AI Governance Playbook Calls for Enterprise Risk Controls
Data Breach TodayArchived Jun 03, 2026✓ Full text saved
Healthcare Coordinating Council Highlights AI Risks, Potential Medical Mishaps Healthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.
Full text archived locally
✦ AI Summary· Claude Sonnet
Agentic AI , Artificial Intelligence & Machine Learning , Healthcare
AI Governance Playbook Calls for Enterprise Risk Controls
Healthcare Coordinating Council Highlights AI Risks, Potential Medical Mishaps
Marianne Kolbasuk McGee (HealthInfoSec) • June 2, 2026
Credit Eligible
Get Permission
The Healthcare Sector Coordinating Council's new AI cyber governance playbook aims to help healthcare CISOs, other leaders and their teams address emerging AI concerns. (Image: HSCC)
Risk managers are worried about the governance of artificial intelligence tools in healthcare settings: Sensitive patient information could be shared by a publicly accessible chatbot. A hacker could insert a fake medical image data into an AI radiology tool.
See Also: AI Agents Introduce a New Insider Threat Model
Worst-case scenario: A large language model could hallucinate the wrong diagnosis or drug recommendation, leading to patient harm or even death.
"With AI, data governance in healthcare organizations is becoming much more complicated due to all of these flows of data, both within the organization and to third parties," said regulatory attorney Jordan Cohen, a partner of the law firm Akerman LLP. "As those workflows, especially agentic workflows, get more complex, you're going to be introducing new risks."
Healthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and resiliency issues as they roll out AI tools for business operations, clinical and other uses, according to a new playbook released Monday by the Health Sector Coordinating Council.
The group's 87-page Health Industry AI Cyber Governance Framework Implementation Guide aims to help security leaders and their teams navigate governance and AI-related risks.
The playbook addresses cyber governance challenges involving the wide range of AI technologies deployed in healthcare from traditional AI, such as machine learning, reactive and non-agentic models, as well as newer generative AI and agentic AI systems capable of autonomous action.
"Each technology category addresses distinct cyber risk issues requiring governance oversight and controls," the guide said. "AI governance in healthcare differs fundamentally from that of other sectors due to the life-and-death nature of medical decisions and the complex regulatory environment governing patient care."
As such, AI should be viewed as an enterprise technology risk that must be governed with the same level of diligence as electronic health record systems, medical devices, cloud platforms and third-party vendors - but with additional controls for AI-specific threats and risks.
That includes potentially dangerous clinical AI hallucinations, prompt injections that could affect clinical workflow, model drift, output variability, data poisoning, protected health information leakage, adversarial attacks and many AI-related concerns.
"Just as cybersecurity is a shared responsibility that healthcare providers and vendors including device manufacturers bear, so too is cybersecurity of AI tools," the playbook said.
"Coordination among discrete components within a healthcare provider setting are needed to ensure holistic responsibility when those units own responsibility for different tools."
Topics addressed in the guide include operational resilience for AI-dependent clinical workflows, AI supply chain and concentration risk, non-human identity management, patient engagement and transparency obligations, liability and insurance considerations, governance requirements for research AI and many other issues.
This latest playbook is part of a series of AI-specific documents that HSCC has already released - including an AI supply-chain risk guide issued in April - and plans to publish in the months ahead installments to address other emerging AI in healthcare considerations (see: HSCC Guidance to Help Health Sector Navigate AI Cyber Risks).
The HSCC is a 500-member coalition of private-sector critical healthcare infrastructure organizations in a national public-private partnership to advise the government in the identification and mitigation of strategic threats and vulnerabilities facing the sector's ability to deliver services and assets to the public.
The new AI cyber governance framework was developed by an AI task force within HSCC's cybersecurity working group.