Voice Scams: When AI Calls Your Patients, Who’s Responsible?

The rapid democratization of artificial intelligence has turned voice phishing, or "vishing," into a weapon that even low‑skill actors can wield at scale. Deepfake audio can mimic a physician’s cadence and tone, making fraudulent calls indistinguishable from legitimate outreach. In 2025, a staggering 38% of Americans reported receiving such impersonation calls, and the fallout extends beyond annoyance—ransomware groups have leveraged these scams to trigger systemwide outages, as seen in the Kettering Health incident that left patients unable to reach care teams for weeks. This escalation forces healthcare executives to reassess risk models that previously emphasized network and data security, now adding the voice channel as a high‑value attack surface.

Compounding the technical threat is a shifting demographic landscape. While elder fraud traditionally dominated headlines, recent data reveal that Gen Z consumers are the most targeted, with 53% reporting scam calls versus 25% of baby boomers. Moreover, 77% of Americans express deep concern that AI could convincingly impersonate them to access sensitive accounts, and 84% are willing to endure longer verification steps to mitigate that risk. These attitudes intersect with stringent regulatory frameworks—HIPAA, HITECH, and GDPR—where breaches can trigger fines in the millions, amplifying the financial stakes for providers.

In response, healthcare organizations are deploying layered voice‑security strategies that mirror broader cyber‑defense postures. Branded calling surfaces the organization’s name and logo, giving patients an immediate authenticity cue. Call authentication technologies verify the originating number, while real‑time spoof‑protection filters block illegitimate calls before they reach end users. Vendors like TNS are integrating these controls with reputation monitoring and analytics to provide a holistic view of voice‑channel health. As AI continues to evolve, the industry must treat voice security not as an optional add‑on but as a core pillar of patient trust and regulatory compliance.