HSCC cybersecurity releases AI cyber governance framework for healthcare

The Health Sector Coordinating Council's Cybersecurity Working Group has released a guide to help healthcare organizations build cyber governance frameworks for secure AI implementation.

What happened

The Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), a coalition of nearly 500 healthcare providers, pharmaceutical and medtech companies, payers, and health IT entities published the Health Industry AI Cyber Governance Framework Implementation Guide in May 2026. The guide targets AI-specific cyber risks including data poisoning, model drift, and adversarial attacks, and covers the full spectrum of AI technologies deployed in healthcare such as traditional machine learning, generative AI, and agentic AI systems capable of autonomous action. It provides tools for organizing roles and responsibilities, managing AI inventory, drafting vendor contract language, and executing AI-specific incident response. The guide also addresses AI supply chain and concentration risk, operational resilience for AI-dependent clinical workflows, non-human identity management, patient transparency obligations, and liability and insurance considerations.

Going deeper

The guide lays out governance requirements across AI technology categories, each carrying different risks:

• Traditional machine learning models require drift detection, clinical validation, and structured post-market surveillance to catch performance degradation over time.
• Generative AI and large language models introduce risks like hallucination, prompt injection, training data memorization, and PHI leakage. Risks that are different from traditional ML and require dedicated controls such as input sanitization, output validation, and grounding via retrieval-augmented generation.
• Agentic AI systems, those that can autonomously plan, invoke tools, and take real-world actions and carry the largest potential blast radius of any AI failure type. The guide establishes six governance principles for agentic AI which include least-privilege action scope, human authorization gates for consequential actions, full action logging, containment and kill-switch capability, multi-agent governance, and a prohibition on self-modification.

The guide also establishes a five-level AI autonomy framework, ranging from Level 1 (assisted intelligence, full human control) to Level 5 (full autonomy, currently theoretical in clinical care), to help organizations classify systems and calibrate oversight accordingly.

What was said

John Riggi, AHA national advisor for cybersecurity and risk, said, "This comprehensive guide is a must-read for all healthcare organizations, vendors and suppliers as the development and implementation of various forms of AI into healthcare settings has become widespread at tremendous speed and scale. The secure-by-design and implementation recommendations offered in this guide will help mitigate unintended cybersecurity risk and consequences of AI use in healthcare and help prevent adversarial exploitation of AI-related technical flaws. Mitigating AI cybersecurity risk is part of cyber safety, and cyber safety is patient safety."

The guide's co-leads, in a foreword, noted that AI systems in healthcare "often rely on opaque models, shared datasets, and third-party application programming interfaces (APIs), creating vulnerabilities where attackers can exploit behaviors or cause failures that impact care."

In the know

Agentic AI refers to AI systems that can reason about goals, formulate plans, invoke external tools or APIs, chain multiple actions, and interact with other systems with limited human oversight between steps. Unlike a traditional AI model that produces a recommendation a clinician can accept or ignore, an agentic system takes actions such as querying electronic health records, placing orders, sending patient communications, or modifying clinical data. This means that a compromised or malfunctioning agentic system can cause harm across multiple workflows before any human realizes a problem exists.

Why it matters

What makes this guide necessary is its recognition that AI governance in healthcare cannot be delegated to vendors. Just as a HIPAA-covered entity cannot outsource its compliance obligations to a business associate, the guide makes clear that governance obligations travel with the data and the decisions. Healthcare organizations need to obtain AI tools with contractual protections, monitoring infrastructure, and incident response plans needed to govern them responsibly.

The guide also addresses the concentration risk. When multiple clinical AI applications depend on the same foundation model or cloud inference provider, a single compromise or outage creates failure across all systems.

The bottom line

Healthcare organizations that have deployed AI without a formal governance framework are carrying unquantified risk across their clinical and operational workflows. This guide gives organizations of all sizes a structure to inventory what they have, assess what it risks, and build the oversight mechanisms that responsible AI deployment requires.

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

Does this guide apply to small or rural hospitals, or just large health systems?

The guide is designed to scale across all healthcare organizations.

Is following this guide legally required?

No, the guide is voluntary, though it is designed to align with enforceable regulations like HIPAA, FDA requirements, and state privacy laws.

What happens if a healthcare organization is already using AI without any governance framework in place?

The guide recommends starting with an AI inventory to identify all deployed systems before building governance structures around what already exists.

Does this guidance cover AI tools that staff use personally on their own devices?

Yes, the guide addresses "shadow AI," including staff use of external AI tools on personal devices.