In Part 1, AI Voice Agents are Coming For Your Business, I made the case that AI agents (specifically voice agents that can interact and talk on calls without guidance) are beginning to show up and operate in business channels that weren’t designed for them, faster than the policies meant to govern them. That’s both a new opportunity and a new challenge for every industry, as well as for criminals who prey on specific industries.
In pharma, life sciences, and healthcare (which have been my 3-decade industry focus on both sides of the corporate/consulting table), it’s a different category of challenges, because the channels at stake are regulated, data is patient-specific, and the consequences of a mistake aren’t limited to operational or financial losses. And the industry has oversight and scrutiny through Department of Justice (DOJ) settlements, privacy regulatory fines, False Claims Act (FCA) judgments, HIPAA OCR enforcement, and Anti-Kickback Statute (AKS) exposure.
This article is a “double-click” for the pharma, life sciences, and healthcare audience. If you’re reading from outside this sector, the patterns may still apply to you. The stakes are just higher here, and several of these threats have already arrived. There’s an opportunity to get ahead of these new tactics and concerns by threat-modeling them before they impact our organizations.
If you want to see how an AI-powered voice agent works, check out this video demonstration I made (which took just 10-15 minutes to build from scratch). If I can create a semi-autonomous agent to proactively make calls from a local area code, record the results, and socially engineer the recipient into taking action, criminals will no doubt find dubious ways to exploit this technology.
This industry sits at the center of federal enforcement against fraud and scams, well before artificial intelligence… and definitely well before AI began literally talking. The DOJ’s False Claims Act recoveries hit $6.8 billion in fiscal 2025, the highest in the law’s history, and 83% of that came from healthcare. Three-quarters of those filings started with current or former employees. The DOJ also designated healthcare fraud as one of its top ten enforcement priorities, and the Civil Cyber-Fraud Initiative now creates direct FCA (False Claims Act) exposure for security misrepresentations on government contracts.
Add the Anti-Kickback Statute (AKS), which doesn’t require a smoking-gun bribe to trigger. Any payment, benefit, or arrangement that could be characterized as inducing referrals or enrollment is fair game. In 2025, DOJ enforcement extended that scrutiny into AI-enabled workflows, patient support programs, and PBM (Pharmacy Benefit Manager) arrangements.
This is the operating environment AI agents are being dropped into. Many companies haven’t mapped where their agents touch regulated activity, who authorized them, or what they’re allowed to commit to. And the insertion of agentic AI and AI voice agents is only scratching the surface of what will likely continue to evolve and expand.
First, I want to provide a quick overview of some programs that support patients financially:
An agent that makes enrollment commitments your compliance team didn’t review is a program integrity problem. An agent that fails to disclose that it is an AI in a state that requires such disclosure (e.g., California) creates regulatory exposure, regardless of whether anyone was defrauded. There’s no named enforcement action against an autonomous AI agent in this channel yet. However, the FDA has issued warning letters to companies that cut corners and fail to comply with regulatory validation requirements for AI use. The agents are just warming up, and companies are still figuring out how to use them appropriately.
On the flip side, as agents and voice agents readily come into patients' hands, how might a patient use their OWN agent to negotiate with the PAP agent to obtain fraudulent coverage? Are humans (or other agents) authorized to negotiate or accept input from non-humans? Were call centers designed to handle this use case? Probably not! These are all solvable challenges, but only if they are being proactively contemplated and mitigated.
I spoke with Laura Viaches, Founder of Endeavor Pharma Solutions, a boutique pharmaceutical market access and patient services consulting firm. In our conversation, she commented that "Patients increasingly expect a digital-first experience when they engage with patient support programs. It's faster, more convenient, and frankly more cost-effective to deliver. AI accelerates that shift in real and useful ways. But the same channels that make access easier also create new exposure, and a single PHI breach can do reputational damage that far outweighs the operational efficiency gains.
Pharma manufacturers need to start designing the security layer now, not after an incident. Practical measures like verbal passwords, callback verification for sensitive transactions, and pre-established authentication phrases between hubs and prescribers are low-tech tools that make voice-cloned impersonation more difficult. The industry has a narrow window to build these habits in before the threat surface scales."
AI is being deployed on both sides of these conversations. Payers (insurance companies) negotiate with pharma companies to establish “formulary tier” position. Depending on the tier placement, it will indicate how much insurance coverage a patient will get. And pharma companies want insurers to cover more of the patient cost to expand use and access to their drugs.
