Lack of AI governance poses threat to data security, new HIMSS research shows

Read Article: Healthcare IT News

Article Summary: The lack of AI governance in healthcare organizations poses a significant data security risk. Without proper oversight and controls, AI systems used for patient care and administrative tasks could lead to data breaches, misuse of sensitive information, and regulatory non-compliance. This oversight gap can also increase operational vulnerabilities and threaten the integrity of electronic health records (EHRs) and other critical healthcare data.

The Risks:

1. Inadequate AI Governance: The absence of effective AI governance increases the risk of data breaches, cyberattacks, and AI-driven phishing attacks, exacerbated by inadequate monitoring, lack of approval processes, and insufficient policies to regulate AI usage in healthcare. (Area: Information Technology) (Category: IT Practices)

2. Inadequate Cybersecurity Capabilities: Despite increasing cybersecurity budgets, many healthcare organizations still lack effective governance and face staffing challenges, leaving the workforce vulnerable to emerging threats like AI-driven risks, ransomware, and insider threats. (Area: Information Technology) (Category: IT Practices)

3. Third-Party and Vendor Security Posture: The lack of robust third-party risk management for vendors handling sensitive data increases the risk of security breaches that could compromise patient data or disrupt healthcare services, extending vulnerabilities to contractors and external vendors. (Area: Information Technology) (Category: IT Vendors)