A TransUnion executive says cyber risks are shifting toward smaller healthcare organizations.
In an interview with HealthcareInfoSecurity.com, Jim Van Dyke, senior principal of innovation at TransUnion, said artificial intelligence is influencing how cybercrime and fraud affect the healthcare sector. Van Dyke warned that as large healthcare organizations strengthen their defenses, attackers are focusing on smaller providers, insurers, and third-party vendors that exchange data across the healthcare ecosystem. He noted that the growing use of AI by attackers is accelerating this shift and increasing pressure on organizations with fewer resources.
Van Dyke explained that healthcare data must flow across many interconnected organizations, including providers, insurers, and service vendors, creating multiple points of exposure. As major health systems improve their security maturity, attackers are adjusting their targeting strategies and moving downmarket to entities with limited cybersecurity staffing and tooling. He said these organizations often lack the technical depth needed to detect advanced attacks that rely on automation and data analysis. This dynamic increases the likelihood of breaches that originate outside large health systems, but still affect patient data at scale through shared workflows and integrations.
Van Dyke said attackers are becoming more selective about the data they steal, focusing on identifiers that can support fraud, account access, or medical identity misuse rather than large data volumes alone. He also noted a growing role for third-party breaches in litigation, with courts and regulators examining whether organizations exercised reasonable oversight over vendors. Van Dyke cautioned that incidents involving medical identity theft may increase as attackers refine how they exploit healthcare data, particularly when smaller organizations lack consistent security controls or monitoring capabilities.
Research from the Ponemon Institute has shown that healthcare breaches involving third parties and business associates continue to rise, with smaller organizations reporting lower levels of preparedness and slower detection times. The 2024 IBM Cost of a Data Breach Report found that organizations with limited automation and security maturity experienced higher breach costs and longer containment periods. These findings support concerns that attackers will continue prioritizing healthcare entities with fewer defensive resources as AI-driven techniques become more accessible.
They often operate with limited security budgets, fewer dedicated staff, and less advanced monitoring, which makes it harder to detect and respond to changing attack methods.
AI allows attackers to automate reconnaissance, tailor phishing messages, and analyze stolen data more efficiently, reducing the effort required to target multiple organizations.
Healthcare data is frequently shared across vendors, and weaknesses in one organization can expose information belonging to many others.
Attackers are focusing on identifiers that enable fraud or identity misuse, such as insurance details, medical record numbers, and personal identifiers.
They can assess vendor security practices, limit data sharing to what is necessary, improve access controls, and invest in monitoring that detects unusual account or data activity.