By Cheng-Shorland | Co-Founder & CEO | ShelterZoom
The Verizon 2026 Data Breach Investigations Report confirmed what many of us in cybersecurity have been watching unfold in real time: social engineering is surging in healthcare, and artificial intelligence is making it more dangerous than ever.
Dark Reading recently covered the report’s findings — and asked for my perspective. The headline threat isn’t just that attacks are increasing. It’s that they’re getting dramatically better.
For the past 12 to 18 months, I’ve seen healthcare organizations grapple with a new breed of attack — one where generative AI helps threat actors craft highly targeted, context-aware communications and malicious documents at scale. Traditional phishing relied on volume and urgency. These attacks rely on something far more unsettling: accuracy.
The Document Problem Nobody Is Talking About
Here’s the dynamic that concerns me most. Attackers don’t need to guess how your organization communicates anymore. AI can learn it — from the contracts, presentations, vendor agreements, and clinical documents that flow through email every day. Once that content is out in the open, it becomes training data for impersonation.
The result is a dangerous feedback loop: the more sensitive content that gets exposed, the more convincingly attackers can impersonate your executives, clinicians, and trusted partners. And in healthcare — where collaboration is a clinical necessity, not a choice — that exposure happens constantly.
This is exactly why pretexting jumped to the number two social engineering tactic in healthcare breaches this year, according to Verizon’s report. Unlike phishing, which relies on urgency, pretexting builds trust over time. It’s patient, personalized, and with AI, it scales effortlessly.
Defense Has to Evolve Too
Verizon’s recommendations — prioritizing phishing awareness, extending MFA, and continuous security training — are sound starting points. But they address the human layer after content has already left the building.
Monitoring where documents travel is a meaningful first step. Knowing that a contract reached an unintended inbox, or that a presentation was forwarded outside your organization, gives you visibility you didn’t have before. But visibility alone isn’t enough. If AI can still access and read that content — wherever it ends up — it can still learn from it. The feedback loop continues.
The real fix is cutting off AI’s oxygen entirely.
ShelterZoom’s document tokenization is built to do exactly that. By keeping the underlying content invisible to AI, documents can be shared and used operationally without ever exposing the substance that attackers rely on to train their impersonation engines. Your contracts, presentations, and clinical communications can move the way your business requires — without becoming raw material for the next social engineering campaign.
You can’t out-train a threat that already knows how you communicate. But you can make sure it never learns in the first place.
The threat has evolved. The defense needs to go further than monitoring — it needs to make your content unseen.
Read the full Dark Reading coverage of the Verizon 2026 DBIR: Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
Experience
Document GPS
ShelterZoom’s document tokenization keeps AI from seeing — and learning from — your most sensitive content, so it can never be weaponized against you.