AI adoption in healthcare will spark innovation and cyber risk in 2026

AI has been a buzzword for years, with discussions of its promises and perils coming up in conversations across every industry. In 2026, experts predict that AI will continue to expand its foothold in healthcare, enabling workflow efficiencies and even cyberattack defense.  

"AI is set to explode this year, and I don't say that to be dramatic. I say it because we are already seeing it," Shannon Germain Farraher, a senior analyst at Forrester, said in an interview.  

Exciting AI capabilities are driving innovation in both clinical and operational realms. However, increased AI adoption will also underscore persistent cybersecurity, privacy and governance gaps in healthcare, exacerbating existing challenges and creating new ones. 

"The introduction or proliferation of AI is shining an even brighter light on areas that already needed to have focus and attention," Nana Ahwoi, EY Americas consumer and health cybersecurity industry leader, shared in an interview.  

"It's like you've taken an already challenging scenario and potentially made it that much more challenging." 

As we enter 2026, industry experts agree on one thing: AI is here to stay, and it will drive both innovation and risk. 

AI adoption will bring positive change 

AI has long been associated with innovation, and analysts predict that healthcare will continue to reap the benefits of AI in 2026 with expanded use cases. 

For example, in Forrester's 2026 predictions report, researchers posited that at least one large health system will deploy a patient-facing AI agent to analyze medical records this year.  

"As AI use cases expand, a major health system will boldly deploy agents to deliver personalized EHR analyses," the report stated. "With plain language search and summaries, this system will transform EHR data into actionable insights -- empowering patients to take more informed roles in their care." 

Additionally, AI will be used to strengthen cybersecurity programs and detect threats efficiently, Skip Sorrels, field CTO and CISO at Claroty, noted in an interview. 

"AI is going to create a shift-left outcome that I think will be very positive," Sorrels said. "The ability for AI to interpret alerts versus humans that are having to look at them from a past and historical perspective, frees them up to really focus on the things that should be viewed or deemed as true alerts, true things to defend against, to react to." 

AI also shows significant promise for improving care delivery, through AI-based digital outreach, clinical decision support and the use of AI scribes.  

AI will amplify cybersecurity, privacy gaps

In tandem with its benefits, experts also predict that the growing use of AI in healthcare will exacerbate the sector's ongoing cybersecurity and privacy challenges, as it simultaneously grapples with budget and resource constraints. 

"The truth is that healthcare organizations today are struggling, and they know it. There's a ton of pressure for them to keep pace with innovation. There is tons of competition among providers, among health insurers. There's demand from patients, members and investors," Farraher said.  

"And so, healthcare organizations have to keep pace of innovation, but it's really hard for them to navigate with all of these items converging."  

Farraher pointed out that third-party risk management (TPRM) is one area in which AI could amplify existing challenges. Just 44% of healthcare risk management decision-makers surveyed by Forrester said that their TPRM process is mature.  

As healthcare organizations increasingly bring new vendors on board to implement AI tools, third-party risk is expanding. 

"So much of that has gone unchecked for a long time, but now that artificial intelligence is really coming to the forefront, you need it to be competitive. You need it to improve outcomes," Farraher said. "I don't believe that healthcare organizations are up to par yet and have a solid understanding of what they need to do to keep their organizations safe." 

Jackie Mattingly, senior director of consulting services for small and medium hospitals at Clearwater, echoed this sentiment. 

"AI showed up kind of quietly through all these different vendors and suddenly these hospitals don't understand where it's at and how their data's flowing through these AI tools," Mattingly said.  

Small and medium-sized hospitals are just as eager to embrace AI as larger health systems, Mattingly said. However, smaller teams are stretched thin, and some do not have the bandwidth to conduct thorough vendor risk assessments. 

In addition to TPRM concerns, the use of AI in healthcare can present privacy risks, depending on its application. 

"If we're leveraging AI in healthcare, how do we know whether a patient has true informed consent?" Sorrels noted. 

Privacy experts will have to consider the risk of protected health information exposure that could come with the use of a new AI tool, Sorrels suggested. It will be crucial to use AI in a way that preserves confidentiality and patient trust. 

As healthcare organizations continue to implement AI-driven tools, they must address the same cybersecurity and privacy concerns that have affected the industry for years.  

AI governance gaps will persist

Proper governance will be crucial for success, but healthcare organizations could run into oversight and governance challenges in 2026. 

"I think that healthcare as an industry is actually doing phenomenal when it comes to innovation," Farraher said. "How folks are going about implementing and executing that innovation is where the problem lies." 

Farraher pointed to the lack of a solid industry standard for security governance and deficient due diligence processes as factors that exacerbate risk. 

Awohi also highlighted the importance of governance and oversight. As healthcare organizations rapidly expand their non-human identity ecosystems with the use of AI, governance gaps are becoming more pronounced. What's more, the risk of shadow AI remains prevalent. 

"Health systems or healthcare companies are going to need to prioritize establishing some governance around shadow AI and having some mechanism that can say whether you've got some unmanaged usage in your environment," Ahwoi said. 

AI will reshape cyberattacks, defense 

As healthcare organizations continue to use AI to enhance cybersecurity defense, cyberthreat actors are using it to increase attack volume and efficiency. 

"The same way that health systems and other orgs are tapping into the power of AI to get better at their craft and think of creative ways of doing things and setting up agents, et cetera, hackers are also leveraging those exact same platforms, thinking about how to evade well-established malware detection capabilities, or write better [phishing] emails," Awohi noted. 

AI has already enabled hackers to craft sophisticated phishing emails, and they will likely continue to find ways to leverage AI to enhance their attacks. 

"That's going to continue to accelerate," Sorrels predicted. "And the opposite side of it, it becomes necessary to understand your enemy and use the art of war, if you will, to prepare and better defend. And the use of AI is a force multiplier that will enable that." 

In 2026, AI will undoubtedly continue to change the way healthcare organizations operate. With thoughtful implementation and consideration of risks, it can be a force for good. 

Jill Hughes has covered healthcare cybersecurity and privacy news since 2021.