Why Healthcare Attacks Start in the Browser

|
July 14, 2026
Abstract digital graphic representing browser-based cyber threats and security risks in the healthcare industry.

The Browser Is Where Healthcare Attacks Start. Is Your Security Stack Watching?

Every week, a healthcare organization discovers it has been breached. The forensics team reconstructs the timeline, the incident report identifies the entry point, and in case after case it is the same: a browser session. Not a misconfigured firewall, not an unpatched server — the same interface a clinician used to pull up a patient record, or a claims processor used to adjudicate a claim and update a member’s file. Your network tools see it as a valid HTTPS connection; your endpoint detection and response (EDR) never looks at it; your data loss prevention (DLP) was never designed to monitor it.

That browser gap is where Menlo Security’s 2026 Healthcare Security Brief focuses, and it is wider than most healthcare security teams realize, because the tools they trust most are the ones that cannot see it.

The Numbers that Should Concern Every Healthcare CISO

Here is what Menlo blocked across enterprise healthcare environments in Q1 2026 alone.

1 in 5

phishing links go completely undetected — actively clicked by users, missed by legacy URL filtering (Menlo Threat Research)

276M+

patient records compromised in 2024 alone — about 758,000 exposed every day (HHS OCR; HIPAA Journal, 2024)

58%

of healthcare attacks are credential phishing — the browser is where they arrive (Menlo Threat Research, healthcare vertical)

58% of Healthcare Attacks Are Credential Phishing. Your MFA Doesn’t Stop Them.

Credential phishing accounts for 58% of browser-based attacks in healthcare, one of the highest shares of any vertical — and in 2026 the dominant technique is no longer simple password theft. Adversary-in-the-Middle (AiTM) phishing intercepts the authenticated session token after multi-factor authentication (MFA) has completed. The attacker sits between the user and the legitimate service, captures the verified session, and arrives as a fully authenticated user. Resetting the password does nothing; the token is still live.

For a provider, that is a potential patient safety event: in 2024, an employee’s downloaded file led to ransomware that took Ascension’s hospitals offline and forced ambulance diversions (HHS OCR breach portal; Ascension public statement, 2024). For a payer, it is a path to claims fraud and large-scale member-data exposure. An attacker with authenticated access to a clinical workstation or claims system can observe, modify, and disrupt workflows, all without triggering a single alert. A January 2026 Phishing-as-a-Service (PHaaS) campaign against Microsoft 365 did exactly this: a page rendered correctly over HTTPS from a newly registered domain, with the token theft happening entirely inside the browser, below every network inspection tool.

The Ransomware Chain Starts in the Browser. Most Defenses Start Four Steps Too Late.

Ransomware groups know healthcare cannot tolerate downtime. In 2024, the Change Healthcare attack, in which stolen credentials were used against a remote-access portal with no MFA, stalled claims processing nationwide for weeks and exposed roughly 190 million people, the largest health-data breach on record (HHS OCR breach portal; UnitedHealth Congressional testimony, 2024). Qilin, the most active ransomware operation globally in Q1 2026 (Check Point Research), uses browser-delivered credential theft as its primary initial access method. Phishing delivers the foothold, credentials are pulled straight from memory, and stolen sessions enable lateral movement through legitimate remote-management tools that raise no alerts. By the time encryption triggers, the initial access is four steps in the past, and the browser session where it started was never logged.

Fifty-four percent of ransomware victims had their credentials exposed in infostealer logs before the attack began (Verizon DBIR 2025).

The PHI Exposure Your DLP Cannot See.

In a single healthcare customer environment, Menlo observed 276,000 file uploads to GenAI tools in a 30-day period — most with no policy, no visibility, and no governance. This is not an edge case: the 2025 Verizon DBIR found 15% of employees use generative AI from corporate endpoints at least once every 15 days, 72% signing in with personal email, creating data flows that bypass every enterprise DLP control. When a clinician pastes protected health information (PHI) into ChatGPT, or a claims processor pastes member PII into a browser-based tool, it generates no alert, no log entry, and no compliance signal.

HIPAA audit controls require that you account for PHI transmission. Browser sessions are transmission events — and for most healthcare organizations, there is no accounting for them.

Zero Tools Fired. One Block.

In February 2026, a user at one of the nation’s largest healthcare organizations clicked an email link to what looked like an Adobe secure document portal. The domain was clean. Zero vendors flagged it on VirusTotal at time of click, and no reputation-based tool in the stack flagged anything wrong. But what the page was actually doing differed from what it claimed: it was requesting the download of a trojanized remote-management tool disguised as a PDF. Had the user run it, the attacker would have had persistent remote access to a clinical workstation — able to observe, modify, and disrupt patient-care workflows with no alert anywhere in the stack.

Menlo blocked the file by analyzing what the page was attempting to do, not where it came from. That gap between what a page claims to be and what it actually does is where modern healthcare attacks now live — and none of the tools that said “clean” were built to close it.

The Gap Isn’t Your Tools. It’s the Layer They Were Never Built to Cover.

Healthcare teams have invested well — network controls, endpoint protection, email gateways, DLP — and those tools perform exactly as designed. But none were built to operate at the browser layer, where credentials are entered, sessions live, data moves, and AI agents now act on behalf of clinical and claims-processing staff. Closing that gap takes capabilities your existing stack does not have:

  • Isolate the endpoint from the web — execute web content away from the workstation so zero-day exploits have no target.
  • Behavioral, intent-based prevention — judge what a page is trying to do, not where it came from, catching social engineering and session-token theft on clean domains.
  • Credential input protection — block credential entry on suspicious pages before tokens are harvested. MFA does not do this.
  • Browser-layer PHI governance — governs copy-paste, uploads, and text entry inside the browser, where traditional DLP is blind.
  • AI agent governance — apply the same access controls and audit logging to the agents operating in Chrome and Edge that you apply to staff.

Three Questions to Ask Your Security Vendors This Week

  1. If a clinician’s session token was stolen from your Epic or Oracle Health login — or a claims processor’s from your TriZetto or homegrown claims platform, not the password, the live session — would any tool in your stack detect it?
  2. Your staff already use ChatGPT and Copilot. Pull your proxy logs: what PHI left your organization through a browser session last month? If you cannot answer, you have an open HIPAA finding right now.
  3. Ask whether your tools would flag an attack hosted on a domain serving Epic MyChart, Oracle Health, TriZetto, or Change Healthcare traffic. If detection depends on a domain being flagged as malicious, it misses anything on infrastructure your stack already trusts — where 35% of the threats we blocked in Q1 2026 originated (Menlo Threat Research).

Download the 2026 Healthcare Security Brief →

Menlo Security

menlo security logo
linkedin logotwitter/x logoSocial share icon via eMail
See the Menlo Browser Security Platform in Action