The AI Tool Your Hospital Doesn’t Know About
Right now, somewhere in a hospital, a physician is pasting a patient’s history into ChatGPT to get a faster differential diagnosis. A nurse is using an AI writing tool to draft discharge notes. A billing administrator is uploading a spreadsheet of patient records into an unapproved AI platform to speed up claims processing.
None of them think they are doing anything wrong. And that is exactly what makes Shadow AI in healthcare so dangerous.
Shadow AI—the use of artificial intelligence tools without the knowledge, approval, or oversight of an organization’s IT or compliance teams—has quietly become one of the most urgent threats in healthcare today. It is not driven by malice. It is driven by exhaustion, staffing shortages, documentation burdens, and the undeniable productivity gains these tools offer. But in healthcare, where the data is the most sensitive on earth and the regulatory consequences are severe, the cost of getting it wrong is enormous.
What Is Shadow AI in Healthcare?
In a healthcare setting, Shadow AI typically looks like this:
- A physician copying a patient’s clinical history into ChatGPT or Gemini to generate SOAP notes or differential diagnoses
- A therapist using a general-purpose AI to draft session notes or treatment plans
- A nurse using a consumer AI chatbot to look up drug interaction information
- A billing team member uploading patient data into an unapproved AI tool to process claims faster
- A hospital administrator using a personal AI subscription to summarize internal strategy documents
What these all have in common: Protected Health Information (PHI) is leaving the organization’s controlled environment and entering a third-party AI system with no Business Associate Agreement (BAA), no access controls, and no compliance logging.
The Numbers: Shadow AI in Healthcare Is a Crisis
- Healthcare was ranked the costliest industry for data breaches for the 14th consecutive year, with the average healthcare breach totaling over $7.4 million—and taking the longest of any industry to identify and contain (IBM Cost of a Data Breach, 2025)
- 20% of organizations across all sectors suffered a breach due to Shadow AI—7 percentage points higher than breaches involving sanctioned AI (IBM, 2025)
- 97% of organizations that experienced an AI-related security incident lacked proper AI access controls (IBM, 2025)
- 63% of organizations surveyed had no AI governance policy at all (IBM, 2025)
- 86% of healthcare IT executives reported instances of Shadow IT in their health systems in 2025, up from 81% in 2024 (symplr, 2025)
- Organizations with high levels of Shadow AI experience average breach costs of $4.63 million—$670,000 more than those with low or no Shadow AI (IBM, 2025)
- The highest insider risk costs across all industries were in healthcare and pharmaceutical, averaging $28.8 million in annual losses per organization (DTEX/Ponemon Cost of Insider Risks, 2026)
- Shadow AI breaches averaged 247 days to detect—six days longer than standard data breaches (Vectra AI, 2026)
- 89% of policy violations detected in healthcare network telemetry involve regulated health data, including sensitive vitals (Netskope, 2026)
- Gartner predicts that by 2030, more than 40% of enterprises will experience a security or compliance incident linked to unauthorized Shadow AI
Real-World Incidents: When Shadow AI Goes Wrong
🏭 The Landmark Warning Shot: Samsung (2023)
While not a healthcare incident, the Samsung case became the defining template for understanding Shadow AI risk—and its lessons apply directly to hospitals.
In April 2023, Samsung Semiconductor engineers were given access to ChatGPT to help with productivity. Within less than 20 days, three separate data leak incidents occurred:
- An engineer pasted proprietary source code into ChatGPT to debug a problem
- A second engineer submitted confidential equipment test sequences for code optimization
- A third employee recorded an internal meeting, transcribed it, and fed the full transcript into ChatGPT to generate meeting minutes
In each case, the employee was simply trying to do their job better. None intended to expose data. But confidential intellectual property was sent to OpenAI’s servers with no NDAs, no data residency controls, and no ability to delete.
