TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security OWASP GenAI Security Project Gets Update, New Tools Matrix OWASP GenAI Security Project Gets Update, New Tools Matrix by Robert Lemos Apr 6, 2026 4 Min Read Remote Workforce Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication by Alexander Culafi Apr 3, 2026 4 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cyber Risk Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Shadow AI in Healthcare is Here to Stay Medical professionals are not going to stop using AI tools to manage growing workloads. Organizations should prioritize bolstering security protocols to limit their blast radius. Arielle Waldman , Features Writer , Dark Reading April 6, 2026 4 Min Read Source: imageBROKER.com via Alamy The healthcare industry must get ahead of pervasive shadow AI risks that only exacerbate recovery challenges when ransomware and other disruptive cyberattacks inevitably hit. Physicians, doctors, and clinicians use unsanctioned artificial intelligence (AI) tools and chatbots to boost efficiency in a job where shaving a second off could mean saving someone's life. But security teams can't monitor for potentially damaging threats if they don't know the tools are running in the environment, hence the term shadow AI . When healthcare professionals use personal devices, unvetted tools, or public large language models (LLMs) they risk introducing new vulnerabilities and expanding attack surfaces. Those threats could lead to data leaks, breaches, and highly sensitive protected health information entering unmanaged environments. Shadow AI is one risk that Joe Izzo, chief medical information officer for San Joaquin General Hospital, wants to get ahead of, he said during RSAC 2026 Conference last month. Healthcare professionals adopt AI tools to help with dosing, information retrieval, medical searches, and clinical summaries, said Izzo, noting that he's also observed the use of billing cycle assistant tools. Related: Manufacturing & Healthcare Share Struggles with Passwords Many of them are not dangerous or necessarily bad, added Izzo. But their unvetted uses, lurking in the shadows, pose heightened security challenges. Raising awareness and using AI securely will help when hospitals are in the throes of ransomware recovery and dealing with enough chaos as it is, he noted. Shadow AI constitutes a two-fold problem, says Aviatrix CEO Doug Merritt. It doesn't just create a visibility gap; it also creates workloads with unlimited blast radiuses because of the significant privileges these tools require, particularly AI agents. AI infrastructure isn't strong enough in some places currently, but shadow AI compounds the problem, Merritt tells Dark Reading. And environments for healthcare "hold the most sensitive data in any industry," he says. “Use AI, Use AI” Shadow AI activity is ramping up as burnt-out healthcare professionals, working under growing pressures, look to ease burdens. As in other industries, executives are also pushing employees to use AI to boost productivity. However, some professionals adopt the tools without notifying security teams, muddying asset visibility. That hinders ransomware recovery by expanding attack surfaces, slowing investigation times, and introducing unrecoverable data with no backups. "People are bringing in AI, what I'm worried about is cybersecurity posture," says Meritt. "With my own employees too. I'm badgering them, 'Use AI, use AI. (But) if you want to bring your own tools, register them in our domain set.'" Related: Cyberattacks Intensify Pressure on Latin American Governments Merritt doesn't blame them. During conversations with friends in the healthcare industry, he learned they're using tools to offset administration burdens, for quick clinical documentation, and other tasks that "drive them up the wall." Their backs are against the wall and patient care remains the number one priority. "Try telling those folks you can't use the tool that saves these guys 30 minutes to an hour per shift so they can spend more time with patients," Meritt says. “Doesn't make any sense at all.” Caving to AI Temptation A shadow AI healthcare report by global infotech company Wolters Kluwer found that "41% of respondents were aware of colleagues using unauthorized AI tools." Almost 50% of respondents said they used them for a faster workflow, and one in three attributed a "lack of approved tools or the approved tools lacking desired functionality" as to why they turned to shadow AI. Temptation is rising as vendors now market directly to physicians during conferences, revealed Izzo. Concerns arise because vendors will tell them they can use their tools, but they must sign an agreement with them specifically, bypassing hospital policies or governance . Related: Google's Vertex AI Is Over-Privileged. That's a Problem "Surprise, those agreements typically put all the onus entirely on physicians, but it is very tempting," Izzo said. "Especially because typically physicians and nurses and clinical staff aren't doing this to be evasive. They want to be more efficient." Instead, it's important to discuss workloads with clinicians to see where "we can make them better," he recommended. Ditch the Denial Experts agree that people are not going to stop using shadow AI. "Bring Your Own Device is increasingly pervasive and has allowed this to happen somewhat seamlessly," warns Jeremy Banon, CEO and founder of The Cyber Health Company. Strategies should focus on improving awareness and security instead. Denial is longer a viable state, Banon tells Dark Reading. "It's important for companies to not bury their heads in the sand," Banon says. Leadership should create an enterprise AI plan and recruit a vendor that can deploy proper security and privacy controls for the organization’s use cases. Additionally, patients should have an opt-in whenever a tool is introduced, he said. Asking how organizations can stop employees from using unapproved tools is a "losing question," emphasizes Merritt. The tools are too productive and easy to access to stop. "The business pressure, like I'm putting on my employees, is way too intense," he adds. Rather than prohibit use, companies should worry about containment and ensure they have an effective discovery of shadow AI, recommends Merritt. Organizations should assume these tools are running in their environments and prioritize limiting the blast radius. "How do you bubble wrap AI workloads so they're allowed to be there, but you see exactly who they're communicating with and what's going out?" Merritt says. "A workload zero-trust policy stance is way easier." About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. See more from Arielle Waldman Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 Access More Research Webinars From Alerts to Outcomes: How Enterprise SOCs Measure What Matters Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need More Webinars Edge Picks Application Security AI Agents in Browsers Light on Cybersecurity, Bypass Controls AI Agents in Browsers Light on Cybersecurity, Bypass Controls Cyber Risk Browser Extensions Pose Heightened, but Ma