Health care faces growing digital threats, ACP experts warn

Sharath Kharidi, MD, FACP, and Gary Weissman, MD

Physicians attending the American College of Physicians (ACP) Internal Medicine Meeting 2025 received a stark message: health care is increasingly vulnerable to digital threats, and the ethical implications of artificial intelligence (AI) demand urgent attention.

During a session last Friday called “Hot Topics in Health IT,” speakers shared warnings and practical advice about the growing challenges posed by cybersecurity and AI technologies.

Sharath Kharidi, MD, associate chief medical information officer at ChristianaCare, captured attendees’ attention with a blunt assessment of cybersecurity threats. “Cyberattacks aren’t a matter of if, but when.”

Kharidi highlighted recent, alarming examples, including the breach at UnitedHealth’s Change Healthcare, affecting 190 million patient records, and a devastating ransomware attack impacting 140 hospitals within Ascension Health. He also noted the costly disruptions at Lurie Children’s Hospital of Chicago. “In health care, the impact of breaches is typically double that of other industries because patient care itself gets disrupted,” Kharidi said.

To protect their practices, Kharidi advised doctors to adopt strong security protocols, including multi-factor authentication, rigorous employee training, and proactive planning for system downtime. He warned that threats like phishing scams are becoming increasingly sophisticated, especially as AI-enhanced techniques become harder to detect.

Turning to AI, Gary Weissman, MD, assistant professor at the University of Pennsylvania, urged physicians to advocate for fairness and transparency. Weissman explained that AI, while powerful, poses distinct regulatory and ethical issues, especially concerning patient equity.

Quoting the Centers for Disease Control and Prevention (CDC) definition of health equity, Weissman stressed, “equity is non-negotiable. It’s fundamental to ethical health care.”

Weissman acknowledged AI’s promise — particularly in democratizing technology access and reducing the administrative load on physicians. He referenced innovative AI tools that allow doctors to engage more directly with their patients instead of being burdened by documentation.

However, he also underscored serious concerns about AI, including exacerbating the digital divide, reinforcing existing biases due to flawed training data, and raising challenging questions about accountability. “Who is responsible if an AI system makes an error?” Weissman asked, highlighting the complexity of these unresolved issues.

Weissman emphasized the need for strong local oversight, advocating transparency about how AI systems are developed, rigorous testing in real-world settings, and continuous monitoring of their use in practice. “Right now, there’s no regulatory framework in place for generative AI,” he pointed out. “None of the FDA-authorized devices include generative AI systems.”

Both Kharidi and Weissman encouraged physicians to take an active role in local governance of these technologies. “Local oversight can often be more effective than waiting on state or federal regulations,” Weissman suggested.

Weissman concluded with a personal reflection, expressing cautious optimism alongside realistic skepticism about the future of AI in medicine. “I love showing these AI tools to my kids,” he said, “helping them build a critical understanding of technology and its limits.”

The session closed with a clear call to action: physicians and health care leaders must address today’s cybersecurity vulnerabilities and ensure AI advancements serve all patients fairly and safely.