The healthcare parallel is direct and severe: Replace source code with a patient’s name, diagnosis, and treatment history. Replace proprietary test sequences with lab results and medication records. The same behavior—well-meaning, productivity-driven, completely unmonitored—produces a HIPAA violation instead of a trade secret leak. In healthcare, the regulatory consequences and reputational damage are even greater.
🏥 The Clinical Note Scenario: A HIPAA Violation in Seconds
Security researchers and healthcare compliance experts have documented a scenario that is now playing out routinely in hospitals: a clinician under documentation pressure pastes a clinical note into a public large language model to generate a discharge summary. The note contains the patient’s name, date of birth, diagnosis, and treatment details—all PHI under HIPAA. The LLM provider retains the prompt for service improvement and model training. HIPAA does not require an attacker for this to be a violation. The act of uploading is itself the regulatory exposure.
One nurse, speaking to Scientific American, described using AI tools for clinical documentation while acknowledging she wasn’t certain her organization had approved the practice—a reflection of how normalized this behavior has become.
🔍 The Cyberhaven Finding: A Doctor Enters Patient Data
A study by cybersecurity firm Cyberhaven, examining actual AI usage patterns among enterprise workers, found documented instances of a doctor entering a patient’s name and medical diagnosis into ChatGPT to generate clinical content—sending identifiable patient data to an external AI platform with no HIPAA protections in place.
📶 Netskope Telemetry: Hospitals Are Actively Connecting to OpenAI
Network telemetry from Netskope revealed that most healthcare organizations show connections to api.openai.com despite having policy blocks in place. This means employees are actively circumventing organizational restrictions to access AI tools. The traffic frequently includes patient identifiers, lab values, and streaming vitals—all of which qualify as PHI under HIPAA and are now residing in model logs beyond enterprise control.
🏥 San Joaquin General Hospital: RSAC 2026 Disclosure
At the RSAC 2026 Conference, Dr. Joe Izzo, Chief Medical Information Officer for San Joaquin General Hospital, publicly acknowledged that Shadow AI had become an active risk management concern at his institution. Healthcare professionals were adopting AI tools for dosing assistance, information retrieval, medical searches, clinical summaries, and billing-cycle support—many without formal vetting or approval. He emphasized that their unvetted use creates heightened security challenges that hospitals must get ahead of.
Why Healthcare Workers Turn to Shadow AI
- Documentation burden is crushing clinicians. Physicians now spend more time on documentation than on direct patient care. AI tools that can generate SOAP notes, discharge summaries, and referral letters in seconds are nearly impossible to resist when the alternative is hours of typing.
- Staffing shortages create desperation. With nursing shortages and physician burnout at record levels, any tool that saves time becomes essential. Governance compliance feels secondary to getting through a 12-hour shift.
- Approved tools are too slow to arrive. Healthcare IT procurement is notoriously slow. By the time a tool is formally evaluated, approved, and deployed, staff have already been using an alternative for months. The governance gap drives Shadow AI.
- Consumer AI is genuinely excellent. ChatGPT, Gemini, and similar tools are capable, fast, and often free. They outperform enterprise tools at many tasks. The quality gap makes the temptation real.
- 26% of healthcare workers use AI simply to experiment—curiosity and professional development drive adoption even beyond productivity needs (Healthcare Brew, 2026).
The Specific Risks in Healthcare
1. HIPAA Violations and Civil Penalties
Consumer AI tools do not have signed Business Associate Agreements with healthcare organizations, meaning any PHI entered into them constitutes a HIPAA violation. The consequences include:
- Civil penalties of up to $1.5 million per violation category per year
- HHS Office for Civil Rights investigations and audits
- Mandatory breach notification to patients and regulators
- Potential criminal liability for willful neglect
The critical point: intent is irrelevant under HIPAA. A well-meaning physician pasting patient notes into ChatGPT to save time creates exactly the same legal exposure as deliberate data theft.
