Shadow AI in Healthcare Is Here to Stay

CYBER RISK Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Shadow AI in Healthcare Is Here to Stay Medical professionals are not going to stop using AI tools to manage growing workloads. Organizations should prioritize bolstering security protocols to limit their blast radius. Arielle Waldman,Features Writer,Dark Reading April 6, 2026 4 Min Read SOURCE: IMAGEBROKER.COM VIA ALAMY The healthcare industry must get ahead of pervasive shadow AI risks that only exacerbate recovery challenges when ransomware and other disruptive cyberattacks inevitably hit.   Physicians, doctors, and clinicians use unsanctioned artificial intelligence (AI) tools and chatbots to boost efficiency in a job where shaving a second off could mean saving someone's life. But security teams can't monitor for potentially damaging threats if they don't know the tools are running in the environment; hence the term "shadow AI."  When healthcare professionals use personal devices, unvetted tools, or public large language models (LLMs), they risk introducing new vulnerabilities and expanding attack surfaces. Those threats could lead to data leaks, breaches, and highly sensitive protected health information entering unmanaged environments.   Shadow AI is one risk that Joe Izzo, chief medical information officer for San Joaquin General Hospital, wants to get ahead of, he said in his presentation at RSAC 2026 Conference last month. Healthcare professionals adopt AI tools to help with dosing, information retrieval, medical searches, and clinical summaries, said Izzo, noting that he's also observed AI used as billing-cycle assistant tools.   Related:Why a 'Near-Miss' Database Is Key to Improving Information Sharing Many of them are not dangerous or necessarily bad, added Izzo. But their unvetted uses, lurking in the shadows, pose heightened security challenges. Raising awareness and using AI securely will help when hospitals are in the throes of ransomware recovery and dealing with enough chaos as it is, he noted.  Shadow AI constitutes a two-fold problem, says Aviatrix CEO Doug Merritt. It doesn't just create a visibility gap; it also creates workloads with unlimited blast radii because of the significant privileges these tools require, particularly AI agents.  AI infrastructure isn't strong enough in some places currently, but shadow AI compounds the problem, Merritt tells Dark Reading. And environments for healthcare "hold the most sensitive data in any industry," he says.   "Use AI, Use AI" Shadow AI activity is ramping up as burnt-out healthcare professionals, working under growing pressures, look to ease burdens. As in other industries, executives are also pushing employees to use AI to boost productivity.  However, some professionals adopt the tools without notifying security teams, muddying asset visibility. That hinders ransomware recovery by expanding attack surfaces, slowing investigation times, and introducing unrecoverable data with no backups.  Related:With Government's Role Uncertain, Businesses Unite to Combat Fraud "People are bringing in AI, what I'm worried about is cybersecurity posture," says Meritt. "With my own employees, too. I'm badgering them, 'Use AI, use AI. (But) if you want to bring your own tools, register them in our domain set.'"   Merritt doesn't blame them. During conversations with friends in the healthcare industry, he learned they're using tools to offset administration burdens, for quick clinical documentation, and other tasks that "drive them up the wall." Their backs are against the wall, and patient care remains the number one priority. "Try telling those folks you can't use the tool that saves these guys 30 minutes to an hour per shift so they can spend more time with patients," Meritt says. "Doesn't make any sense at all."  Caving to AI Temptation A shadow AI healthcare report by global infotech company Wolters Kluwer found that "41% of respondents were aware of colleagues using unauthorized AI tools." Almost 50% of respondents said they used them for a faster workflow, and one in three attributed a "lack of approved tools or the approved tools lacking desired functionality" as to why they turned to shadow AI.  Temptation is rising as vendors now market directly to physicians during conferences, revealed Izzo. Concerns arise because vendors will tell them they can use their tools, but they must sign an agreement with them specifically, bypassing hospital policies or governance.  Related:Cyberattackers Don't Care About Good Causes "Surprise, those agreements typically put all the onus entirely on physicians, but it is very tempting," Izzo said. "Especially because typically physicians and nurses and clinical staff aren't doing this to be evasive. They want to be more efficient."  Instead, it's important to discuss workloads with clinicians to see where "we can make them better," he recommended.  Ditch the Denial Experts agree that people are not going to stop using shadow AI. "Bring Your Own Device is increasingly pervasive and has allowed this to happen somewhat seamlessly," warns Jeremy Banon, CEO and founder of The Cyber Health Company.    Strategies should focus on improving awareness and security instead. Denial is longer a viable state, Banon tells Dark Reading.  "It's important for companies to not bury their heads in the sand," Banon says. Leadership should create an enterprise AI plan and recruit a vendor that can deploy proper security and privacy controls for the organization's use cases. Additionally, patients should have an opt-in whenever a tool is introduced, he said.  Asking how organizations can stop employees from using unapproved tools is a "losing question," emphasizes Merritt. The tools are too productive and easy to access to stop. "The business pressure, like I'm putting on my employees, is way too intense," he adds.  Rather than prohibit use, companies should worry about containment and ensure they have an effective discovery of shadow AI, recommends Merritt. Organizations should assume these tools are running in their environments and prioritize limiting the blast radius. "How do you bubble wrap AI workloads so they're allowed to be there, but you see exactly who they're communicating with and what's going out?" Merritt says. "A workload zero-trust policy stance is way easier."  About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 Access More Research Webinars From Alerts to Outcomes: How Enterprise SOCs Measure What Matters Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need More Webinars You May Also Like CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBER RISK Why Data Privacy Isn't the Same as Data Security by Chris Borkenhagen APR 10, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge DATA PRIVACY Inconsistent Privacy Labels Don't Tell Users What They Are Getting APR 3, 2026 CYBERSECURITY OPERATIONS Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 APR 2, 2026 CYBERSECURITY OPERATIONS RSAC 2026: AI Dominates, But Community Remains Key to Security APR 2, 2026 CYBERSECURITY OPERATIONS Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense APR 1, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS