Hospitals across northern Illinois are increasingly vulnerable to cyberattacks, prompting urgent concerns from cybersecurity experts. The risks have escalated in light of rapid advancements in artificial intelligence, which cybercriminals are now leveraging to exploit the complexities of hospital IT systems. In particular, the recent data breach at OSF Saint Clare Medical Center highlights the dire consequences of such vulnerabilities, with unauthorized access to patient data being a pressing threat.
In late December 2025, OSF Saint Clare notified patients of a data breach involving its medical records system provider, Cerner. The breach reportedly began as early as January 2025, and law enforcement advised the hospital to delay notifying patients to avoid compromising the investigation. The exposed information included names, social security numbers, and sensitive medical records. Although OSF confirmed that multiple facilities were affected, further comments were not provided as of February 23.
This incident is indicative of a broader issue, as hospitals across the United States are grappling with various forms of cyberattacks, ranging from data leaks like OSF’s to ransomware that immobilizes systems until payment is made. Jon Pisani, a leader in cybersecurity services at PSM Partners, points out that the intricate IT systems of hospitals, combined with their 24/7 operational requirements and urgent patient care needs, render them particularly appealing targets for cybercriminals.
“When you look at any small to medium business, they might have one or two hosted applications running,” Pisani explained. “However, most hospitals in this country are running dozens of interrelated applications at a time that each present their own unique vulnerabilities.” This complexity, compounded by the necessity of continuous operation, increases the likelihood of successful attacks.
Pisani notes that hospitals are under immense pressure to maintain their services, making them ideal targets for ransomware attacks. “A somewhat small business may be able to withstand downtime for a few days. Hospitals aren’t afforded that. If a hospital’s system goes down, they’re canceling surgeries, and patient portals can go down. It’s just incredibly disruptive.” The urgency created by potential downtime plays directly into the hands of cybercriminals.
Artificial intelligence has also lowered the barrier for attackers, according to Illinois Valley Community College Chief Information Security Officer Brian Pichman. “It’s cheap, and it really can just do all the work for them,” Pichman stated. AI can quickly generate semi-functioning programs, enhancing the capabilities of cybercriminals and allowing them to efficiently parse through data to identify potential vulnerabilities.
In addition to automated attacks, many successful cybercrimes still begin with simple human errors, particularly through phishing emails. “The majority of the time you’ll see email as the primary threat vector,” Pisani said. Attackers often seek to compromise email accounts to monitor communications and gather information for further exploitation. “They’ll read through and see who you’re doing business with,” he added, indicating how this method can lead to significant breaches.
Today’s ransomware attacks extend beyond locking systems; they often involve data theft, where hackers may reroute payments before demanding ransom. “With good backups, we can restore systems,” Pisani explained. “What becomes more difficult is when they’ve siphoned out large subsets of data and threaten to disseminate it.” The implications of data exposure can have long-lasting repercussions, especially if adequate backup systems are not in place.
In response to these threats, hospitals are implementing layered security measures to mitigate risks. This includes limiting system access by location, requiring users to log in from company-managed devices, and adopting a “zero trust” model that verifies the identity of both users and systems continuously.
For instance, after an incident in 2023, Morris Hospital confirmed that unauthorized parties accessed parts of its network. The affected data included names, addresses, dates of birth, and medical records tied to current and former patients. Although no fraud or identity theft was reported, Morris Hospital took steps to enhance its security measures post-breach, including informing affected individuals and offering free identity monitoring services.
Despite these proactive measures, experts warn that cybersecurity is an ongoing challenge. Pisani emphasized that the landscape of cyber threats is continually evolving. “I don’t necessarily think we’re in a better or worse state than we were a year or two ago in dealing with cyberattacks,” he said. “I’d say we’re in a different state. Vulnerabilities that existed a year or two ago have mitigation steps now, but new threat vectors have been developed.” Pichman echoed this sentiment, remarking that healthcare systems will always be tested due to the sensitive data they handle.
In light of these threats, both OSF and Morris Hospital have encouraged patients to remain vigilant by checking their bank statements, medical bills, and credit reports for unusual activity following the breaches. As long as valuable data exists, the persistent threat of cyberattacks will loom large over healthcare institutions.
See also
Safe Pro Group Unveils NODE AI Threat Detection with General Dynamics at Army TiC 2.0 Event
IBM Reports 44% Surge in AI-Driven Cyberattacks Targeting Canadian Organizations
IBM Reports 44% Surge in Cyberattacks as AI Exploits Weak Security Vulnerabilities
IBM Reports 44% Surge in AI-Accelerated Cyberattacks Threatening Canadian Enterprises
CIOs Expect AI Cyber Attacks Soon; Only One-Third Feel Prepared to Respond