2. Training Data Contamination
Many consumer AI platforms use user inputs to improve their models. While some providers offer opt-out options and enterprise tiers, the default consumer versions may incorporate inputs into future training data. This means patient information entered into an unauthorized tool could theoretically influence future AI outputs—creating the potential for PHI to appear in responses to other users.
3. AI Hallucinations in Clinical Decisions
General-purpose large language models generate plausible-sounding but factually incorrect medical information—a phenomenon known as “hallucination.” Healthcare-specific AI tools include clinical knowledge bases, validation layers, and accuracy safeguards. Consumer tools do not. A clinician acting on an AI-generated drug interaction or dosing recommendation from an unvetted tool faces patient safety consequences and potential malpractice liability.
4. Algorithmic Bias
AI systems trained on datasets that underrepresent certain populations—elderly patients, racial minorities, patients with rare conditions—produce less accurate recommendations for those groups. When a healthcare worker uses an unsanctioned tool with no transparency about its training data, they have no way to evaluate or compensate for this bias. Patient safety is directly at risk.
5. No Audit Trail
Shadow AI leaves no audit trail. There is no record of what the AI was asked, what it returned, or how that output influenced care decisions. In litigation, regulatory audits, or adverse event investigations, this absence of documentation is deeply problematic.
6. Agentic AI: The Next Wave of Risk
The Shadow AI threat is no longer limited to chatbots. AI agents can read local files, execute code, browse the web, and act autonomously. Healthcare workers installing these tools on their devices create a risk category that goes far beyond pasting text into a chat window. Traditional governance frameworks were designed for human-speed, human-initiated interactions and cannot keep pace with autonomous agent behavior.
What Healthcare Organizations Must Do
Step 1: Discover What Is Already Being Used
Most organizations don’t know the full extent of their Shadow AI exposure. Network monitoring, SaaS spend audits, and endpoint monitoring can surface unauthorized AI connections. Netskope telemetry consistently shows healthcare organizations connecting to AI platforms despite policy blocks—organizations need to verify their actual traffic, not assume their policies are working.
Step 2: Understand the Why Before Applying Restrictions
Blanket bans consistently fail. Research shows that nearly half of employees would continue using personal AI accounts even after an organizational ban—driving usage underground rather than eliminating it. The question to ask: Why are staff reaching for unauthorized tools? What approved tools are missing, inadequate, or too restricted to be useful?
Step 3: Provide Compliant, High-Quality Alternatives
The most effective intervention is providing approved AI tools that genuinely meet clinical needs. One healthcare system that provided approved AI tools saw an 89% reduction in unauthorized usage and 32 minutes of daily time savings per clinician—proving governance and productivity are not in conflict (Healthcare Brew Survey, 2026).
- Ambient AI scribes for real-time clinical documentation without typing
- HIPAA-compliant AI assistants with signed BAAs
- Clinical decision support AI with validated medical knowledge bases
- AI-powered coding and billing tools with EHR integration and compliance controls
Step 4: Build a Healthcare-Specific AI Governance Policy
A healthcare AI governance policy must address: which tools are approved and for which use cases; data categories (PHI, PII) permitted with which tools; BAA requirements for all AI vendors; incident response for AI-related data exposure; updated HIPAA risk assessments covering AI-specific scenarios; and clear consequences for unauthorized use.
Step 5: Train Staff—Honestly and Practically
Training must go beyond policy acknowledgment forms. Effective training includes real case studies of PHI breaches caused by Shadow AI, clear guidance on what is and is not permitted, information about what happens to data entered into consumer AI tools, and easy escalation paths for staff who want to request a new tool instead of using an unauthorized one.
Step 6: Monitor Continuously
Shadow AI is not a one-time problem. New AI tools launch every week. Employees change. Workflows evolve. Shadow AI governance must be an ongoing security posture element, not a one-time policy rollout. Export prompt logs and AI interaction data for audit and compliance purposes wherever approved tools permit.
