The Control Problem in Clinical AI
Agentic artificial intelligence systems, which can independently plan and execute actions, are gaining traction in healthcare settings for tasks such as patient scheduling, clinical decision support, and supply chain management. Unlike traditional AI that only generates text or analysis, agentic AI takes action across connected systems, creating a new risk profile for hospital networks. The core vulnerability is not about whether the AI can be trusted to give correct answers, but about who or what maintains control over the actions it takes once it has permission to execute tasks.
For a hospital CISO, this means that an AI agent authorized to update patient records, order lab tests, or interact with EHR systems could potentially perform those actions faster than any human attacker, with no oversight per action. If the agent is compromised or its logic is flawed, it could delete patient data, alter medication orders, or exfiltrate protected health information before any security alert is triggered.
Implications for Hospital Security Teams
Healthcare organizations are particularly exposed because their environments are highly interconnected. An agentic AI deployed for billing optimization might also have access to clinical databases, scheduling systems, and email platforms. Without granular control over what the agent can do, when it can act, and with what authority, a single compromised agent could cascade across departments. The traditional focus on verifying that AI outputs are truthful is insufficient when the AI can directly write to a database or send communications to patients.
Security leaders should push for architectural controls that isolate agentic AI from critical clinical systems unless absolutely necessary. This includes enforcing just in time permissions, requiring human approval for high impact actions such as modifying a patient’s medication list, and maintaining immutable audit logs of every action taken by an agent. The question for healthcare is not whether to adopt agentic AI, but how to embed control mechanisms that protect patient safety and data integrity from the outset.
Source: Healthcareinfosecurity
