The race to implement AI is leaving security blind spots in place
Survey results suggest that modernization ambitions are advancing so quickly that they outpace capabilities to secure and manage critical infrastructure.
There’s growing urgency and excitement around implementing artificial intelligence to facilitate efficiency and take on tedious tasks in healthcare.
But one recent survey suggests that the industry may be moving so fast that it’s jeopardizing the integrity and security of the infrastructures that information systems are running on.
The report, by WanAware, contends that healthcare organizations’ modernization and AI ambitions are advancing so quickly that they’re outpacing capabilities to secure and manage critical systems.
The findings are based on a survey of more than 600 healthcare IT executives in the U.S., says WanAware, a Boulder, Colo.-based company that provides services to monitor IT performance, availability and security monitoring.
The survey found that 60 percent of survey respondents believe that a sizeable component (26 percent to 50 percent) of their infrastructures are insufficiently monitored, resulting in dangerous IT risks, such as preventable incidents, lags in detecting security gaps and other risks.
And that lack of visibility is becoming more pronounced as organizations move quickly in efforts to adopt AI, WanAware experts conclude.
“Organizations are deploying more tools and pushing forward with AI initiatives,” notes Jeff Collins, WanAware’s CEO. “But without a unified view of their infrastructure, risk becomes embedded in daily operations.”
Healthcare organizations already are on alert for potential security gaps that could make them prone to cyberattacks. But losing visibility into their own systems could pose deeper risks to patient safety and system reliability, the researchers concluded.
Modernization makes it complicated
As organizations upgrade and modernize their systems to carry more complex computing loads, visibility gaps are increasing in every layer of IT. That includes network infrastructure, cloud workloads, endpoints, and medical devices and technology that supports the Internet of Medical Things (IoMT).
“These blind spots often sit directly beneath patient-facing systems, where failures can go undetected until performance degrades and clinical workflows are disrupted,” researchers suggest.
Security vulnerabilities are one indication of shortcomings in visibility. WanAware noted the 2025 Verizon Data Breach Investigations Report, which found 1,710 security incidents and 1,542 confirmed data disclosures. Those totals underscore “how blind spots continue to persist despite increased spending on security and monitoring technologies.”
These weaknesses include legacy systems and proprietary protocols that limit insight into medical devices, poorly segmented networks, rapidly advancing cloud resources that outpace monitoring and governance models, and widely distributed endpoints that increase attack vectors.
“The result is a fragile operating environment where critical services depend on infrastructure leaders who cannot fully see, secure or automate,” the report notes. “When monitoring fails, clinical systems degrade silently. Security incidents surface only after disruption.”
Poor oversight into blind spots
While healthcare organizations are aware of these shortcomings, they’ve layered on multiple technologies to gain insight into weak areas, but those tools are reaching their limits, researchers contend.
“On average, healthcare organizations now rely on six to 10 monitoring and asset management tools, with 40 percent (of respondents) using seven (tools) or more,” they note. Despite this, “only 29 percent report that their tool environments are fully integrated. Rather than improving clarity, tool sprawl is creating a new class of blind spots.”
Fragmentation has resulted in disruptions that are a result of “false confidence,” WanAware’s report contends. Some 42 percent of respondents say their healthcare organizations have experienced infrastructure incidents monthly or more often. Only 28 percent of respondents said they detect most security incidents internally through their own tools. There is “an illusion of control that holds until a major incident exposes the gaps. Visibility (is defined) by how completely those tools are integrated into a single, trusted operational picture.”
With AI coming into the picture, organizations’ visibility and control are being challenged in many ways. From a fiscal perspective, more investment is being designated for researching technologies and enabling implementations. Some 72 percent of respondents say they are prepared or fully prepared for AI-enabled applications.
However, limited integration, incomplete observability and low automation levels “persist beneath the surface, suggesting confidence is outpacing operational reality. As a result, AI initiatives are being layered on top of environments (that) leaders cannot fully see or trust.”
WanAware says the additions of new AI technology are complicating IT management. “AI readiness is being declared faster than foundational visibility is being built,” the report concludes. “Organizations are layering intelligent systems on top of infrastructure they cannot see, govern or secure.
“As a result, AI initiatives inherit the same blind spots that already drive preventable incidents, security detection lag and operational fragility.”
This disparity will need to be resolved for AI to be implemented with higher visibility that could reveal potential security vulnerabilities.
“Until visibility, integration and automation mature together, AI will amplify existing risk rather than reducing it,” it concludes. “Readiness is not defined by strategy decks or pilot programs. It is not defined by whether the underlying infrastructure is observable, trustworthy and continuously operational at scale.”
To increase visibility and security, WanAware suggests that healthcare leaders should take the following steps.
Treat visibility as a strategic priority, not a supporting function.
Replace fragmented telemetry with a continuously updated and normalized view of infrastructure.
Use visibility to drive automation, security and AI readiness, rather than layering those initiatives on top of blind spots.
Measure readiness by operational reality, not by roadmap promises.
Fred Bazzoli is the Editor in Chief of Health Data Management.