Health-ISAC Warns of Patient Safety Risks From Unsupervised AI Agents
Agentic AI systems in healthcare pose amplified cybersecurity and patient safety risks when deployed without strong governance controls, according to a new report from the Health Information Sharing and Analysis Center.
The report, published Tuesday and developed with Living Security, identifies three core problems: over-permissioned accounts, weak governance structures, and credential misuse - all intensified when organizations delegate decisions to AI agents.
Errol Weiss, chief security officer of Health-ISAC, said the dangers extend beyond data breaches. "A rogue AI agent can interrupt the normal flow of medical care," he said. "Disruptions to communications can slow care and increase errors."
How AI Agents Fail
AI agents remain unpredictable despite their growing capabilities. Earlier this year, a startup discovered this firsthand when an AI agent deleted three months of production data in nine seconds - despite explicit instructions never to guess about the consequences of its actions.
Healthcare organizations often adopt AI Agents & Automation informally at first, without formal approval or oversight. By the time leadership recognizes the risk, the systems are already embedded in clinical workflows.
"When AI agents are implemented without strong identity and policy controls, attackers only need one foothold to misuse delegated privileges," Weiss said.
Governance Framework Required
Health-ISAC recommends treating AI agents as "digital workers" with defined ownership, monitoring, logging, and approved use cases. Organizations should monitor agent activity the same way they track human access privileges.
Traditional security awareness training falls short. Instead, organizations need continuous risk management that covers both human behavior and AI-agent behavior as part of the enterprise attack surface.
Risk-based interventions should replace compliance-focused training. CISOs should monitor workforce risk continuously and intervene based on observed risky behaviors, not completion metrics.
Responsibility Extends Beyond IT
Addressing these risks requires involvement from clinical and operational leadership, not just security teams. Executives should treat cybersecurity as a patient safety issue tied to care continuity and downtime planning.
HR, compliance, legal, and privacy departments need to reinforce ownership of AI systems - not just enforce rules. Employees should be accountable for the behavior of the AI systems they deploy.
Chief information officers and IT managers should build guardrails into tools and workflows before deployment. "If healthcare adds agentic automation without matching governance and visibility, it can unintentionally make attacks faster, broader and more damaging," Weiss said.
For more context on AI for Healthcare, see Health-ISAC's full guidance on agentic AI risk management.
Your membership also unlocks:
