HIMSS26 sees the convergence of AI governance and cybersecurity resilience - Healthcare IT News

The industry's anxiety is concentrated at this intersection, says Phil Sobol of health IT consulting firm CereCore. Here's what hospital and health system IT leaders can be doing to tackle the challenges. Global Privacy & Security By Bill Siwicki , Managing Editor | March 9, 2026 | 11:14 AM Phil Sobol, chief commercial officer at CereCore Photo: CereCore A standout topic at this week's 2026 HIMSS Global Health Conference & Exhibition is the convergence of AI governance and cybersecurity resilience, said Phil Sobol, chief commercial officer at CereCore, a health IT consulting firm that specializes in major platforms like Epic, Meditech and Oracle Health. The firm is in booth 6126 at HIMSS26. "These two conversations are deeply intertwined, and together they represent a defining challenge for health IT leaders right now," he stated. "By my review, HIMSS26's core focus areas include artificial intelligence and machine learning with an explicit emphasis on governance for trustworthy AI, alongside cybersecurity and privacy – defending health systems from ransomware, protecting patient data and building resilient operations." Industry concern "The fact that HIMSS has organized so much of its programming slate around these two themes tells you everything about where the industry's anxiety is concentrated," he added. What makes this such a pressing issue is that the speed of AI deployment has significantly outpaced the organizational frameworks designed to govern it, Sobol said. "About any resource you check reports a growing maturity gap between AI enthusiasm and the structures needed to sustain it," he explained. "Weak endpoints, workflow misalignment, or data gaps and lack of visibility into which tools are being used from a healthcare organization's network are of real concern. "Meanwhile, ransomware, supply-chain compromises and AI-driven attacks continue to intensify – and zero-trust architectures are becoming the operational default for health systems that want to maintain continuity under active cyber stress," he continued. "This is a dangerous combination – an industry deploying AI faster than it can govern it, in one of the most heavily targeted threat environments in the world." An operational imperative The most urgent action CIOs and health system leaders should take is to start treating AI governance as an active operational imperative, Sobol advised. "Health systems that have established an AI governance council and programs with clear ownership and formal oversight structures and tools are more resilient," he noted. "Defined approval and monitoring thresholds are part of the accountability that flows from the board level down to clinical and operational teams. "Equally important is strengthening the operational foundation that AI runs on," he continued. "Success with AI hinges on leadership alignment, clear governance and workforce engagement – organizations that build strong governance and workforce readiness today will be the ones unlocking the greatest clinical and financial value tomorrow." That means honestly assessing whether one's EHR environment is optimized, whether the service desk is capable of scaling with growth, and whether the cybersecurity posture reflects the realities of a zero-trust world, he added. Invest now "Leaders who invest in that operational infrastructure now – rather than waiting for a breach or a failed AI deployment – will be in a far stronger position 12 months from now than those who don't," Sobol explained. "And there are options for every budget and where we know the budget pressure is really on – in rural healthcare, for instance. "There are good reasons to consider partnership support models that help health organizations of every size extend the expertise of their leadership team to include more cybersecurity focus – AI is one, and the known threats to healthcare is another," he concluded. Follow Bill's health IT coverage on LinkedIn: Bill Siwicki Email him: bsiwicki@himss.org Healthcare IT News is a HIMSS Media publication. WATCH NOW: Managing government policy and regulation in healthcare AI adoption Topic: Artificial Intelligence, HIMSS26, Privacy & Security