Healthcare Cybersecurity 2026: What AI-Discovered Vulnerabilities Mean for Hospital Security Teams

Project Glasswing expanded to healthcare on June 2, 2026. Here is what hospital security teams need to understand about AI-driven vulnerability discovery.

200+
Glasswing partner organizations including healthcare
10,000+
high- or critical-severity findings
9
confirmed CVEs across Glasswing partners

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

On June 2, 2026, Anthropic expanded Project Glasswing to include healthcare infrastructure alongside power, water, and other critical sectors. The expansion brought Claude Mythos, Anthropic's specialized autonomous security AI, to bear on one of the most consequential and notoriously difficult environments to secure: hospitals, health systems, and medical device ecosystems. Healthcare presents a unique convergence of factors that make it both a high-value target and a hard environment to defend: legacy medical devices running decade-old software, FDA approval constraints that slow patching to a crawl, HIPAA compliance obligations, life-safety stakes that make downtime intolerable, and an attack surface that has exploded with connected devices. This guide is written for hospital security teams, healthcare IT security practitioners, and CISOs who need to understand what AI-powered vulnerability discovery changes about their threat model and what concrete defensive steps are available to them.

Healthcare as a High-Value Target

Healthcare is a persistently attractive target for threat actors for several compounding reasons. First, hospitals hold dense concentrations of sensitive personal data: electronic health records (EHRs), billing data, insurance information, and Social Security numbers. This data commands premium prices on criminal marketplaces. Second, hospitals have an exceptionally low tolerance for operational downtime. A hospital that cannot access patient records, run imaging systems, or manage medication dispensing faces immediate patient-safety consequences. Ransomware operators have learned that healthcare organizations are more likely to pay ransoms quickly and at higher amounts than organizations in other sectors. Third, healthcare networks are architecturally complex and heterogeneous, combining traditional IT infrastructure with medical devices, building automation systems, and clinical equipment that was never designed with network security in mind. The FBI's Internet Crime Complaint Center consistently ranks healthcare among the sectors with the highest ransomware victim counts. Between 2020 and 2025, major U.S. health systems including Change Healthcare, Ardent Health Services, and Prospect Medical Holdings suffered ransomware attacks that disrupted patient care across hundreds of facilities.

Medical Device Security: A Structural Problem

The core challenge in healthcare cybersecurity is not malicious insiders or weak passwords. It is the structural incompatibility between the medical device lifecycle and the modern security patching cadence. Medical devices are designed, tested, and FDA-approved over multi-year cycles. A device approved in 2012 running Windows XP Embedded may still be in active clinical use in 2026 because it works, it is expensive to replace, and the replacement process requires clinical validation, procurement, and often facility renovation. The FDA's 2023 postmarket cybersecurity guidance and the Consolidated Appropriations Act of 2023 (which gave FDA authority to reject devices that lack a software bill of materials and a disclosed patching plan) represent meaningful progress, but they apply only to devices brought to market after those rules took effect. The installed base of legacy devices remains unaddressed by those requirements. Healthcare organizations routinely have thousands of connected medical devices including infusion pumps, imaging systems (MRI, CT, ultrasound), patient monitoring systems, ventilators, and laboratory equipment. Many of these devices run operating systems or embedded software that cannot be updated without vendor involvement, regulatory re-clearance, or both.

The medical device problem is a slow-motion crisis. We have known about it for a decade. What changes in 2026 is that the tools to find and weaponize vulnerabilities in that legacy software are now autonomous, fast, and accessible.

Healthcare CISO, Glasswing partner organization
Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

FDA Patching Constraints Explained

The FDA's framework for medical device software changes distinguishes between changes that require premarket submission and those that do not. A software change requires a new 510(k) or PMA supplement if it could significantly affect safety or effectiveness, introduces new risks, or changes the intended use. This threshold is interpretive and creates substantial uncertainty for device manufacturers. In practice, many manufacturers take a conservative approach and submit even minor patches for FDA review, extending timelines to months or longer. The FDA's 2023 guidance created a clearer pathway for cybersecurity patches specifically, recognizing that waiting for full premarket review of security patches creates unacceptable risk. Under this guidance, manufacturers can implement security patches without premarket submission in most cases, as long as the patch does not alter device functionality. However, this guidance does not solve the legacy device problem: manufacturers of devices that are no longer actively maintained have no incentive to develop patches, and the FDA has limited enforcement authority to compel them. Hospital security teams should maintain a device inventory that distinguishes between actively maintained devices (where patches are theoretically available), end-of-support devices (where the manufacturer will not provide patches), and end-of-life devices (where the manufacturer no longer exists or has discontinued the product line). Each category requires a different compensating control strategy.

How AI-Discovered CVEs Accelerate the Healthcare Threat Timeline

The traditional threat model for healthcare cybersecurity assumed a meaningful gap between vulnerability disclosure and weaponization. Security teams had days to weeks after a CVE was published before they needed to worry about active exploitation targeting their specific environment. AI changes this in two ways. First, AI tools like Claude Mythos can discover vulnerabilities and develop working proof-of-concept exploits in the same analytical session, compressing the time between discovery and weaponization to near zero. The Glasswing program has confirmed CVEs in software that is present across healthcare environments: FreeBSD NFS RCE (CVE-2026-4747) affects network-attached storage systems common in hospital PACS and EHR environments; wolfSSL certificate forgery (CVE-2026-5194, CVSS 9.1) affects embedded TLS implementations found in medical device firmware; and browser JIT vulnerabilities affect clinical workstations. Second, when a Glasswing CVE becomes public, adversaries with AI tools can use the published vulnerability details to develop their own exploits rapidly. The window between 'CVE published' and 'exploit available in commodity toolkits' is now measured in hours to days, not weeks. For healthcare organizations with monthly or quarterly patching cycles, this is untenable. The implication is not that hospital security teams need to patch everything immediately. That is operationally impossible in most healthcare environments. The implication is that healthcare security teams need an expedited critical path for confirmed-exploitable vulnerabilities, particularly those affecting software present on clinical systems, and they need compensating controls that are effective in the interim.

HIPAA and Breach Notification: What AI-Discovered Vulnerabilities Trigger

HIPAA's Security Rule (45 CFR Part 164, Subpart C) requires covered entities and business associates to implement administrative, physical, and technical safeguards to protect electronic protected health information (ePHI). The rule requires an ongoing risk analysis process that identifies threats to ePHI and a risk management program that reduces those risks to a reasonable and appropriate level. An AI-discovered vulnerability that could expose ePHI is a threat that must be documented in your risk analysis and addressed in your risk management plan. If you are a Glasswing partner and receive a private CVD notification, you should document receipt of that notification, assess whether affected systems store or transmit ePHI, and record your remediation or compensating control decision. If a vulnerability is exploited before you can remediate it, HIPAA breach notification rules apply. Under the Breach Notification Rule (45 CFR Part 164, Subpart D), if unsecured ePHI is accessed, acquired, used, or disclosed in a way not permitted by the Privacy Rule, that is a breach unless you can demonstrate a low probability of compromise using a four-factor risk assessment. Breaches require notification to affected individuals within 60 days of discovery, notification to HHS, and for breaches affecting 500 or more individuals in a state, notification to prominent media outlets. State data breach notification laws may impose additional or shorter timelines. Healthcare organizations should confirm their breach notification obligations with legal counsel and ensure their incident response plans account for HIPAA notification timelines explicitly.

Network Segmentation for Medical Devices

Network segmentation is the highest-value compensating control available to healthcare organizations for medical device security. The goal is to limit the blast radius if a medical device is compromised: a compromised infusion pump should not be a pivot point into the EHR network or the clinical workstation network. Effective medical device network segmentation requires a current and accurate device inventory, which many healthcare organizations lack. The first step is discovery: deploying passive network monitoring tools designed for healthcare environments (such as those built on OT/IoT network discovery technology) to enumerate all connected devices, their operating systems, and their network communications. The second step is classification: grouping devices by clinical function, vendor, and network communication requirements. Imaging systems, infusion pumps, patient monitors, and clinical workstations have different network communication needs and can often be placed on dedicated VLANs with firewall policies that permit only required communications. The third step is enforcement: implementing firewall rules that restrict medical device VLANs to permitted communications and monitor for anomalous traffic. This is operationally complex in working hospital environments because medical devices often have undocumented communication dependencies that only become apparent when segmentation breaks a clinical workflow. Healthcare organizations implementing segmentation should plan for an iterative process with clinical stakeholders, not a one-time firewall deployment.

Incident Response in a Life-Safety Environment

Healthcare incident response differs from enterprise incident response in one critical dimension: the potential for patient harm. Taking a compromised system offline may be the right security decision but the wrong clinical decision if that system is supporting active patient care. Healthcare security teams need incident response plans that explicitly account for life-safety considerations, define escalation paths to clinical leadership (CNO, CMO) not just IT leadership, and specify downtime procedures for clinical systems. The Joint Commission's requirements for downtime procedures give healthcare organizations a framework for maintaining clinical operations when systems are unavailable. Security teams should ensure that downtime procedures are current, tested, and accessible without requiring access to the systems they document. For Glasswing-related incidents, the two most likely scenarios are receiving a private CVD notification (reactive patching, no breach) and discovering that a Glasswing-attributed public CVE is present in your environment (urgent assessment, potential breach notification). In both cases, the first step is accurate asset inventory: which systems in your environment are affected, which of those systems store or process ePHI, and which are life-critical. The answer to those questions determines the urgency and sequencing of your response.

Defensive Priorities for Healthcare SOCs

Given the constraints of healthcare environments, where patching everything immediately is not feasible, security operations teams should prioritize the following defensive investments. Continuous asset discovery is foundational: you cannot protect what you cannot see, and healthcare device inventories are notoriously incomplete. Purpose-built healthcare network monitoring tools that can passively discover medical devices without disrupting clinical operations are available from several vendors. Privileged access management for clinical systems reduces the blast radius of credential compromise, which remains the most common initial access vector. EHR systems, PACS, and clinical workstations should enforce least-privilege access with strong authentication. Behavioral monitoring for medical device networks can detect anomalous communication patterns that indicate compromise even when patching is not possible. A device that begins communicating with external IP addresses or scanning internal network ranges is behaving abnormally and should trigger an alert. Threat intelligence feeds that include healthcare-specific indicators of compromise and track active exploitation of vulnerabilities common in healthcare environments give SOC analysts the context to prioritize alerts effectively. Participation in HC3 (HHS Health Sector Cybersecurity Coordination Center) threat intelligence sharing and H-ISAC (Health Information Sharing and Analysis Center) provides sector-specific threat intelligence that commercial feeds often lack.

Healthcare-Specific Vulnerability Checklist and Response Protocols

The Mythos Brief includes a healthcare-specific vulnerability assessment checklist and CVD response protocol developed in collaboration with Glasswing healthcare partners. The checklist covers critical categories that are specific to healthcare environments and are not addressed in generic vulnerability management frameworks.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

The bottom line

Healthcare cybersecurity has always been hard. AI-powered vulnerability discovery makes it harder in a specific way: the gap between a vulnerability being found and a working exploit being available is now measured in hours, not weeks. For hospitals carrying an installed base of legacy medical devices that cannot be patched on any reasonable timeline, compensating controls and network segmentation are not optional extras. They are the primary defense. The Glasswing expansion to healthcare means hospital security teams now have access to CVD notifications before vulnerabilities become public, but acting on those notifications requires accurate asset inventories, defined escalation paths, and documented compensating control playbooks. Get the full healthcare vulnerability assessment checklist, CVD response protocol, and HIPAA breach assessment template in the free Mythos Brief at decryptiondigest.com/mythos-brief.

Frequently asked questions

Are hospital networks being actively targeted by AI-discovered vulnerabilities?

Not directly in the sense of attacks, but AI tools like Claude Mythos are now systematically discovering vulnerabilities in healthcare infrastructure as part of Project Glasswing's coordinated vulnerability disclosure program. The risk is that the same AI capabilities used defensively can accelerate offensive exploitation if adversaries adopt similar tools. Healthcare organizations that are Glasswing partners receive private notification before CVEs are published, giving them a head start on patching.

How does FDA approval affect medical device patching?

FDA requires that significant changes to medical device software, including security patches that alter device functionality, go through a premarket submission process (510(k) or PMA). This can take months to years. For lower-risk patches that do not change intended use or performance, manufacturers can use the FDA's postmarket cybersecurity guidance to push patches without full resubmission. However, many hospital-deployed devices are legacy systems whose manufacturers no longer actively maintain them, meaning no patch is coming regardless of the regulatory pathway.

What is the biggest cybersecurity risk for hospitals right now?

Ransomware targeting clinical operations remains the most acute threat, but the emerging risk is the convergence of AI-accelerated vulnerability discovery with the healthcare sector's persistent inability to patch medical devices and legacy systems. When AI can find and develop working exploits in the same session it discovers a vulnerability, the traditional assumption that you have weeks to patch before a threat materializes collapses. Healthcare organizations with unpatched legacy medical devices connected to clinical networks are especially exposed.

Does HIPAA cover AI-discovered vulnerabilities?

HIPAA's Security Rule requires covered entities and business associates to conduct regular risk analyses that identify threats to electronic protected health information (ePHI). AI-discovered vulnerabilities that could expose ePHI must be addressed as part of that risk management process. If an AI-discovered vulnerability is exploited and ePHI is accessed or exfiltrated, HIPAA breach notification rules apply: affected individuals must be notified within 60 days, HHS must be notified, and breaches affecting 500 or more individuals in a state require media notification.

How should hospital security teams prioritize patching?

Hospital security teams should use a risk-based model that combines CVSS score, exploit availability, asset criticality, and patient-safety impact. Life-critical systems (ventilators, infusion pumps, cardiac monitors) warrant the highest urgency even when patching is logistically difficult. Systems with confirmed active exploitation get emergency treatment. For unpatched medical devices, compensating controls including network segmentation, traffic monitoring, and compensating firewall rules are the practical alternative. The Glasswing CVE timeline (discovery to public disclosure) should inform your SLA for critical findings.

How do healthcare organizations join Project Glasswing and receive advance CVD notifications?

Glasswing partner organizations receive private CVD notifications before Glasswing-attributed CVEs are published, giving them a remediation head start. Healthcare organizations interested in joining should contact Anthropic through the Glasswing program page. Partners must agree to the program's coordinated disclosure terms, which require timely remediation efforts in exchange for advance notification. The notification includes a technical vulnerability description, severity assessment, and the disclosure timeline. Participating healthcare organizations should designate a security contact who can receive and act on sensitive technical disclosures and ensure that contact information stays current.

Sources & references

  1. Anthropic Project Glasswing 90-Day Report
  2. FDA Cybersecurity in Medical Devices Guidance
  3. HHS HIPAA Security Rule Overview
  4. CISA Healthcare and Public Health Sector
  5. HC3 (HHS Health Sector Cybersecurity Coordination Center)
  6. NIST Healthcare Cybersecurity Framework

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.