Healthcare organizations see AI security risks but lack recovery plans
Three-quarters of healthcare IT and security leaders anticipate AI-driven attacks on their identity systems, yet only 27% believe they could fully regain control if an AI agent exposed administrator credentials. The gap between perceived risk and actual preparedness signals a critical vulnerability across the sector.
Semperis surveyed 1,100 IT and security professionals across multiple industries to assess how AI integration affects identity security. Healthcare was not alone in this disconnect - banking, education, government, and telecom leaders reported similar misalignments between risk awareness and recovery confidence.
Non-human identities are multiplying faster than controls
Every AI agent, service principal, and automated helper carries its own non-human identity (NHI). These identities often receive excessive permissions to complete tasks efficiently, creating unintended security holes.
AI support agents sometimes reconfigure security settings or grant access without oversight, potentially locking teams out of critical systems or breaching corporate VPNs. If a threat actor compromises an NHI, they gain access to password managers, browser sessions, encryption keys, and Secure Shell credentials.
Healthcare organizations are deploying these agents despite the risks. About 29% currently use AI agents for security-related help desk work, and 60% plan to implement them within the next year. One-third of the average healthcare workforce has AI installed on local machines, the survey found.
Identity governance becomes urgent priority
Most healthcare organizations (66%) do register, authenticate, and authorize AI identities within their systems. Nearly half manage these separately from human identities.
Yet 90% of healthcare respondents ranked AI identity governance as a top priority - reflecting the gap between current practice and actual confidence in recovery procedures.
Best practices for managing these risks include enforcing least-privilege access for agents, separating agent and human trust boundaries, and designing backup and recovery systems with the assumption that AI agents will eventually be compromised.
For healthcare IT professionals managing these deployments, understanding AI for Healthcare implementations and AI for Cybersecurity Analysts becomes essential to closing this security gap.
Your membership also unlocks:
