Executive Summary

In November 2025, Anthropic disclosed that a state-sponsored threat actor had used an artificial intelligence agent to execute 80 to 90 percent of a cyber espionage campaign against roughly thirty global organizations. The agent autonomously performed reconnaissance, identified vulnerabilities, generated exploit code, harvested credentials, and exfiltrated data — at request rates the company called "physically impossible" for human attackers. The barrier to executing a sophisticated cyber attack has fallen sharply, and the most-targeted industry in the world is healthcare.

This brief examines what that shift means for U.S. health systems, the financial and clinical cost of downtime, and the operational priorities that revenue cycle and finance leaders should pursue now. Three findings stand out.

First, the economics of downtime have hardened. Healthcare ransomware now averages 17 days of disruption per incident at approximately $1.9 million per day in lost revenue — roughly $32 million per attack before recovery, legal, regulatory, and reputational costs.

Second, the clinical consequences are no longer theoretical. In the 2025 Ponemon Institute study, 72 percent of healthcare organizations that experienced a cyber attack reported direct disruption to patient care. Twenty-nine percent linked the incident to higher mortality rates.

Third, the time available to respond is collapsing. Agentic AI compresses reconnaissance, social engineering, and exploitation into hours. Prevention alone is no longer a survivable strategy. The question for executives is whether the organization can keep operating while it recovers.

$32M
Implied gross revenue exposure per healthcare ransomware incident, before recovery, legal, regulatory, or reputational cost is counted. Source: MedicalITG analysis, March 2026.

A New Threat Profile

For more than a decade, healthcare has accepted a steady increase in cyber attacks as an unfortunate but manageable cost of digitization. That framing no longer fits the data.

Comparitech tracked 445 ransomware attacks against U.S. healthcare providers in 2025. IBM's 2026 X-Force Threat Intelligence Index reports a 49 percent year-over-year increase in active ransomware and extortion groups and a 44 percent rise in attacks beginning with the exploitation of public-facing applications, much of it driven by AI-enabled vulnerability discovery. Check Point Research's April 2026 data confirms the trend: healthcare, financial services, and government are expanding their share of global ransomware targeting.

The composition of the target list matters. Attackers select victims based on three factors: perceived ability to pay, sensitivity of data, and operational dependency on uptime. Healthcare scores high on all three.

Exhibit 1
Healthcare leads all sectors in disclosed ransomware incidents
Share of publicly reported ransomware attacks by industry, 2025
Healthcare
28%
Financial Services
15%
Manufacturing
14%
Government
12%
Education
9%
Retail
7%
All other
15%
SOURCE Comparitech Healthcare Ransomware Roundup 2025; Check Point Research, April 2026; Amelior analysis.

Two structural conditions reinforce this targeting. The first is the unique cost of downtime: most industries can tolerate hours or even days of degraded operations; hospitals cannot. The second is the legacy estate. Many health systems operate a patchwork of aging EHR modules, connected medical devices on flat networks, and third-party vendor integrations with limited security oversight. The result is a large, observable attack surface combined with strong incentives to pay quickly.

The Financial and Clinical Toll

The financial impact of a healthcare cyber incident is now measurable at three levels: revenue loss during downtime, full breach cost including remediation and regulatory exposure, and the longer-tail impact on patient outcomes.

Exhibit 2a
Revenue at risk during downtime
MetricValue
Average revenue loss per day$1.9M
Average days of disruption per attack17 days
Implied revenue at risk per incident$32M
Average total breach cost (IBM 2025)$7.4M
SOURCE MedicalITG analysis of 2024 healthcare ransomware downtime; IBM Cost of a Data Breach Report 2025.

For most of the past decade, the patient-safety effects of cyber attacks were largely anecdotal. That has changed. The 2025 Proofpoint and Ponemon Institute study of U.S. healthcare cybersecurity surveyed 677 IT and security practitioners and found that 72 percent of organizations that experienced a cyber attack reported direct disruption to patient care.

Exhibit 2
Cyber attacks are now associated with measurable clinical harm
Share of healthcare organizations reporting each outcome among those experiencing patient-care disruption
Increased procedure complications
65%
Longer patient lengths of stay
59%
Increased patient transfers or diversions
57%
Increased patient mortality rates
29%
SOURCE Proofpoint and Ponemon Institute. Cyber Insecurity in Healthcare 2025. Sample: 677 U.S. healthcare IT and security practitioners.
29%
of healthcare organizations that experienced a cyber attack causing patient-care disruption reported an associated increase in patient mortality — up from 26 percent in the prior year's survey.

This single data point reframes the conversation. Cyber preparedness is no longer an IT investment with financial return. It is a patient safety control with financial, regulatory, and reputational consequences when it fails.

Why AI Changes the Math

The November 2025 Anthropic disclosure marked an inflection point. The attack, attributed with high confidence to a Chinese state-sponsored group, demonstrated that a commercial AI model could be jailbroken, given offensive tooling through standard protocols, and directed to execute the majority of an attack lifecycle with minimal human involvement. The implications for healthcare cybersecurity operate on three time horizons.

Reconnaissance collapses to hours, not weeks. An AI agent can map a hospital network, enumerate exposed services, identify unpatched VPN appliances, locate orphaned administrator accounts, and rank third-party vendor dependencies in a fraction of the time required by a human team.

