MTTR. Cobalt plotted the frequency of serious vulnerabilities against the resolution rate in a scatterplot chart. Healthcare was the only industry in the struggling sector, with low prevalence but low resolution. The ideal is low prevalence and high resolution.

While the MTTR is a standard measure in security, it can be somewhat misleading, as it is only based on the vulnerabilities that are actually resolved. Cobalt reports that 52% of pentest findings are never resolved. Therefore, to obtain a complete picture, it is also necessary to look at the survival half-life, which is the time taken to resolve 50% of identified vulnerabilities. Having an MTTR of 20 days is excellent, but much less so if half of all serious vulnerabilities are never resolved.

The data show healthcare to be the third-worst industry for half-life score, with a half-life of 244 days, compared to the leading sector, transportation, which has a half-life of 43 days. Education performed worst, with a half-life of 283 days, ahead of hospitality on 270 days. Cobalt notes that the healthcare sector is generally good at prioritizing vulnerability remediation, with the most critical issues usually fixed on time. Almost 40% of healthcare service level agreements (SLAs) require serious vulnerabilities in business-critical assets to be fully resolved within three days, while a further 40% of SLAs require those vulnerabilities to be resolved within 14 days.

Most practices meet the deadlines, with 43% resolving critical findings in one to three days, 37% resolving issues in four to seven days, and 14% resolving issues within eight to fourteen days, although it is common for backlogs to grow in less urgent areas. Healthcare is a heavily regulated industry, with data security requirements under HIPAA. The HIPAA Security Rule requires a risk analysis to be conducted to identify all risks and vulnerabilities to electronic protected health information, which explains, to a certain extent, why there is a low prevalence of serious vulnerabilities. There are also risk management requirements under HIPAA, which are reflected in the data, as 94% of healthcare organizations resolve business-critical issues in less than two weeks.

The slow rates of resolution of vulnerabilities in general and the poor half-life score in healthcare are likely due to a range of factors, such as the continued use of legacy systems, which create technology roadblocks, along with resource constraints. Cobalt also suggests there may be divisions between the departments ordering pentests and the teams implementing fixes, and less mature teams may struggle with the complexity of remediations.

The survey revealed the biggest security concerns in healthcare to be GenAI (71%), third-party software (48%), and exploited vulnerabilities (40%), with the top attack vectors being third-party software (68%), AI-enabled features (45%), and phishing/malware (32%). Given the high level of concern about third-party software, Cobalt recommends that healthcare providers require their vendors to provide comprehensive pentesting reports before procurement. Cobalt also recommends integrating pentesting into the development lifecycle, proactively testing for AI and genAI vulnerabilities, adopting a programmatic approach to offensive security, and conducting regular red team exercises to test real-world detection and response capabilities.

The post Healthcare Industry Good at Preventing Serious Vulnerabilities but Lags in Remediation appeared first on The HIPAA Journal.

Cybercriminals have been abusing agentic AI to perform sophisticated cyberattacks at scale, incorporating AI tools throughout all stages of their operations. Agentic AI tools have significantly lowered the bar for hackers, allowing individuals with few technical skills to conduct complex attacks that would otherwise require extensive training over several years and a team of operators.

A new threat intelligence report from Anthropic highlights the extent to which its own language model (LLM) and AI assistant, Claude, has been abused, even with sophisticated safety and security measures in place to protect against misuse. The cybercriminal schemes identified by Anthropic have targeted businesses around the world, including U.S. healthcare providers.

Examples of misuses of Claude code include:

• A campaign allowing large-scale theft of data from healthcare providers, emergency services, religious institutions, and the government
• A large-scale fraudulent employment scheme conducted by a North Korean threat actor to secure jobs at Western companies
• The creation and subsequent sale of ransomware by a cybercriminal with only basic coding skills.

Agentic AI tools can be used to create and automate complex cybercriminal campaigns, requiring little to no coding or technical skills, other than the ability to write prompts to the AI tools. These tools can be embedded into all stages of operations, which Anthropic calls “vibe hacking,” taking its name from vibe coding, where developers instruct agentic AI tools to write the code, while they just guide, experiment, and refine the AI output. Anthropic says vibe hacking marks a concerning evolution in AI-assisted cybercrime.

One such vibe hacking campaign targeted healthcare providers, the emergency services, government entities, and religious institutions. Agentic AI tools were embedded into all stages of the operation, including profiling victims, automating reconnaissance, harvesting credentials, penetrating networks, and analyzing stolen data. Anthropic’s analysis revealed that the threat actor allowed Claude to make tactical and strategic decisions, including determining the types of data to exfiltrate from victims and the creation of psychologically targeted extortion demands.

Claude was used to analyze the victim’s financial records to determine how much to demand as a ransom payment to prevent the publication of the stolen data, and also to generate ransom notes to be displayed on the victims’ devices. Anthropic believes that this campaign used AI to an unprecedented degree. The campaign was developed and conducted in a short time frame and involved scaled data extortion of multiple international targets, potentially hitting at least 17 distinct organizations, resulting in ransom payments that exceeded $500,000 in some cases.

The North Korean campaign used Claude to create elaborate false identities with convincing professional backgrounds to secure employment positions at U.S. Fortune 500 technology companies, and also to complete the necessary technical and coding assessments to secure employment and technical work duties once hired. The ransomware campaign involved the development of several ransomware variants without any coding skills. The ransomware had advanced evasion capabilities, encryption, and anti-recovery mechanisms. In addition to creating ransomware, the threat actor used Claude to market and distribute variants that were sold on Internet forums for $400 to $1,200.

Anthropic has been transparent about these abuses of its AI tools to contribute to the work of the broader AI safety and security community and help industry, government, and the wider research community strengthen defenses against the abuse of AI systems. Anthropic is far from alone, as other agentic AI tools have also been abused and tricked into producing output that violates operational rules that have been implemented to prevent abuse.

After detecting these operations, the associated accounts were immediately banned, and an automated screening tool has now been developed to help discover unauthorized activity quickly and prevent similar abuses in the future. Anthropic warns that the use of AI tools for offensive purposes creates a significant challenge for defenders, as campaigns can be created to adapt to defensive measures such as malware detection systems in real time. “We expect attacks like this to become more common as AI-assisted coding reduces the technical expertise required for cybercrime,” warned Anthropic.

The post Report Reveals Worrying Abuses of Agentic AI by Cybercriminals appeared first on The HIPAA Journal.