Security

AI Makes Penetration Testing More Powerful for Healthcare Organizations

Hackers are using artificial intelligence to work faster and more efficiently. Ongoing pen testing helps health systems remediate vulnerabilities proactively.

Rebecca Torchia

Rebecca Torchia is a web editor for EdTech: Focus on K–12. Previously, she has produced podcasts and written for several publications in Maryland, Washington, D.C., and her hometown of Pittsburgh.

Artificial intelligence can help clinicians and administrative staff work more efficiently. It can even assist in healthcare customer service. What’s more, AI tools are now considered necessary for a strong security posture. Unfortunately, AI is just as useful for cybercriminals.

At this year’s Black Hat USA conference in Las Vegas, experts shared some of the specific ways threat actors are using AI to become faster and more sophisticated, making them more dangerous to healthcare organizations.

“Their favorite initial access vectors remain simply exploiting internet-facing, publicly known, unpatched vulnerabilities,” said Bailey Bickley, chief of defense industrial base defense at the National Security Agency. “They are getting really good at using AI to find and exploit unpatched instances of these vulnerabilities at scale.”

As if that weren’t enough risk, these unpatched vulnerabilities aren’t the only pathway cybercriminals are exploiting. They’re also using AI to steal users’ credentials. “Attackers don’t have to hack in; they’ll log in,” said Snehal Antani, CEO of Horizon3.ai.

Click the banner below to read the new CDW Artificial Intelligence Research Report.

x-airesearch-animated-2025-click-desktop

“Most of the tactics to compromise those credentials didn’t require Common Vulnerabilities and Exposures,” Antani said of a red team test performed by his company. Twenty percent of the initial credentials the company compromised were domain administrator credentials, “which means we got keys to the kingdom almost immediately.”

Thinking like these cybercriminals is the first step to protecting your environment, he said. “In cybersecurity, the only perspective that matters is the attacker’s perspective. What does your environment look like through the eyes of the attacker, and how do you use that perspective to fix problems that matter?”

What’s New for Penetration Testing?

Because the cybercriminals are armed with AI, health systems need solutions of the same caliber to defend their environments.

“We need to use AI and automation first, fast and for defense,” Bickley said.

“The whole goal here is that offense drives defense,” Antani noted. “Offense helps make sure you’re facing problems that matter.”

AI helps organizations defend their environments at scale, matching the speed and efficiencies of threat actors, even when healthcare IT departments are comparatively stretched thin.

The penetration testing process previously took a long time: IT needed to first get the expenditure approved, then work with a team of security experts who poked and prodded the hospital’s network defenses.

When organizations used Horizon3.ai’s NodeZero platform, Antani noticed “a shift toward continuously assessing your environment, fixing problems that actually mattered and quickly running a retest to verify that you’re good to go.”

DIVE DEEPER: Optimize cyberdefense with managed security services.

However, finding the problems that actually mattered and — more specifically — “deciding what not to fix” were always challenges, Antani said.

AI offers solutions for that too.

Determining a pen test’s value by its ability to find problems is a legacy way of thinking, Antani pointed out. “The goal of the pen test is to fix problems that matter,” he said.

An automated pen test can make these identifications as part of its assessment. “Now, suddenly, what’s exploitable is what you’re going to go off and prioritize,” Antani said.

peshkov / Getty Images