AI has been a buzzword for years, and discussions about its promise and dangers are popping up in conversations across industries. In 2026, experts predict that AI will continue to expand its presence in the healthcare sector, helping to improve workflow efficiency and even defend against cyberattacks.
“AI is poised to explode this year, and I’m not saying that to be dramatic. I’m saying it because we’re already seeing it,” Shannon Germain Farraher, a senior analyst at Forrester, said in an interview.
Exciting AI capabilities are driving innovation in clinical and operational areas. However, the increased adoption of AI will also highlight the persistence of cybersecurity, confidentiality and privacy protection. governance gaps in healthcare, exacerbating existing challenges and creating new ones.
“The introduction or proliferation of AI further highlights areas that already needed attention,” Nana Ahwoi, EY Americas consumer and healthcare cybersecurity sector leader, said in an interview.
“It’s like you took an already difficult scenario and potentially made it even more difficult.”
As 2026 dawns, industry experts agree on one thing: AI is here to stay, and it will drive both innovation and risk.
Adoption of AI will bring positive change
AI has long been associated with innovation, and analysts predict that healthcare will continue to see the benefits of AI in 2026 with expanded use cases.
For example, in Forrester’s forecast for 2026 reportthe researchers posited that at least one large health system would deploy a patient-facing AI agent this year to analyze medical records.
“As AI use cases expand, a major health system will boldly deploy agents to provide personalized EHR analytics,” the report states. “Through search and plain language summaries, this system will transform EHR data into actionable insights, empowering patients to play a more informed role in their care.” »
Additionally, AI will be used to strengthen cybersecurity programs and effectively detect threats, noted Skip Sorrels, field CTO and CISO at Claroty, in an interview.
“AI is going to create a leftward outcome that I think will be very positive,” Sorrels said. “The ability of AI to interpret alerts versus humans having to look at them from a past and historical perspective, allows them to really focus on the things that should be considered or seen as real alerts, real things to defend against and respond to.”
AI will amplify cybersecurity and privacy gaps
Alongside its benefits, experts also predict that the growing use of AI in healthcare will exacerbate the industry’s current cybersecurity and privacy challenges as it simultaneously grapples with budget and resource constraints.
“The truth is that health care organizations today are in trouble, and they know it. There is enormous pressure for them to keep up with the pace of innovation. There is a lot of competition between providers, between health insurers. There is demand from patients, from members and from investors,” Farraher said.
“So healthcare organizations need to keep up with the pace of innovation, but it’s very difficult for them to navigate that with all these converging elements.”
Farraher emphasized that third-party risk management (TPRM) is an area where AI could amplify existing challenges. Only 44% of healthcare risk management decision makers surveyed by Forrester say their TPRM process is mature.
As healthcare organizations increasingly tap new vendors to implement AI tools, third-party risk increases.
“A lot of this has gone unchecked for a long time, but now that artificial intelligence is really coming to the forefront, you need it to be competitive. You need it to improve outcomes,” Farraher said. “I don’t believe healthcare organizations are yet up to the task and have a solid understanding of what they need to do to stay safe.”
Jackie Mattingly, senior director of consulting services for Clearwater Small and Medium Hospitals, echoed that sentiment.
“AI has been quietly popping up at all these different vendors and all of a sudden these hospitals don’t understand where it is and how their data is flowing through these AI tools,” Mattingly said.
Small and medium-sized hospitals are just as eager to adopt AI as large health systems, Mattingly said. However, small teams are overburdened and some lack the bandwidth to conduct in-depth vendor risk assessments.
In addition to TPRM concerns, the use of AI in healthcare may pose privacy risks, depending on its application.
“If we leverage AI in healthcare, how do we know if a patient has true informed consent?” Sorrels noted.
Privacy experts will need to consider the risk of exposure of protected health information that could arise from using a new AI tool, Sorrels suggested. It will be crucial to use AI in a way that maintains patient privacy and trust.
As healthcare organizations continue to implement AI-based tools, they must address the same cybersecurity and privacy concerns that have plagued the industry for years.
Gaps in AI governance will persist
Good governance will be crucial to success, but healthcare organizations may face oversight and governance challenges in 2026.
“I think health care as an industry is making phenomenal strides in innovation,” Farraher said. “How people implement and execute this innovation is where the problem lies.”
Farraher highlighted the lack of strong industry standards for security governance and poor due diligence processes as factors exacerbating risks.
Awohi also stressed the importance of governance and oversight. As healthcare organizations rapidly expand their non-human identity ecosystems through the use of AI, governance gaps become more pronounced. What’s more, the risk of ghost AI remains predominant.
“Health systems or healthcare companies will need to prioritize establishing some governance around shadow AI and having a mechanism in place to determine if you have unmanaged usage in your environment,” Awhoi said.
AI will reshape cyberattacks and defense
As healthcare organizations continue to use AI to strengthen their cybersecurity defense, cyberthreat actors are using it to increase the volume and effectiveness of attacks.
“In the same way that health systems and other organizations are leveraging the power of AI to improve their business and think of creative ways to do things and implement agents, et cetera, hackers are also leveraging exactly these same platforms, thinking about how to evade well-established malware detection capabilities, or write better (phishing) emails,” Awohi noted.
AI has already hackers activated to create sophisticated phishing emails, and they will likely continue to find ways to leverage AI to improve their attacks.
“It will continue to accelerate,” Sorrels predicts. “And on the other hand, it becomes necessary to understand your enemy and use the art of war, if you will, to prepare and better defend yourself. And the use of AI is a force multiplier that will enable this.”
In 2026, AI will undoubtedly continue to change the way healthcare organizations operate. With thoughtful implementation and consideration of risks, this can be a positive force.
Jill Hughes has been covering cybersecurity and healthcare privacy news since 2021.