Cybersecurity risks facing healthcare organizations in 2026 are increasingly tied to prolonged technology outages that directly disrupt patient care, according to John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.

“I believe there needs to be an increased understanding that our increased dependency on network and internet connected technology and data to deliver care is creating an increased risk to care delivery, if and when that technology is suddenly not available for an extended period, such as during a ransomware attack,” Mr. Riggi said.

Recent attacks have shown that disruptions can last weeks, not days.

“Unfortunately, hundreds of ransomware attacks against hospitals and our mission critical third parties have shown us that we need to be prepared to deliver safe and quality care for 30 days or longer without the benefit of connected technology.” he said.

Becker’s spoke to Mr. Riggi about the biggest cybersecurity themes hospitals and health systems will face in 2026:

Geopolitical and nation-state risks

As healthcare enters 2026, Mr. Riggi said geopolitical tensions continue to influence cyber risk, even when hospitals are not the primary target.

“Current geopolitical tensions with Russia, Iran and China over such issues as Venezuela, Ukraine, Taiwan and protests in Iran may incentivize these countries to use cyber means to retaliate against the U.S. — but not directly,” he said.

Those actions may involve third-party actors or infrastructure-level disruption.

“They may direct or facilitate unattributable criminal cyber proxies or ‘hacktivists’ to conduct targeted or regional cyber or denial-of-service attacks against sectors such as financial services,” he said. “Or, they may attempt something more disruptive, such as a regional cyberattack against critical infrastructure or cloud-based common technology infrastructure.”

According to Mr. Riggi, these types of attacks “would almost certainly have a cascading disruptive effect.”

Third-party attacks remain a major concern

Mr. Riggi said cyberattacks on vendors and service providers continue to pose one of the most serious risks to healthcare operations.

“Based on the continuing pattern we have seen over the last several years, cyberattacks against third-party mission-critical technology and service providers and the supply chain remain a major concern in healthcare.”

Criminal groups target vendors for scale and impact.

“Criminal ransomware groups, particularly Russian-speaking groups, continue to target healthcare third parties for maximum disruptive effect and to steal large aggregations of healthcare data held by third parties.”

Nation-state activity adds to the threat.

“We know that nation-states, particularly China, have been successful at penetrating U.S. critical infrastructure to preposition destructive malware for future activation.”

AI-driven attacks expected to increase

Mr. Riggi said healthcare leaders should expect more AI-enabled cyberattacks in 2026.

“The third elevated risk we are watching closely — and we expect to see more of in 2026 — is autonomous AI-generated and -facilitated cyberattacks,” he said.

AI is being used throughout the attack lifecycle.

“Not only will we continue to see expanded instances of AI-generated audio and video deepfakes, and AI-assisted vulnerability detection and malware development, but we may see AI being used by sophisticated cyber adversaries to launch cyberattacks and be used throughout the entire attack cycle. The first such ‘autonomous’ attack was documented by Anthropic last year,” Mr. Riggi said.

He also warned of risks within AI systems themselves.

“I believe we will also see an increase in cyberattacks tied directly to the exploitation of vulnerabilities embedded within AI software and systems, along with the risk of ‘data poisoning’ and AI manipulation by cyber adversaries.”

Readiness gaps and the shift to clinical continuity

Despite years of attacks, Mr. Riggi said third-party risk remains underestimated.

“I believe there also needs to be an increased focus on third-party risk,” he said. “We would benefit from mapping the potential cascading effects of cyberattacks that target mission-critical technology, service providers and the supply chain — especially potential attacks against cloud-based providers and internet service providers.”

“We then recommend that hospitals develop contingency plans for when those third parties go offline, either due to a malicious or nonmalicious event.”

More broadly, he said healthcare leaders must rethink preparedness.

“The field would benefit from a shift from not just preparing for ‘business continuity’ but also preparing for ‘clinical continuity.’”

“In the interim, we are recommending that hospitals begin by making clinical continuity plans for their most critical life-saving and life-supporting technologies and services.”

Signs of progress

Mr. Riggi said there are signs of improvement in how cyber threats are being addressed.

“U.S. government agencies seem to be collaborating more effectively on cyber law enforcement and disruption operations, and the pace of these operations appears to have increased significantly, especially from the FBI Cyber Division.”

Federal agencies are also reframing ransomware attacks on healthcare.

“They truly understand that ransomware attacks that disrupt and delay healthcare delivery are not ‘data crimes’ but are ‘threat-to-life’ crimes.”

“I believe we will continue to see more effective information sharing and operational collaboration within the sector and with the government.”

The post What healthcare leaders need to know about cybersecurity in 2026 appeared first on Becker’s Hospital Review | Healthcare News & Analysis.