Getting a Tighter Grip on Third-Party AI Risk in Healthcare

Former CISO Rick Doten on Critical Moves to Better Manage Vendor Risk Marianne Kolbasuk McGee (HealthInfoSec) • December 24, 2025 17 Minutes

Third-party security threats are one of the most critical risks facing the healthcare sector. Increasing use of artificial intelligence by vendors adds a new layer of third-party concerns, said independent consultant Rick Doten, former CISO of a large managed healthcare firm.

Vendors in the healthcare sector that handle HIPAA protected health information should be scrutinized by their healthcare sector clients on how these firms use AI models, what data they collect and how AI-based agents interact with sensitive systems and accounts, Doten said.

"What AI models are you using? Are they public? Are they private? Are you using platforms that are leveraging AI? Are you doing this for analytics?" are among the questions that healthcare sector entities should ...