Share this article and save a life!
I keep thinking about how we are building AI on top of a security disaster.
Healthcare is the most attacked industry in America. Not finance. Not energy. Healthcare.
The HHS Office for Civil Rights breach portal logs more than 700 large healthcare data breaches every year, affecting tens of millions of patients. The numbers keep climbing.
And we are rushing to connect everything.
AI clinical tools. Remote monitoring platforms. Cloud-based EHRs. Interoperability mandates pushing data across more endpoints than ever. Every connection is also a door.
The Change Healthcare cyberattack in February 2024 was the single largest healthcare data breach in U.S. history. UnitedHealth Group’s subsidiary was offline for weeks. An estimated 190 million Americans had their data exposed. AMA surveys found 80% of physicians experienced revenue cycle disruptions.
The ransom? $22 million to the ALPHV/BlackCat ransomware group.
Three months later, the Ascension ransomware attack forced paper records across 140 hospitals in 19 states. Ambulances diverted. Medication orders delayed for weeks.
UnitedHealth CEO Andrew Witty testified before Congress that the Change Healthcare attack exploited a server missing multi-factor authentication. A basic security control. On a system processing one-third of all U.S. healthcare claims.
That is not a technology failure. That is a governance failure.
Here is what I actually believe: most health systems are building AI strategy before fixing their security foundation. They are adding sophistication on top of fragility.
FQHCs are especially exposed. Many operate with thin IT budgets, sometimes a single IT staffer covering 10 sites. HHS OCR fined Doctors’ Management Service $100,000 in 2023 for HIPAA violations following a ransomware attack that went undetected for years.
IBM’s 2024 Cost of a Data Breach Report put the average healthcare breach at $9.77 million per incident. The FBI’s Internet Crime Complaint Center has ranked healthcare as the top ransomware target for five consecutive years. Average downtime after an attack: 18 days.
We talk about AI adoption like it is the defining challenge in healthcare technology. I think security is the prerequisite nobody wants to fund.
You cannot build trustworthy AI diagnostics on infrastructure that gets breached repeatedly. The attack surface grows every time we add a new integration.
So here is the question I cannot stop asking: if a health system cannot enforce multi-factor authentication on its most critical systems, should it be deploying AI tools that process real-time patient data?
I do not think we are asking that loudly enough.
👉 Follow me for daily healthcare insights and updates on LinkedIn.
🔍For deeper analysis, subscribe to my Substack, where I share long-form articles, industry trends, and in-depth perspectives on healthcare, AI, diagnostics, and the future of care. → https://lnkd.in/eJKFuB_p
Share this article and save a life!
Author:

Jonathan Govette is a seasoned healthcare and technology executive with more than two decades of experience building, scaling, and advising digital health companies. He is the Co-Founder and CEO of Oatmeal Health, an AI-driven Lung Cancer Screening and Diagnostics company focused on expanding access to early detection for underrepresented populations, particularly patients served by Federally Qualified Health Centers and value-based health plans.
With a background in engineering, product development, and strategic partnerships, Jonathan has founded and led multiple health technology ventures across clinical care delivery, regulated medical software, and AI-enabled diagnostics. His work sits at the intersection of medicine, technology, and health equity, with a consistent focus on translating complex clinical problems into scalable, real-world solutions.
Jonathan has spent much of his professional life dedicated to improving outcomes for marginalized and underserved communities. He has designed and implemented frameworks that align clinical quality, reimbursement, and technology to sustainably advance health equity at scale. This mission is deeply personal and informs his leadership philosophy and long-term vision for healthcare transformation.
In addition to his operating experience, Jonathan is an author and long-time writer in the healthcare domain, with over 20 years of published work covering digital health, medical innovation, and healthcare systems. He is a frequent mentor to early-stage founders and regularly advises startups on product strategy, partnerships, and go-to-market execution in regulated healthcare environments.
Before entering industry full-time, Jonathan nearly pursued a career in medicine with an early path toward cardiothoracic surgery, an experience that continues to shape his clinical perspective and respect for frontline care delivery.
CEO | Oatmeal Health | AI Lung Cancer Startup | Engineer | Writer | Almost Became a Doctor (Cardiac Thoracic Surgeon) | 3x Health Tech Founder | Startup Mentor | Follow to share what I’ve learned along the way.