The Governance Imperative: 2026 and Beyond
In 2025, Shadow AI surged across healthcare as staff sought relief from persistent burnout, staffing shortages, and documentation overload. In 2026, healthcare leaders face a clear choice: get ahead of AI governance now, or manage the consequences of not having done so.
The cost of inaction is quantifiable. Healthcare bears the highest insider risk costs of any industry—$28.8 million per organization annually. Breaches tied to Shadow AI cost $670,000 more than those without it. The regulatory environment is tightening, not loosening.
Healthcare organizations that channel AI adoption into governed, compliant frameworks—rather than trying to block it entirely—see dramatic reductions in unauthorized usage, measurable clinician productivity gains, and reduced burnout. The goal is not to fight AI. It is to make the safe path the obvious path.
The question is not whether Shadow AI is in your organization. It is whether you know about it yet.
Quick Reference: Shadow AI in Healthcare at a Glance
| Metric | Figure | Source |
|---|---|---|
| Average healthcare data breach cost | $7.4 million+ | IBM, 2025 |
| Breach cost premium when Shadow AI is involved | +$670,000 | IBM, 2025 |
| Healthcare/pharma insider risk cost per org (annual) | $28.8 million | DTEX/Ponemon, 2026 |
| Orgs with AI breach that lacked access controls | 97% | IBM, 2025 |
| Orgs without complete AI governance policy | 63% | IBM, 2025 |
| Days to detect a Shadow AI breach | 247 avg | Vectra AI, 2026 |
| Healthcare IT execs reporting Shadow IT incidents | 86% | symplr, 2025 |
| Reduction in unauthorized AI use with approved alternatives | 89% | Healthcare Brew Survey, 2026 |
| HIPAA max civil penalty per violation category per year | $1.5 million | HHS |
Sources: IBM Cost of a Data Breach 2025, DTEX/Ponemon Cost of Insider Risks 2026, Netskope Enterprise Health Data Telemetry, Cyberhaven AI Usage Research, Dark Reading RSAC 2026, symplr 2025 Survey, Healthcare Brew Survey 2026, Vectra AI Shadow AI Analysis, HHS Office for Civil Rights, Gartner AI Governance Forecast.
Frequently Asked Questions
What makes Shadow AI in healthcare different from other industries?
Healthcare involves Protected Health Information regulated under HIPAA, which carries civil penalties of up to $1.5 million per violation category per year. Unlike most industries, intent is irrelevant—accidentally uploading patient data to an unapproved AI tool creates the same legal exposure as deliberate theft. Healthcare also bears the highest average breach cost ($7.4 million) of any industry.
Does HIPAA require intent for a violation to occur?
No. The act of disclosing PHI to an unauthorized third party—such as a consumer AI tool without a signed Business Associate Agreement—is itself the violation, regardless of intent. A well-meaning clinician pasting patient notes into ChatGPT to save time creates the same legal exposure as deliberate unauthorized access.
What is the difference between approved clinical AI and Shadow AI?
Approved clinical AI tools have signed Business Associate Agreements, clinical validation and accuracy safeguards, audit trails, and access controls. Shadow AI tools have none of these protections—they are consumer or general-purpose tools with no HIPAA compliance obligations and no visibility for the healthcare organization.
Can our organization be liable for a HIPAA breach caused by an employee using an unapproved AI tool?
Yes. The covered entity bears primary HIPAA liability for PHI breaches regardless of whether they were caused by an external attacker or an internal employee using an unauthorized tool. Establishing an AI governance policy, providing compliant alternatives, and training staff can demonstrate due diligence, but organizational liability for the underlying breach remains.
What is the fastest first step to reduce Shadow AI risk in a healthcare setting?
Discovery—finding out what AI tools are already in use and for what purposes. Network monitoring and a simple staff survey are the most practical starting points. Once you understand which tools are in use and why, you can provide compliant alternatives for the highest-risk use cases and achieve the largest risk reduction most quickly.