The good and the bad of artificial intelligence in healthcare

Within the healthcare industry, artificial intelligence (AI) has emerged as both a promising defense and a risky threat of patient care. AI technologies have come a long way, transforming how healthcare organizations diagnose, treat, and monitor patients.

The potential of AI is endless, yet there are challenges, given its use by cyberattackers to steal information and/or create havoc. AI can hand adversaries powerful tools to innovate, scale, and disguise attacks. To properly utilize and safeguard against advanced technologies, healthcare organizations should understand both the good and the bad of AI.

See also: HIPAA compliant email: The definitive guide (2026 update)

The potential of AI in patient care

The potential functions of AI in healthcare are broad and far-reaching, and it has the potential to reshape the health industry. Such advanced technologies are able to analyze massive amounts of health documentation quickly, helping health professionals identify issues and/or needs that might otherwise be overlooked. It has redefined and improved healthcare by supporting accurate diagnoses, streamlining workflow, creating more personalized treatment plans, and enhancing patient experiences.

Machine learning is one of the most common examples of good AI in healthcare. It is a broad technique in which an AI algorithm learns on its own through the analysis of large amounts of data and then creates a model for future predictions. Machine learning enables AI in medical diagnoses and treatment plans, from scanning radiological images for early detection to identifying patterns to predicting outcomes from electronic health records (EHRs).

Further info: Which is the best AI platform for medical questions?

AI, healthcare communication, and task support

One of the most immediate and visible benefits of AI in healthcare is its ability to handle routine communication efficiently and accurately. The introduction of AI can act as a powerful time-saving ally, transforming how healthcare professionals communicate. From automating repetitive tasks to providing real-time insights, AI helps medical teams save time, enhance accuracy, and improve patient experiences.

An AI-enabled email or messaging platform can flag urgent communications, like abnormal lab results or patient updates, ensuring they rise to the top of an email. It could also save time by summarizing long email threads or telehealth transcripts, extracting key takeaways or follow-up tasks, and helping teams stay on top of cases without rereading everything.

Healthcare workers spend a lot of time doing paperwork, and AI can perform many of the more mundane tasks, allowing more time for direct patient care. Artificial intelligence can automate appointment scheduling, rescheduling, and reminders while integrating seamlessly with EHR platforms, ensuring that data stays consistent and up to date. Similarly, post-visit communication, such as follow-up reminders and satisfaction surveys, can be handled automatically.

Concerns about AI use in healthcare

As with anything that has the potential to change things for patients, there are a few concerns when it comes to the use of AI in patient care. First and foremost, AI is only as good as the information it's been trained on. When datasets are skewed, incomplete, or mislabeled, the outcomes can misdiagnose patients or perpetuate inequities. This leads to a question of trust:

• Will patients trust systems they cannot see or understand?

• How much transparency do patients want when it comes to AI involvement in their care?

• If an AI system recommends a course of treatment that a human doctor disagrees with, who bears responsibility?

• What if the AI system has access only to erroneous information?

Algorithms can guide decisions or diagnoses, but their invisibility may lead to distrust or fear. When patients do not feel included in learning how their data is used, they could potentially choose to opt out of care altogether. To continue trusting a health system that relies on AI technologies, healthcare providers need to be compliant, transparent, and patient-centered.

Related: Real-world examples of healthcare AI bias

The unfortunate growth of AI-related cyberattacks in healthcare

Criminal organizations target healthcare because protected health information (PHI) is sensitive and worth a lot of money. The primary motivation behind healthcare cyberattacks remains financial gain, given the value of PHI to hackers. Criminal marketplace pricing demonstrates the demand clearly, with a driver’s license reportedly selling for about $20 while a complete identity package can reach $1,000.

The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect patients’ PHI and keep the confidential data from being disclosed without a patient's consent or knowledge. Unfortunately, healthcare data breaches continuously occur, even with HIPAA safeguards in place, putting patients in constant danger from PHI and identity theft. Major healthcare breaches occurred in 2025 alone, affecting more than 35 million individuals.

Given such lucrative information, cyberattacks against healthcare providers have become more sophisticated, fueled by the growth in technologies to exploit, such as AI. An immediate AI-related concern is how threat actors embrace AI to enhance their criminal operations. Artificial intelligence helps hackers take advantage of unsecured systems and untrained staff to target healthcare organizations for cyber fraud.

More about: The complete guide to HIPAA violations

AI-driven cyberattack tools

Threat actors embrace AI using different tools to enhance their operations as much as healthcare organizations do to enhance patient care.