For these business negotiations and executive decisions, fake exec approvals are likely bound to be in play, and real-time voice deepfakes are making this type of fraud much easier. In a cross-industry deepfake case, Arup, an engineering firm, lost $26 million in 2024 after a finance employee authorized 15 wire transfers following a deepfake video call that appeared to feature the company’s CFO. Pindrop tracked a 1,300% rise in deepfake fraud attempts against contact centers in 2024. Pharma contracting calls are high-value negotiation channels, and cyber criminals will always go where the money is flowing.
This is where the confirmed cases are clearest. LexisNexis tracked an 8% global increase in synthetic identity fraud in 2025. Sumsub’s 2025-2026 fraud report documents AI fraud agents that build synthetic identities, interact with verification systems in real time, and adjust based on outcomes. Operation Gold Rush, the $10.6 billion DME fraud takedown, is the headline case. The ZS Associates copay card case, where ML-based anomaly detection caught a $25 million fraud network that rule-based reviews had missed entirely, is the more useful one for pharma manufacturers, because it shows both the threat and the working defense.
A pharmacist gets a call that sounds exactly like a prescriber they know, confirming a controlled-substance refill or authorization for in-demand weight-loss drugs. The voice is generated in real time from 60 seconds of training audio scraped from a podcast, online video, or a recorded phone call. The DOJ’s $703 million AI audio consent Medicare case, prosecuted in 2025, established the precedent. This was part of a broader documented $14.6 Billion in alleged fraud. Based on confirmed cases, the AMA (American Medical Association) issued guidance to help protect physicians from deepfakes.
Troy Health’s non-prosecution agreement was the first DOJ healthcare resolution to flag AI governance as a factor in its evaluation. The framework is built. The next case writes the standard.
My takeaway from every confirmed case that I found in this space (both confirmed and likely), is that AI is both the threat and likely the best available tool to detect the threat. But our defensive and detective capabilities trail the offensive attacker's exploits because technology and tools are changing so fast.
The DOJ’s 2025 Takedown credited its new Health Care Fraud Data Fusion Center, which uses AI and shared analytics across the DOJ, HHS-OIG, CMS, and the FBI. CMS used AI-driven anomaly detection to block $4 billion in fraudulent payments before they were paid out, stopping fraud at submission rather than chasing it through post-pay audits. The ZS case is the cleanest commercial proof point: pattern recognition across transaction volume, fill frequency, payer rejection rates, and prescriber networks surfaced fraud that rule-based review couldn’t see.
What good detection looks like, concretely:
Most healthcare call centers and patient support programs aren’t currently running these controls. The detection capability exists. The deployment hasn’t caught up.
In my conversation with Laura Viaches, she also emphasized the verification challenge at the heart of patient services: "When it comes to consents, authorizations, and any discussion involving PHI, agents need to be certain they're talking to the actual patient or an authorized caregiver, not someone else. Verbal authorizations are accepted across the industry today, and for good reason. They work, patients expect them, and they keep friction in access low. But it's worth considering what may need to change as voice cloning gets cheaper and more convincing. Step-up verification on the highest-risk transactions, a callback to a known number, a pre-established passphrase, and a secondary channel confirmation are the kinds of layered approaches hubs and call centers should be evaluating now, before the threat scales.
If you run cybersecurity or compliance in pharma, life sciences, or healthcare, here are the questions worth answering this quarter:
These aren’t six separate projects or processes. They’re one assessment, scoped to agentic and voice-enabled AI risk across regulated channels.
Mitch Parker, CISO from Indiana University Health, commented that “We’ve conducted show-and-tell examples of executive deepfakes and other efforts to stay on top of emerging fraud techniques. But the biggest question and risk we face with AI-enabled scams likely comes from the data we've made public on social media and in our online presence. Further, as we all continue to use AI personally and professionally, we are putting more data into the digital world that can both help us and be used against us.
This is the work we’ve been building toward. Our focus is business-centric and enabling cybersecurity and risk management within pharma, life sciences, and healthcare, specifically:
If you want to talk through where your organization stands, reach out at info@revealrisk.com.
The Risk Realist is published by Aaron Pritz, CEO of Reveal Risk, a boutique cybersecurity consulting firm serving pharma, biotech, healthcare, and other regulated industries. Subscribe on LinkedIn