Ninety-three percent of practices are already using AI in patient-facing and administrative workflows, according to the report.
Widespread AI adoption across patient-facing and administrative workflows
The report finds that AI is no longer experimental in healthcare practices: 93% say they deploy artificial intelligence in both patient-facing and administrative workflows. That figure frames the technological baseline for the rest of the findings — AI tools are in active use at nearly every practice surveyed, and their presence is now part of routine operations rather than a niche pilot program, the report states.
Sixty-one percent expect a "fatal" cyberattack within five years
Against that backdrop of broad AI adoption, 61% of healthcare organizations surveyed predict a "fatal" cyberattack within five years. The report uses the quoted term "fatal" to capture the severity that respondents associate with a potential future incident. The projection represents a majority view among respondents that a severe cyber event is not a matter of if but when.
Self-attested HIPAA compliance despite known, unpatched vulnerabilities
The report also highlights a striking discrepancy between formal compliance claims and technical reality: six in 10 leaders have self-attested to HIPAA compliance even though their systems contain known, unpatched vulnerabilities. That contrast — self-attestation on one hand, lingering unpatched vulnerabilities on the other — is presented in the report as a point of concern about how compliance is being reported and how risk is actually being managed.
Preparedness shortfall for the proposed 2026 HIPAA Security Rule
Regulatory readiness is another area the report flags. With the proposed 2026 HIPAA Security Rule on the horizon, 76% of practices say they are not ready. The figure indicates that three out of four practices surveyed do not consider themselves prepared to meet the expectations associated with the proposed rule, according to the report.
What this means for technologists, policymakers, and healthcare leaders
- Technologists and security teams: They are operating in environments where AI tools are pervasive (93%) while many systems retain known, unpatched vulnerabilities (as reported by six in 10 leaders). The report implies priorities will include reconciling extensive AI deployment with active vulnerability management.
- Policymakers and regulators: With 76% of practices reporting they are not ready for the proposed 2026 HIPAA Security Rule, the report signals a large preparedness gap that regulators will confront as they finalize or implement the rule.
- Healthcare leaders and administrators: The majority expectation of a "fatal" cyberattack within five years (61%) and the prevalence of self-attested HIPAA compliance despite known vulnerabilities (60%) together suggest leaders face both reputational and operational questions about how compliance is measured and communicated, per the report.
The report stitches these figures into a stark portrait: near-universal AI use (93%), a majority forecasting catastrophic cyber risk (61%), widespread self-attestation of HIPAA compliance amid known technical gaps (six in 10 leaders), and three-quarters of practices unprepared for a proposed 2026 security rule (76%). That combination, as presented in the report, raises a practical question for the sector: how will practices align declared compliance, active patching, and regulatory readiness while operating AI-driven workflows that have become standard?
Read the original report: https://www.securitymagazine.com/articles/102393-61-of-healthcare-organizations-predict-a-fatal-cyberattack-within-5-years
