Recent cyber attacks, ransomware trends and cybersecurity threats for doctors with Charles Aunger


AMA Update covers a range of health care topics affecting the lives of physicians, residents, medical students and patients. From private practice and health system leaders to scientists and public health officials, hear from the experts in medicine on COVID-19, medical education, advocacy issues, burnout, vaccines and more.

What is cybersecurity in the health care industry? How common are ransomware attacks on hospitals? How is AI used in cyber security?

The impact of cyber attacks on health care and more insights from our guest Charles Aunger, managing director of technology, at Health2047. AMA Chief Experience Officer Todd Unger hosts.


  • Charles Aunger, managing director of technology, Health2047

You are why we fight

The AMA is your powerful ally, focused on addressing the issues important to you, so you can focus on what matters most—patients.

Unger: Hello and welcome to the AMA Update video and podcast. Today, we're coming to you from our AMA studio at our Chicago headquarters, where I am joined by Charles Aunger, managing director of Technology at Health2047 and founder and CEO of HEAL Security.

We'll be discussing the unique challenges of cybersecurity in health care and what we can do to address them. I'm Todd Unger, AMA's chief experience officer. Charles, it's great to have you in our studio today.

Aunger: Great to be here, Todd. Thank you.

Unger: Why don't we, just for background purposes—because a lot of people out there are probably not going to be familiar with Health2047 or HEAL Security, give us kind of a brief rundown and how they're related to the AMA.

Aunger: Absolutely. So the AMA founded, nearly eight years ago, Health2047, investment innovation arm of the AMA. And so we look at doing incubation right through to investments of new organizations that can actually impact health care and technologies.

So we fund those. We've funded approximately 12 organizations today across our portfolio. And we're there to change how health care actually delivers in 2047.

HEAL Security is one of those incubations that we actually founded. And that was, How do we impact change in cybersecurity in health care? Because it's just such a big problem. It's out of control. It's worse than a pandemic.

Unger: Well, we're going to talk a little bit more about that. It couldn't be at a better time. One of the things we talk a lot about is how—How do we make technology an asset, not a burden for physicians? There's a lot of challenges here around the security aspect.

Aunger: For sure.

Unger: You have just published "The Health Care Cybersecurity Annual Checkup for 2023." It's going to be the first edition. This particular report sounds like it's going to be an annual report. But we're eager to find out more about what's the purpose of the report and find out more what it tells us.

Aunger: Absolutely. It's an annual checkup, right? Do we actually see the reality? And it's kind of like—how we look at it is, you've got to admit certain things to start off with to actually be able to fix the issues. And we really take to heart how physicians and medical industry work, right?

So actually analyze the problem, and then come out with, here's some guiding steps to move the dial forward. So we've put this as an annual report. We're also going to do a monthly. What are the top things that are happening in that month?

And so the annual report looks at last year's ransomware, where the big vulnerabilities are, what's the big impacts. And we announced in there, AI is a big impact for the bad guys as well as the good guys in the world. And just giving that reality out, that it's something that a technology person can have or a C-suite person can have as well as a physician, right?

Somebody in the industry to scale up. And we know from both of our positions, that physicians like to know more. And it's about transitioning that knowledge to those people. It makes a big difference.

Unger: Yeah, not just knowing norm, but knowing what to do. And I'm going to talk to you about both things you mentioned in there. We're going to start with the ransomware.

Aunger: Super cool.

Unger: Let's talk a little bit about ransomware in general. What do physicians need to know about it, and what did the checkup actually reveal about the state of the threat in 2023?

Membership Moves Medicine™

  • Free access to JAMA Network™ and CME
  • Save hundreds on insurance
  • Fight for physicians and patient rights
  • Limited-time half-price dues when you join!

Aunger: Absolutely. So ransomware is on the up, right? And what we've shown is more people pay ransomware than anything else. So ransomware scores are up. Nearly 80% of people pay ransomware 80-plus.

And so we also have the other one that ransomware values are down. So what they're actually paying is down, but they're trying to go bigger. So they are hitting everybody and anybody.

What we also found is the smaller organizations tend to go under. They go out of business if they get hit by ransomware. They just can't survive. It costs them so much on reputation, costs to actually fix things, penalty fees if they've got it publicly.

It's just—it's just a disaster for a small organization. We've also seen some of the big organizations also see massive impact. So some of the big health care organizations that we know have been impacted massively over the last year.

And it continues. It's expanded across. But those C-suite have been, over and over again, paying the ransoms, which is probably a good thing to do in a lot of instances. Right? But because you can't impact your organization deliver care, so they've been making a business decision.

And so that's a big problem. Ransomware as a whole is where people have gone in and locked your data out or part of your business from doing activity. And it's not just data anymore. They're turning off your HR system. They're turning off your timekeeping decision.

We saw this last year as well as we wrote in there—that people have been turning off Kronos, the number-one product in timekeeping in health care, so that people can't get their time in. And when that happens, the staff get upset.

And that actually causes a concatenation piece in the organization. That causes unrest. Because people won't pay their bonuses, they won't pay their Christmas money, they won't pay their overtime. And so people get upset across the whole organization.

It goes against the culture of the company. So this is what they're trying to create. And what's actually happened then is, it's the simplest things that have happened. It's usually passwords that have been broken. Somebody's known password, right?

But they go after targets, and they look for people that they can access. They get in through email. They get in through sending people messages. Access the system, put something on there, and they tend to be in there, as we showed in the report, three to six months before you've even seen anything.

