Although governance and security are often treated as separate concerns, Crume notes that they are increasingly intertwined.

“I think about this as a Venn diagram,” he explains. “You’ve got a governance circle and an AI security circle, and they overlap. You can’t do either in isolation.”

In healthcare, governance often falls under the chief risk officer, focusing on fairness, bias and compliance, while security is overseen by the CISO, concerned with resilience against attack.

Both groups care about reliability and privacy, and both need to collaborate to ensure patient data remains protected.

“There is no privacy without security,” Crume says. “If your system is not secure, you can’t ensure the data is only going to the right people.”

READ MORE: Why is governance key to securing AI?

Building Trust for the Future

Generative AI and AI agents are raising the stakes further. Unlike traditional models, AI agents can operate autonomously, carrying out complex tasks on their own. This power comes with risks.

“Agents are an area that offer us tremendous promise and tremendous risk at the same time,” Crume says. “When they’re exploited, they become great risk amplifiers. What would take a person a day to do, an AI agent can do in a matter of minutes.”

He says that means if it’s doing the wrong thing, it will do the wrong thing fast.

For healthcare organizations, the road to secure AI adoption requires vigilance across data, models and workflows.

Governance and security must work hand in hand, while stakeholders across IT, security and risk management share responsibility for protecting patients.

“We’re all still learning this as we’re doing it, and learning a lot of lessons, sometimes the hard way,” Crume says. “If we get the right tools in place, AI can make healthcare workers’ lives easier, more efficient and more secure.”

Brought to you by: