Fortinet report flags AI-led cybercrime risks to hospitals, utilities and factories

Hospitals, power plants and factories face cyber risks driven by changes in how cybercrime operations function, according to Fortinet’s 2026 Cyberthreat Predictions Report. The report states that ransomware groups and AI-supported crime networks are using automation and artificial intelligence to target essential services within shorter timeframes.

According to the report, cybercrime groups now function through structured operations that include defined roles, automated processes and AI systems that analyse stolen data and initiate attacks within minutes. The report states that this approach increases exposure for hospitals, utilities and factories, where system disruption can affect public safety and supply chains.

“Velocity now defines risk,” Fortinet stated in the report. It noted that a single ransomware affiliate can target several hospitals at the same time, while AI systems review large volumes of stolen data to identify targets. The report added that compromised systems can be used quickly for further movement across networks, reducing response time for security teams.

The report stated that several of Fortinet’s 2025 predictions have already occurred. These include the use of AI in cybercrime campaigns, the expansion of Crime-as-a-Service marketplaces and faster monetisation of stolen data through automated analysis. The report noted that these capabilities allow actors to carry out attacks using pre-compromised systems and botnets. It also stated that fraud, trafficking and money-laundering networks are increasingly operating together.

Looking ahead to 2026, the report predicted the use of AI-powered cybercrime agents capable of managing attack stages such as credential theft, system movement and post-compromise activity with limited human involvement. According to the report, generative AI tools will analyse stolen datasets, identify targets and generate ransom communications, increasing attack speed.

The report highlighted risks to infrastructure systems. It stated that hospitals could experience ransomware incidents that encrypt medical records and affect care delivery. Manufacturing facilities could face intrusions into operational technology that disrupt production. Utilities could be targeted in ways that affect power and water systems. The report added that response systems may face challenges against attacks that operate faster than manual intervention.

Fortinet stated that security operations now require a focus on identity management for both human and automated accounts. The report noted that automated workflows, cloud-based identities and AI-driven processes require monitoring to reduce exposure from compromised credentials. It added that tools such as NDR, EDR, CTEM and SOAR need to operate together to support detection and response.

The report also stated the role of threat-informed defence approaches. These include predictive intelligence models, exposure management and continuous simulation to support earlier identification of attack patterns. Fortinet added that education and intervention programmes can reduce recruitment into cybercrime activities and support workforce development.

According to the report, the cost of cybercrime is projected to exceed $23 trillion globally by 2027. It attributed this projection to ransomware operations, automated fraud activity and combined criminal networks. For infrastructure operators, the report stated that impact extends beyond financial loss to operational continuity and public risk.

Fortinet concluded that 2026 will reflect changes in the scale and pace of existing cyber threats. It stated that outcomes will depend on the ability to combine human oversight with AI-driven response across networks.