And what we've also found—it takes at least 80 to 90 days to fix that problem. So today, we've seen organizations in the Chicago area—they've been down for nearly a week already, just from that ransomware issue. So it's a huge problem. It's not going to go away.

Unger: Absolutely. And you mentioned that larger companies—they may be able to pay the ransom, so to speak. Smaller organizations can—this can be kind of a, you know, organization-ending incident. Where do physicians running smaller practices, smaller groups—where do they turn to for help and knowledge about what to do?

Aunger: So out there, there isn't very many places to go, right? The knowledge pool of how you actually apply information to an industry—most products and most organizations apply horizontally across every industry, so it's very broad information. And it's not very specific and targeted.

And that's one of the reasons why we started HEAL, which was being very focused on the health care stack and the health care industry. So we work from small orgs right through to big orgs, and we look at, How does it affect different pieces of technology and people?

And so to do that, you really have to go to some of the press articles that are out there to get some of the information. And in the small orgs, they don't have—they don't know what products they have. They don't have technology they have.

So really, they're going to an outside consultancy, a little IT shop, to actually figure it out. And they don't have the scale to figure some of this. That's a problem.

Unger: So a lot of opportunity for followup for future discussions.

Aunger: Absolutely.

Unger: You mentioned the other topic that's on everybody's minds. We've been talking a lot about it over the last couple of weeks, which is AI. It's also bringing with it new opportunities for cyber threats. Let's talk about, what's that look like compared to ransomware?

Aunger: Yeah. Look, AI's good, bad and different, right? The good is, it's doing some amazing things. It's finding new drugs. It's finding new ways to treat people. It's finding new ways to bill.

AI in Health care CME on AMA Ed Hub™

Artificial and augmented intelligence are rapidly changing technologies with wide-reaching medical implications. Earn CME credits while learning at your own pace.

It's helping with all of that administrative function. But on the flip side, the bad people know this as well. So they do the inverse. And the inverse is literally, it can find ways to get viruses into companies. It can find targets for them.

It can find vulnerabilities for them. It can find bank account information. They don't have to do the work anymore. So that is where, actually, people are literally using OpenAI to do that bad work as well as we're using it just to write a letter to your mum or a recipe.

And so that's the tradeoff that's happening between AI for good and AI for bad. And so the bad people in the world are just leveraging it way more than the good people in the world.

Unger: So it's obviously a challenge just to stay ahead of the bad people, a little bit like a whack-a-mole game here.

Aunger: It is a whack-a-mole game, absolutely.

Unger: Trying to keep up. Where do we need to be innovative here, so that we can stay ahead of the curve?

Aunger: So identifying what literally is the low-hanging fruit. Fixing the low-hanging fruit should be a top priority of any organization. A lot of the time, they can't see that wood for the trees.

So prioritization is what we've done at HEAL—is a big deal. We've analyzed what's going on in the health care industry, and we've prioritized dynamically, in our tool, that work. Other people can do the same thing. It's not a rocket genius part to do that.

But it literally is, passwords, honestly, don't make any difference in the world we live in today. Multi-factor does. Why are you not using multi-factor in everything you do in your own life as well as your office life? Just think simple things like that—a massive low-hanging fruit.

I say to everybody, my kids, and everybody should do that on their phone, should do that on their home device, the bank accounts, the credit cards, you name it. That's a risk. As soon as we start getting those low-hanging fruit things ingrained into people's brains, that's a huge, big deal.

And it's just like taking your basic medication every day. Take a vitamin if you need to, et cetera, things like—do those basic things. That moves all boats upwards and it gives people a less of a target to go after.

Secondly, is social. Being open on social is not a great thing. Personal, yes, business, difficult. Telling people too much why you're a target is a very big deal.

And so this is very, very big for bad actors to go and target which people and which organizations they go after. So think about how you do that, how you use the right email addresses, not giving your personal email addresses out. That sort of thing is a big deal.

So it's very, very interesting. We're also making sure you're keeping up with the basics in your organization. Patch your systems correctly. Buy the newer systems. Move to the newer systems. Move to the technology.

We just found—believe it or not, when we actually started to HEAL up, we found a bug that Intel has that they've had for 15 years on the microprocessor.

Unger: Oh, my goodness.

Aunger: 15 years! Now, what do I do about that? It's a big problem. Nobody's released a patch for it yet. But you've got to think about things like that. Is that a massive vulnerability that it can do? Probably is.

Unger: Well, I like your basic point, which is, there's blocking and tackling to be done, two-factor authentication, basic kind of security, taking a look at your basic security procedures, and making sure you address those first, and then graduating to some of the bigger things.

Aunger: Absolutely.

Unger: Charles, if people want to find the checkup and find out more information, where can they go?

Aunger:, or on LinkedIn—HEAL security on LinkedIn. Find it there. We have a link. You just click it and you get a free download.

Unger: Well, that's excellent. We'll put a link to that in the description of this episode. Charles, thank you so much for coming by.

Aunger: Thanks, Todd.

Unger: We obviously have a lot to talk to you about in the future and I'll look forward to that. If you want to support AMA's efforts to protect physicians from threats like the ones that Charles just talked about, then you can support us by joining the AMA at

We'll be back soon with another AMA Update. Be sure to subscribe for new episodes, and find all our videos and podcasts at Thanks for joining us today. Please take care.

Disclaimer: The viewpoints expressed in this video are those of the participants and/or do not necessarily reflect the views and policies of the AMA.

Subscribe to AMA Update

Get videos with expert opinions from the AMA on the most important health care topics affecting physicians, residents, medical students and patients—delivered to your inbox.

AMA Update podcast logo