Case Studies

How Real-Time Bot Detection Shut Down 94.3% of IVR Attacks at a Fortune 500 Healthcare Org

July 9, 2026
>$73M
in HSA and benefit account balances protected
>30,000
bot calls detected and acted on
94.3%
drop in bot calls, January to April 2026
Real time bot detection
Summary
For months, AI bot activity targeting this healthcare organization’s member accounts kept escalating. Once Pindrop solutions made them visible and gave the team the tools to respond, the attacks became less productive, the attack surface shrank, and the attack volume declined.
Industry
Healthcare
Size
>10,000,000 annual inbound calls
Challenge
Automated bots attacked the member services center by the thousands, filling up queues and targeting HSA accounts
Solution
Pindrop® platform (Pindrop® Protect, Pindrop Pulse® for Calls) to detect fraudulent and synthetic callers

How do AI bots attack healthcare IVR systems?

AI bots attack healthcare IVRs by probing, not breaking in. Rather than attempting takeover on a single call, they place many calls that methodically collect PHI and PII, validate which accounts exist, and test which menu paths leak the most while assembling a map of vulnerability that fuels later takeover attempts.

Over a 12-month window, a leading healthcare organization tracked something unusual in its IVR: a pattern of calls that didn’t behave like members. The callers moved through menus with mechanical precision, probing account details without the hesitation of someone genuinely trying to understand their benefits. They weren’t there to get help. They were mapping vulnerability.

AI bot attacks against healthcare contact centers have surged in recent years, and this organization was seeing that trend up close. The volume climbed month after month. In January 2026, 6,668 bot calls hit the IVR in a single month, with $15.1M in HSA account balances at risk of exposure in that period alone.

What made these attacks particularly difficult to stop without automated tooling is their structure. Bots don’t try to compromise accounts on the first call. They probe. They collect PHI and PII. They validate account existence. They test which menu paths extract the most information. Over many calls, they build a map of vulnerability that fuels downstream takeover attempts.

The organization’s existing controls weren’t designed for this. Without automated detection, the window between a new wave of bot activity starting and patterns becoming visible was too long to catch fraud in real time.

How do you detect AI bot calls in real time?

Real-time bot detection comes down to scoring every call the instant it arrives, before the caller reaches a menu that matters. The organization deployed the Pindrop® platform to bring real-time detection to its IVR. The aim was straightforward: identify non-human callers as they came in and give the security team the signals it needed to act.

Pindrop Pulse® tech analyzed each call as it arrived, flagging synthetic and bot-generated voice activity within seconds of call start. Pindrop®Protect layered in broader fraud signals: IVR reconnaissance patterns, device anomalies, and data from the Pindrop Intelligence Network™ consortium, a deep collection of fraud intelligence pooled across Pindrop’s customer base. When an attacker had already been seen at another organization, the Pindrop platform already knew its signature.

When calls scored as high risk, the organization responded: tighter IVR access controls and restrictions on account modification workflows. The friction was targeted at machines, not members.

Does detecting bots actually reduce IVR attacks?

Yes, that’s exactly what this customer experienced. Within months of bringing detection online and tightening response protocols, the organization’s monthly bot calls fell 94.3%, from a peak of 6,668 in January 2026 to 383 in April. As detection came online and the organization’s response protocols tightened, bot calls became far less productive. Calls that used to probe freely now ran into walls. The attack surface got smaller.

These numbers reflects attacker behavior as much as it reflects platform performance. The Pindrop platform doesn’t prevent bots from placing calls. It detects them, makes them visible, and enables the organization to act on that signal. When a target consistently detects and responds to attempts, it stops being a good target. These attackers found better ones.

Over the full analysis window, more than 30,000 bot calls were detected and acted on. The organization protected more than $73M in total targeted HSA account balances from exposure.

>$73M

in HSA and benefit account balances protected

>30,000

bot calls detected and acted on

94.3%

drop in bot calls, January to April 2026

Is your IVR already a target for AI bots?

If your contact center handles member accounts through an IVR, the likelihood is very high. Healthcare contact centers handling member accounts are a priority for AI-driven bot attacks. IVR self service menus with weak authentication controls allow fraudsters to access transactional details on the account that enable downstream social engineering and account takeovers. The organization in this story tracked thousands of bot calls a month before it had the tooling to act on them.

Security teams that catch these attacks in real time have something specific in common: they score every call as it arrives, act on high-risk signals immediately, and cut off account access before anything changes hands. Passive analysis runs in the background. Legitimate members don’t feel it. Bots do.

Two questions are worth asking now. How quickly does your team know when a bot hits your IVR? And what happens in the next few seconds? If the answer to either is unclear, that’s where the conversation with Pindrop starts.

See what Pindrop solutions can do for your organization

Talk to a real human to assess your organization’s risk and see how the Pindrop platform can help you prevent breaches.

Digital trust isn’t
optional—it’s essential

Take the first step toward a safer, more secure future for your business.