CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 06, 2026

What Trump's AI Executive Order Means for Healthcare Sector

Data Breach Today Archived Jun 06, 2026 ✓ Full text saved

Experts: If Implemented Effectively, Directive Could Help Health Organizations Although President Donald Trump's executive order this week on artificial intelligence barely mentions healthcare, some experts said the directive could potentially have a positive impact on the critical infrastructure sector - if implemented effectively.

Full text archived locally
✦ AI Summary · Claude Sonnet


    Agentic AI , Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development What Trump's AI Executive Order Means for Healthcare Sector Experts: If Implemented Effectively, Directive Could Help Health Organizations Marianne Kolbasuk McGee (HealthInfoSec) • June 5, 2026     Credit Eligible Get Permission President Trump's artificial intelligence executive order could potentially help healthcare sector organizations, depending upon how well it's implemented, some expert said. (Image: Getty Images) Although President Donald Trump's executive order this week on artificial intelligence barely mentions healthcare, some experts said the directive could potentially have a positive impact on the critical infrastructure sector - if implemented effectively. See Also: AI Agents Introduce a New Insider Threat Model But because the order is limited in scope, the affect on the healthcare sector and some of its very specific use cases for AI is also likely constrained, some experts said. The executive order calls for establishing a voluntary framework for evaluating advanced AI models with significant cybersecurity capabilities. The directive gives the federal government up to 30 days access to frontier AI models before companies release the software to other trusted partners. But the order rejects mandatory licensing or preclearance requirements (see: Trump Signs Voluntary AI Cyber Review Order). Also, among other things, the order calls on the Cybersecurity Infrastructure and Security Agency within the next 30 days to issue binding operational directives and other guidance to prioritize the cyber defense of civilian federal systems and critical infrastructure. The order makes only one brief reference to healthcare - explicitly, "rural hospitals" - as a potential beneficiary of the directive through the facilitation of guidance for accessing "cybersecurity tools and services." That same reference mentioning rural hospitals also names community banks and local utilities as other beneficiaries. Under the order, the U.S. Treasury Department, National Security Agency and CISA will set up a AI cybersecurity clearinghouse - "in voluntary collaboration with the AI industry and operators of critical infrastructure" - to coordinate software vulnerability scanning efforts, validate discovered vulnerabilities and help prioritize remediation and patch distribution activities. "The EO's biggest opportunity for healthcare is speed and coordination," said Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center. "Critical infrastructure operators need to stay ahead of attackers who are professionalizing and leveraging AI to compress the time between vulnerability discovery and exploitation," he said. But execution of the order matters, Weiss said. "The sector will benefit most if review/benchmarking outputs, vulnerability clearinghouse activity, and tool access translate into timely, actionable information sharing through established ISAC channels," he said. "We want measurable resilience improvements - so cyber incidents don't become prolonged critical infrastructure outages that impact national security." The executive order is more about the ecosystem of models underpinning many common tools than about direct or sector-specific regulation, said Tom Leary, senior vice president of government relations at the Healthcare Information and Management Systems Society. "The EO's primary focus is on how such models might create or exploit cybersecurity vulnerabilities. The EO is not addressing the other AI capabilities." The EO will likely slightly improve the baseline cyber hygiene of frontier models, but the EO should not be seen as a substitute for sector-specific governance or vendor/implementer due diligence regarding AI model performance in the real world, he said. The White House's executive order this week was trimmed back from an earlier anticipated version President Trump was expected to sign last month. It originally called for a 90-day federal review of AI models. The 30-day review period is a significant change from Trump's initial AI policy, one health industry expert said, asking not to be named (see: White House Faces Pressure to Rewrite AI Order). "The administration has gone from zero oversight to a toe in the water. "Good start," the expert said. "Seems the Mythos situation has changed the conversation," the expert added, referring to the widespread panic that ensued after Anthropic disclosed in April that its latest version of Claude is so good at finding high-severity vulnerabilities - including those in decades-old software - that the tool is was too dangerous for an immediate public rollout (see: Anthropic Calls Its New Model Too Dangerous to Release) . "The feds often try and get their own house in order before turning to industry so it's not terribly surprising they are taking this approach," the expert said. "This is something that could be built upon, and we hope they will work with critical infrastructure sectors like healthcare which are notoriously under-resourced to do so," the source said. As Trump's order relates to vulnerability scanning a remediation, from a healthcare lens, "the most helpful 'red flags' are those that map directly to patient safety, operational resilience and protected health information protection," Weiss said. "I am concerned about models being used maliciously to enable faster intrusions and expose sensitive patient information, and about poor implementations that could allow agentic AI to take risky actions or disrupt supply chain," he said. With no specific enforcement mechanism to delay models in which vulnerabilities are found, the review referenced in the EO could surface red flags, but HIMSS sees it more like an early-warning sensor for government than a hard stop on the release to the public on risky models entering healthcare, Leary said. "In the current form, the EO is cybersecurity-focused, so flagging 'other' issues that could pose risks to safety or related to bias is unlikely." A voluntary federal review framework for covered frontier models could help ensure safeguards are in place before these models are broadly deployed, Weiss said. "However, there's a risk of slower deployment of useful capabilities if review processes become heavy or unclear, especially if health sector organizations are trying to adopt AI to improve efficiency," he said. Generalized frontier models increasingly sit underneath healthcare workflows, including chatbots, call center automation, clinical documentation, revenue cycle, security operations and vendor products embedded in hospital environments, Weiss said. Software stacks in America's healthcare system are highly concentrated, so the most valuable early testing would look at how new models interact with the most common healthcare technology stacks and workflows, Leary said. "For example, a sudden ability to exploit a flaw in an electronic health record could make a significant portion of hospitals at risk to attack." Multiple segments in healthcare are potentially affected by the executive order in various ways, he said. That includes hospitals and health systems, but especially smaller and rural providers, since the directive explicitly calls out facilitating access to cybersecurity tools and services for critical infrastructure operators "such as rural hospitals," he said. Healthcare software vendors and service providers embedding frontier models into products used by hospitals will also likely feel the impact, he said. That's because model-level security and review outcomes will cascade into product expectations. Similarly affected will be medical device and digital health manufacturers that integrate advanced models into connected products or clinical decision support "because risk management and patching implications can affect safety and availability," Weiss said. Some experts are hoping that the order will result in stronger AI related collaboration with under-resourced sectors like healthcare. "Given the interconnected nature of our sector with others - like water and electricity - it's imperative we are all working together otherwise we are only as strong as our weakest link," said Mari Savickis, a leader at the public-private coalition Health Sector Coordinating Council and vice president of public policy at the College of Healthcare Information Management Executive, a professional association of healthcare CISOs and CIOs. "The AI cyberthreats make this even more urgent," Savickis said.
    💬 Team Notes
    Article Info
    Source
    Data Breach Today
    Category
    ◇ Industry News & Leadership
    Published
    Jun 06, 2026
    Archived
    Jun 06, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