Healthcare

Industry Snapshot

Healthcare is a $4.5 trillion US industry with global tech spending projected to exceed $400 billion in 2026 (IDC). Healthcare data breaches affected 167 million individuals in 2023 — a 1,002% increase since 2018. The average healthcare breach costs $9.23 million, more than double the cross-industry average. The global AI in healthcare market is projected to grow from $39 billion (2025) to $504 billion by 2032. HHS is finalizing the first update to the HIPAA Security Rule in over a decade.

Theme 1: Cybersecurity as Patient Safety

What's happening: Healthcare is the most targeted industry for cyberattacks. The Change Healthcare ransomware attack (2024), described as "the largest breach in US healthcare history," disrupted claims processing for months and affected an estimated one-third of the US population. HHS reported a 102% increase in ransomware breaches since 2018. The HIPAA Security Rule NPRM (December 2024) will modernize requirements for the first time since 2013. Cloudflare offers HIPAA BAAs for Enterprise customers.

Key insight: In healthcare, a cyberattack isn't just a data breach — it's a patient safety event. When systems go down, care is delayed, diverted, or degraded.

Cloudflare mapping: Single-pass architecture unifies DNS, L3, and L7 protection to consolidate fragmented stacks from Cisco, Fortinet, and Palo Alto. CDN, WAF, and Bot Management are all in scope for HIPAA BAAs. Cloudflare mitigated 2.65 million attacks in a single day for Taiwan's national medical institutions.

Theme 2: The AI Imperative

What's happening: Pfizer made "Scale AI across our business" a top-4 corporate priority for 2026. Clinical AI is delivering results: St. Luke's reported $13,000 per clinician in increased reimbursement from AI documentation review; Penn Medicine achieved 20% reduction in documentation time. But only 2% of healthcare organizations have deployed AI enterprise-wide (Deloitte), and 97% of those with AI security incidents lack proper access controls (IBM). The EU AI Act classifies medical AI devices by risk level.

Key insight: Healthcare has the best-proven ROI for clinical AI, but the worst AI governance. 97% lack access controls — that's a crisis in an industry handling the most sensitive personal data.

Cloudflare mapping: AI Gateway provides observability and governance with Healthcare DLP profiles that detect medical record numbers and patient data in AI prompts. Workers AI enables edge inference for latency-sensitive clinical apps. Browser Isolation sandboxes AI tool usage. CASB detects shadow AI adoption.

Theme 3: Digital Care Transformation

What's happening: Care delivery is shifting from institution-centered to consumer-centered. Eli Lilly's LillyDirect (direct-to-patient platform) represents "a growing portion" of revenue. UnitedHealth's Optum Health serves 95 million consumers through clinical, in-home, and virtual care. 60% of executives plan virtual health investment (Deloitte). The WHO projects a 4.5 million nurse shortage by 2030, making technology-enabled delivery an operational necessity. Connected medical devices (insulin pumps, pacemakers, imaging systems) create new API-level attack surfaces.

Key insight: The "digital front door" to healthcare is expanding rapidly — and every new patient portal, telehealth platform, and connected device needs securing.

Cloudflare mapping: WAF and Bot Management defend patient portals and telehealth platforms. API Shield secures FHIR APIs and connected medical device communications with mTLS. Data Localization Suite enforces data residency for cross-border clinical trials. Workers, R2, and Stream provide the platform for secure telehealth applications.