Shadow AI emerges as one of healthcare’s biggest security risks

On any given day inside a hospital, artificial intelligence is hard at work summarizing charts, prioritizing inbox messages, drafting patient communications, and accelerating clinical workflows. Nearly 80 percent of U.S. hospitals now use AI in some form, often through tools that have been formally evaluated, secured, and approved by IT leadership.

Even with access to properly vetted tools, many clinicians and analysts are turning to an ecosystem of unsanctioned and public AI tools—known as shadow AI—to help keep pace with mounting workloads.

A 2025 survey by symplr found that 86 percent of IT executives reported instances of shadow IT in their health systems, up from 81 percent just a year earlier. More troubling, recent data suggests that 58 percent of front-line healthcare staff have used generic AI tools like ChatGPT, Copilot, or Gemini for work-related tasks in the last month, with nearly four in ten using them weekly or more.

Shadow AI isn’t seen on network diagrams or vendor roadmaps, but it is increasingly shaping how patient data is handled, how decisions are supported, and how risk quietly accumulates inside healthcare organizations.

Security implications of shadow AI

IBM’s Cost of a Data Breach Report 2025 found that 20 percent of surveyed organizations across all sectors suffered a breach due to security incidents involving shadow AI, 7 percentage points higher than incidents involving sanctioned AI. Organizations with high levels of shadow AI reported breach costs contributing an additional $200,000 to the global average.

The average cost of a healthcare data breach now stands at $7.42 million, with Shadow AI displacing the security skills shortage as one of the top three costliest breach factors, according to IBM’s research.

When employees deploy open-source large language models within enterprise cloud environments, use AI code assistants without oversight, or upload confidential patient data to public generative AI platforms, they are bypassing security controls entirely. No alarms sound, no firewalls are tripped, and security teams remain blind to the risk until it’s too late.

Netskope’s 2025 report of healthcare data security found that regulated data dominates most policy breaches. More than four out of five violations involved protected health information, with the rest linked to intellectual property, source code, or other internal corporate data. Netskope also found that 13 percent of healthcare organizations reported malware being downloaded through trusted cloud applications, highlighting how unsanctioned tools can introduce not only data risks but active security threats.

Regulatory implications bring concern

Most public AI tools, including ChatGPT and Google’s Gemini, do not sign Business Associate Agreements or meet HIPAA compliance standards. Using them with PHI constitutes a potential violation, yet it’s happening routinely.

A recent survey published by Wolters Kluwer Health found that 17 percent of shadow AI adopters acknowledge they “sometimes or often include identifiable patient data” in these tools. Another 27 percent admitted PHI “might slip” into their prompts. Common shadow AI tasks include developing patient letters and portal messages, drafting internal correspondence, generating patient education content, and synthesizing clinical information or inbox messages, all activities that frequently involve PHI.

HHS’s Office for Civil Rights proposed the first major update to the HIPAA Security Rule in 20 years in January 2025, citing the rise in ransomware and the need for stronger cybersecurity. These changes eliminate the distinction between required and addressable safeguards, mandate encryption for all ePHI in storage and transit, and require continuous monitoring. Yet 67 percent of healthcare organizations admit they are not ready for these stricter standards.

Shadow AI can also trigger violations of state-level AI regulations. California’s AB 489, effective January 2026, prohibits AI systems from using terms or design elements that imply the AI possesses a healthcare license. Texas’s TRAIGA law imposes civil penalties ranging from $10,000 to $200,000 per violation for non-compliance with AI transparency requirements. Without centralized oversight, organizations cannot ensure shadow AI tools comply with these evolving regulatory frameworks.

The impact on patient outcomes

The ECRI Institute ranked AI second on its 2025 list of top threats facing patients, behind only the dismissal of patient and family concerns. The organization’s president, Dr. Marcus Schabacker, emphasized that larger healthcare providers “don’t have a good governance structure to oversee the utilization of AI,” creating conditions where “these new tools can be abused or used in the wrong context.”

AI systems can generate “hallucinations,” confident but incorrect outputs that, in healthcare settings, can translate directly into misdiagnoses or inappropriate care suggestions. A widely-used sepsis prediction model in U.S. hospitals was found to overestimate the risk of sepsis, leading to unnecessary interventions, increased healthcare costs, and patient distress. In another case, a 2024 breach affecting 483,000 patients across six hospitals originated with an agentic AI workflow vendor, leaving sensitive patient information available for weeks without authorization controls.

When clinicians use unsanctioned AI tools for clinical decision support, they bypass validation processes designed to ensure accuracy and reliability. A recent survey found that approximately 25 percent of providers and administrators ranked patient safety as their top concern surrounding AI in healthcare. One physician noted that while humans are supposed to remain “in the loop,” these tools can misfire in ways that “may not be adequately intercepted at the point of care.”

The algorithmic bias problem

Studies have documented that AI-driven triage algorithms underestimate the severity of Black patients’ conditions compared to white counterparts, often based on false assumptions about biological differences that can lead to delayed treatment or misdiagnosis.

When organizations deploy AI through official channels, they can implement bias audits, performance testing across populations, and involve diverse stakeholders in validation. Shadow AI circumvents these safeguards entirely. IBM’s 2025 report found that 97 percent of organizations that experienced an AI-related security incident lacked proper AI access controls, while 63 percent had no AI governance policies to manage usage or prevent shadow AI proliferation.

Research shows that only 44 percent of hospitals examine their predictive models for bias, and these hospitals tend to be better-funded institutions. When employees deploy shadow AI tools trained on datasets that don’t represent the populations they serve, they risk exacerbating existing disparities and causing direct harm to equity-deserving groups.

Undermining control over patient information

Even when clinical details are de-identified before being entered into public AI tools, healthcare information is rarely truly anonymous. A study in Nature Communications demonstrated that large “de-identified” datasets can be matched to individuals with surprising accuracy when cross-referenced with other public information.

Public AI models compound this risk. Tools like ChatGPT process inputs through cloud-based systems that may store or cache data temporarily, with no guarantee where that information goes, how long it’s stored, or whether it may be used to train commercial models. Once patient data leaves a secure network and crosses into these platforms, healthcare organizations lose all visibility and control.

Fortified Health Security’s 2025 report noted that “the adoption of AI tools is happening faster than healthcare organizations can write policies.” Meanwhile, only 4 percent of healthcare organizations expressed high confidence in the adequacy of their vendor risk assessments, with nearly 30 percent lacking confidence entirely.

Prohibition will never be an answer

The Fortified report argued that instead of blocking technology, organizations should “establish visibility frameworks that identify when and where employees are using AI tools, detect large or unusual data uploads, and educate staff on safe prompting techniques that minimize exposure.”

For CIOs, that means treating AI governance as a core business initiative rather than an IT checkbox. It requires deploying tools that detect unauthorized applications and data flows, particularly those involving sensitive patient information, and setting clear policies about what data can never be entered into public tools.

At organizations with mature AI governance, front-line workers are 30 percent less likely to use shadow AI at least once a week, suggesting that sanctioned alternatives combined with education can meaningfully reduce unauthorized usage.

As one security leader put it, healthcare organizations must address AI governance now because “the data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it.”