Social engineering scales beyond what human operators can produce. Independent industry analysis estimates that 82 percent of phishing emails observed in 2025 were AI-generated. Voice cloning kits are commercially available at $200 per month. In healthcare specifically, the Ponemon study found that business email compromise and impersonation incidents were the attack type most likely to delay procedures and tests, with 65 percent of affected organizations reporting poor patient outcomes as a result.

Attack tempo exceeds human-response capacity. Mandiant's 2026 M-Trends report finds that the median time to exploit a newly disclosed vulnerability has continued to compress. In a growing share of cases, exploits are observed in the wild before public disclosure.

Threat Brief
Anatomy of the first AI-orchestrated cyber campaign
In mid-September 2025, Anthropic detected unusual activity later attributed to a Chinese state-sponsored group designated GTG-1002. The campaign targeted approximately 30 organizations across technology, finance, chemical manufacturing, and government

Human operators selected targets and approved key decisions, but the AI agent autonomously executed the majority of tactical operations: reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and data exfiltration. Anthropic estimated human involvement at four to six critical decision points per campaign, with key phases requiring as little as 20 minutes of human attention.

Anthropic disrupted the campaign over a 10-day period and notified affected entities. The company's stated conclusion: "The barriers to performing sophisticated cyberattacks have dropped substantially, and we predict that they'll continue to do so."]

The strategic conclusion is uncomfortable but straightforward. Defenders cannot match attacker speed when the attacker is an autonomous agent. Prevention alone is no longer a survivable strategy. Operational continuity during an active incident is the central question.

The 72-Hour Problem

In late 2024, the U.S. Department of Health and Human Services published proposed updates to the HIPAA Security Rule. Among the most operationally significant provisions is a requirement that covered entities restore the availability of electronic protected health information within 72 hours of a security incident.

Set against actual recovery times in recent major incidents, the proposed deadline is ambitious. The Change Healthcare attack in February 2024 disrupted claims processing for several weeks with total financial impact exceeding $1 billion. Ascension's May 2024 ransomware incident disrupted operations across multiple states for more than a month.

Exhibit 4
Recent major healthcare cyber incidents have far exceeded the proposed 72-hour deadline
Approximate days from incident detection to full operational restoration
Proposed HIPAA deadline
4%
Kettering Health 2025
21%
Ascension Health 2024
40%
Change Healthcare 2024
60%
SOURCE Public disclosures, trade press, and HHS Office for Civil Rights breach reporting. Figures are approximate.

Reaching a 72-hour restoration window is achievable only with infrastructure and processes designed for it: pre-staged downtime systems isolated from the primary network, tested clinical and revenue-cycle continuity procedures, and a recovery sequence rehearsed at the operational level. Few health systems have those elements in place today.

Five Priorities for Revenue Cycle Leaders

Health systems that have invested in operational resilience ahead of an incident consistently report lower revenue loss, shorter time to recovery, and meaningfully better staff and patient experience during the event. The following five priorities are derived from public incident analysis and direct engagement with revenue cycle leaders across U.S. health systems.

Recommended Actions
01
Reframe downtime as a revenue continuity problem, not an IT recovery problem
Quantify the hourly financial exposure of an EHR outage with the same rigor applied to other operational risks. If the finance team cannot brief the board on what 72 hours of downtime costs in lost charges, the organization does not yet have a defensible plan.
02
Test the full registration-to-billing workflow under realistic outage conditions
Tabletop exercises are insufficient. The gap between a tabletop scenario and an actual EHR outage spanning registration, charge capture, wristband printing, and physician documentation is the gap that determines incident outcomes.
03
Architect downtime systems for genuine independence from the primary network
A continuity solution that depends on the same infrastructure currently under attack is not a continuity solution. Cloud-hosted, network-isolated systems with their own authentication and data paths are the minimum standard.
04
Build the financial recovery plan before the incident, not during it
Charge reconciliation, late charge capture, billing catch-up, and audit defense compound in difficulty when initiated after the fact. The recovery playbook should exist as a documented, owned process before the first alert.
05
Recalibrate response timelines against the AI threat curve
Quarterly downtime drills, not annual ones. Defined ownership of each step in the response plan. Active monitoring of vendor security posture as part of standard procurement and renewal.

Implications

The next 24 months will not resemble the last 24. Agentic AI, lower attacker skill thresholds, persistent defender staffing constraints, and tightening regulatory expectations are converging to move downtime preparedness from a niche operational concern into a core financial and clinical discipline.

The health systems that adopt this framing early will be measurably better positioned than those that continue to treat cyber preparedness as an IT budget item. The investment required is meaningful but bounded. The cost of an unprepared incident — $32 million in revenue exposure, $7.4 million in breach cost, and a one-in-three probability of associated patient harm — is not.

Downtime is inevitable. Revenue loss and patient harm are not. The plan built before the attack is the single largest determinant of which version of the incident the organization experiences.

Amelior is currently enrolling health systems in its 2026 Revenue Cyber-Preparedness Cohort — a structured engagement to develop and rehearse downtime continuity programs with revenue cycle, IT, and clinical leadership. To learn more, visit ameliormss.com/cohort.