HSCC Publications

This guide addresses unique cybersecurity and privacy challenges as the sector adopts artificial intelligence across clinical and operational use cases, targeting the identification and mitigation of AI-specific cyber risks, including data poisoning, model drift, and adversarial attacks, while ensuring compliance with the healthcare sector’s complex regulatory environment. It addresses the full spectrum of AI technologies deployed in healthcare, from traditional machine learning/reactive/non-agentic models to generative AI, and agentic AI systems capable of autonomous action.

This document addresses the growing gaps in discovery and disclosure processes that make AI supply chain risk so difficult to manage. Many HCOs operate with incomplete or outdated vendor inventories, while AI-specific cybersecurity risks – such as synthetic data misuse, training data leakage, and adversarial inference – go unreported by vendors. To counter this, the Guide promotes proactive due diligence, dynamic risk profiling, and contractual transparency. It equips risk managers, compliance teams, and procurement officers with scalable tools to surface hidden dependencies, identify cascading failure points, and align third-party AI vendors and products with mission-critical safety, privacy, and resilience goals.