How AI Governance Protects Patient Care and Sensitive Data
Data Breach TodayArchived Jun 10, 2026✓ Full text saved
Healthcare organizations face mounting pressure to govern AI without slowing innovation. Krista Arndt of St. Luke's University Health Network explains how agile governance, technical controls and collaboration can reduce data loss risks, protect patient care and strengthen AI security programs.
Full text archived locally
✦ AI Summary· Claude Sonnet
Agentic AI , Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development
How AI Governance Protects Patient Care and Sensitive Data
Krista Arndt of St. Luke's University Health on Agile Controls for Healthcare AI
Marianne Kolbasuk McGee (HealthInfoSec) • June 10, 2026 9 Minutes
Share Post Share
Credit Eligible
Get Permission
Audio Player
00:00
00:00
Use Up/Down Arrow keys to increase or decrease volume.
Krista Arndt, associate CISO, St. Luke's University Health Network
Healthcare leaders face growing challenges as artificial intelligence quickly expands across clinical and operational environments, making governance a strategic priority. Providers must balance this AI innovation with strong safeguards that protect sensitive patient data and safety, said Krista Arndt, associate CISO at St. Luke's University Health Network.
AI governance in healthcare is both an administrative and technical responsibility, said Arndt, in an interview conducted at the recent HealthSec conference in Boston. While policies establish what organizations should and should not do, technical governance focuses on security controls, data protection and visibility into AI activity.
Healthcare providers must invest carefully in technologies that address real risks while preserving resources for patient care. Data exfiltration, patient data loss and disruption of clinical services remain among the most significant concerns, she said.
"One of the biggest risks of AI ... is going to be the data exfiltration and data loss, and so we will harp on this, no matter what we are facing in security," she said.
"Patient data is evergreen, and so you can't treat patient data like you treat an account number in finance, where you can reissue the account number," Arndt said. "The patient has to live with your security decisions for the rest of their life."
In this audio interview with ISMG (see link below photo), Arndt also discussed:
Building agile AI governance programs that adapt to rapid technology changes;
Using AI control planes, identity management and data loss prevention controls;
How St. Luke's University Health strengthened the security of its 85,000 biomedical devices, including robotic surgical equipment, through a recent collaborative microsegmentation initiative.
Arndt manages security at St. Luke's University Health Network, a nonprofit organization providing healthcare services at 16 campuses and about 350 sites in Pennsylvania and New Jersey. She has 15 years of experience across high-pressure and highly regulated industries, including healthcare, finance, crypto and the U.S. Department of Defense. Arndt is also a member of Health Sector Coordinating Council, the Health Information Sharing and Analysis Center and ISACA. She also serves as healthcare sector chief for the InfraGard Philadelphia Chapter.