Artificial intelligence (AI) is the ultimate double-edged sword in healthcare. On one side, AI is already driving real improvements, from accelerating diagnostic imaging to streamlining operational workflows such as delivering faster, more accurate, and more efficient patient care. And we are still only at the beginning; AI’s potential to reshape healthcare is undeniable.
But that optimism is tempered by the reality that AI also introduces one of the most significant cybersecurity risks the healthcare industry has ever faced. Patient data has long been a top target for cybercriminals, and since AI relies on massive datasets to function and improve, the threat landscape has only expanded with the rapid adoption of AI across the industry.
The same personal data that powers AI and machine learning models also creates new risks, as AI systems are susceptible to sophisticated cyberattacks such as “adversarial attacks,” where small manipulations in data inputs can trigger harmful or misleading outputs. With AI now embedded across a broad range of clinical and operational tools, the attack surface has grown substantially, introducing risks and vulnerabilities that, if exploited, have the potential to disrupt the entire health sector and threaten patient safety.
Trust in AI Depends on Trust in Security
In healthcare, trust is non-negotiable. The patient-provider relationship is grounded in the expectation that clinicians will deliver accurate diagnoses, safeguard personal health information, and provide safe, effective care. Today, AI touches nearly every aspect of that encounter, from diagnostics to administrative workflows. If any part of this ecosystem is compromised, whether through data poisoning, model theft, corruption, or manipulation, trust in AI will quickly erode, stalling adoption and potentially sidelining critical technologies altogether.
The fragility of AI’s role in patient and clinician trust is underscored by a recent study from Alber et al., which found that altering just 0.001% of AI training tokens with medical misinformation increased the likelihood of medical errors. The study highlights a troubling reality: AI models are highly vulnerable to attacks and may generate harmful recommendations that even experienced clinicians may be unable to detect.
These findings make one thing clear: without robust cybersecurity embedded at the foundation of healthcare AI systems, the promise of AI risks being undermined at its core.
Building Secure AI Must Be a Strategic Priority
To address the risks AI introduces, healthcare organizations must fundamentally rethink how they deploy and manage AI. Cybersecurity and AI cannot operate in silos, security must be woven directly into every stage of AI development, governance, and implementation.
Three priorities stand out for healthcare leaders:
- Demand Secure-by-Design AI
Healthcare organizations should require vendors to provide clear evidence that AI technologies are developed with built-in security controls, covering everything from data validation to continuous monitoring. AI model training, validation, and update processes must be transparent and standardized to ensure security is maintained over time. - Integrate Risk Management at Every Stage
Risk management must be a continuous process across the AI lifecycle, from procurement to deployment and ongoing use. This includes routine risk assessments, real-time risk monitoring, and testing, such as AI-specific penetration testing, to identify and mitigate potential risks before they impact clinical care or operational performance. - Collaborate to Establish Sector-Wide Standards
No single organization can tackle these challenges alone. Industry collaboration is essential to build consistent standards for secure AI development and deployment, and to shape regulatory frameworks that keep pace with AI’s rapid evolution.
Empowering Clinicians with AI Education
To fully harness AI’s potential while mitigating its risks, healthcare organizations must prioritize educating clinicians about AI’s capabilities and vulnerabilities. Clinicians are on the front lines of patient care, and their ability to interact with AI tools effectively is critical to maintaining trust and safety. Without proper training, clinicians may struggle to identify AI-generated errors or biases, which could compromise patient outcomes.
Education programs should focus on three key areas: understanding how AI tools function in clinical settings, recognizing signs of potential data manipulation or model drift, and fostering critical thinking to question AI outputs when they deviate from clinical judgment. For example, workshops could simulate adversarial attack scenarios, teaching clinicians how subtle changes in data inputs might lead to incorrect diagnoses. Additionally, ongoing training should keep clinicians updated on evolving AI technologies and emerging cyber threats.
By equipping clinicians with this knowledge, healthcare organizations can create a human firewall – an essential layer of defense that complements technical safeguards. Empowered clinicians can serve as vigilant partners in AI’s integration, ensuring that these tools enhance, rather than undermine, patient care.
The Stakes Are High, and Getting Higher
AI is driving rapid transformation across healthcare, with potential benefits that are far-reaching and profound. But without a solid cybersecurity foundation, we risk not only exposing sensitive data but undermining the very trust and safety that healthcare depends on.
AI may be healthcare’s most powerful double-edged sword, but with robust security embedded at its core, we can unlock its full potential without ever putting patient safety at risk.
About Ed Gaudet
Ed Gaudet is the CEO and Founder of Censinet, with over 25 years of leadership in software innovation, marketing, and sales across startups and public companies. Formerly CMO and GM at Imprivata, he led its expansion into healthcare and launched the award-winning Cortext platform. Ed holds multiple patents in authentication, rights management, and security, and serves on the HHS 405(d) Cybersecurity Working Group and several Health Sector Coordinating Council task forces.