Malicious AI models: Models designed to write convincing phishing emails or create malware code

Shadow AI: Unsanctioned AI tools used without approval or oversight that can lead to risks and leaks

Autonomous AI agents: Rapid multistage automated campaigns to scan for vulnerabilities, craft code, and quickly exfiltrate data

Deepfake impersonations: Attacks that use fake information, such as voice cloning and/or deepfake videos of doctors and pharmacists

AI-enhanced social engineering: Craftier, more personalized messages to make individuals more easily reveal sensitive data

Synthetic patient identities: Fabricated patient data merged with real patient data to pass initial insurance checks and commit insurance fraud

AI-generated medical records: Realistic clinical notes, imaging, and diagnostic reports to support false claims

Counterfeit pharmaceutical scams: Deepfakes that promote and/or sell unsafe medications

Consequences of AI-related breaches

IBM’s 2025 Cost of a Data Breach Report noted that 97% of organizations that experienced an AI-related security incident lacked proper access controls that could block AI. Moreover, the report also showed that 63% of organizations surveyed did not have AI governance policies in place to manage AI usage or prevent the proliferation of shadow AI.

The consequences of AI breaches are similar to the consequences of traditional breaches but have more of an impact because of how easily and how often they can occur. Cybercriminals can set AI tools to assault multiple systems, multiple times, without pause. Examples of consequences of breaches include:

• The theft of sensitive information
• Operational disruption
• Financial loss
• Patient safety at risk
• Erosion of trust
• Compliance-related fines and penalties

Analysts predict that AI could drive fraud-related losses from $12.3 billion in 2023 to $40 billion by 2027.

AI as a cybersecurity tool

While criminals exploit weaknesses with such advanced technologies, healthcare organizations can invest in innovative solutions that provide real-time threat detection and response capabilities. Advanced tools like AI can play a significant role in enhancing cybersecurity defenses. They continuously learn from new data, detecting and mitigating threats before they can cause harm.

To maximize AI’s benefits while mitigating risks, healthcare organizations should adopt best practices for AI implementation in data privacy and security.

• AI anomaly-based detection: Examine text, images, and audio for anomalies
• Intrusion detection systems (IDS): Detect and respond to suspicious activities
• Layered authentication: Confirm requests through a second, independent communication channel rather than relying on digital platforms alone
• Behavioral analysis: Identify unusual data flow patterns
• Malware detection: Analyze patterns in software behavior to detect new threats
• Automated threat response: Respond to certain threats by automatic isolation, blocking, or applying patches
• Incident analysis: Process data quickly to identify the cause of an incident

Building a culture of cybersecurity awareness in healthcare

A culture of security awareness is one in which employees actively participate in cybersecurity. Healthcare organizations must create a culture of security awareness within their business to help protect their patients and themselves. A good starting point for this is implementing staff training, clear policies, and open communication channels to help employees understand how they can handle patient data.

Healthcare organizations must improve their in-house security awareness to reduce human error that leads to data breaches and HIPAA violations. That, hand in hand with vital security features, such as HIPAA compliant email, keeps an organization strong. A good defense is vital, but only in combination with a good offense. Regular communication about emerging threats, best cyber practices, and response protocols can help organizations maintain a good security posture.

Paubox email suite, AI, and zero trust

Paubox email suite is a HIPAA compliant email solution designed for healthcare organizations to securely communicate PHI without disrupting workflow. Paubox seamlessly encrypts all outbound emails, delivering them directly to recipients’ inboxes. It integrates with existing email platforms like Google Workspace and Microsoft 365, ensuring seamless security while maintaining ease of use.

A good example of zero trust and AI working together is in Paubox’s generative AI tool. Paubox combines a zero trust security model with AI-powered inbound email security to protect healthcare organizations from advanced phishing and impersonation threats. Using AI for behavioral analysis, Paubox also offers a secure email solution for organizations seeking a cybersecurity option tailored to one of their most vulnerable outputs.

With built-in threat detection, spam filtering, and robust encryption, Paubox email suite helps healthcare providers and health-related organizations and their business associates meet regulatory requirements while enhancing communication efficiency.

Interested in more about AI and healthcare?

• Risk of ungoverned AI use in healthcare
• The risk of using ungoverned AI in healthcare
• The convergence of AI and cybersecurity
• Deep dive: Emerging trends in US healthcare
• Can deepfakes be beneficial in healthcare
• What makes AI HIPAA compliant? Questions to ask
• How AI use policies to build trust in AI software
• The growing gap between AI advancement and healthcare workers
• 5 AI usage trends in healthcare for 2026
• Understanding connections between HIPAA, healthcare data, and AI
• AI is making phishing smarter and healthcare systems more vulnerable
• How healthcare organizations should train staff on AI use
  
  

FAQs

Do healthcare providers need consent to implement AI solutions?

Yes, healthcare providers typically need informed consent from patients before using AI technologies for diagnosis, treatment, or other healthcare purposes. Obtaining consent is mandatory to ensure transparency and respect for patients’ autonomy in the use of AI-driven healthcare interventions.

What technologies can be used to integrate AI into healthcare processes?

Healthcare professionals can use various technologies to integrate AI into healthcare, including machine learning algorithms, natural language processing (NLP), computer vision, and predictive analytics.

What types of attacks can generative AI identify?

It can detect advanced threats such as business email compromise, domain spoofing, brand impersonation, and AI-generated phishing messages.

Can AI systems introduce risk even if they don’t make clinical decisions?

Yes. Non-clinical AI tools used for scheduling, documentation, or communications can still process PHI. If these systems are poorly governed, they can lead to privacy breaches or compliance violations.