Healthcare organisations are facing unprecedented internal data security risks as staff accelerate their use of generative AI (genAI) and cloud applications, according to new findings released today by Netskope Threat Labs in its annual healthcare threat report. The analysis, based on thirteen months of global healthcare data, reveals a dramatic spike in sensitive information exposure as employees increasingly interact with AI tools—both approved and personal.
The report highlights a stark reality: regulated healthcare data accounts for 89% of all genAI‑related data policy violations, nearly three times the cross‑industry average of 31%. Patient records, medical files, and clinical documentation are frequently being fed into prompts or uploaded to AI applications, often without security oversight.
“Without strong guardrails around cloud and AI usage, regulated patient data will continue to leak at alarming rates.”
— Ray Canzanese, Director, Netskope Threat Labs
Compounding this risk is the continued use of personal genAI accounts inside the workplace. Although this behaviour has fallen sharply over the past year, 43% of healthcare workers are still using personal AI tools that their security teams cannot properly monitor. At the same time, organisations are rapidly shifting toward controlled environments: usage of company‑approved AI applications surged from 18% to 67%, outpacing most other industries.
The report also highlights a growing reliance on API‑driven AI integrations. Even internally deployed AI agents often process data via cloud‑hosted models, making API monitoring essential. Nearly two in three healthcare organisations detected API traffic to OpenAI (63%) or AssemblyAI (62%), with 36% observing traffic to Anthropic essentially exposing how deeply embedded AI has become in clinical and operational workflows.
Cloud application usage remains another major weak point. Regulated data accounts for 82% of violations linked to personal cloud apps, with healthcare staff frequently uploading sensitive files sometimes unintentionally into unmanaged services. Enforcement controls are becoming more common: 56% of healthcare organisations blocked uploads to personal Google Drive accounts, followed by Gmail (39%) and OneDrive (30%).
Threat actors are also exploiting trust in cloud platforms. Azure Static Web Apps (8.2%), GitHub (8%), and OneDrive (6.3%) were the most abused platforms for malware delivery attempts targeting healthcare employees.
Canzanese warns that focusing solely on external threats is no longer enough: “Healthcare organisations that operate without strong guardrails around cloud and AI usage are highly likely to suffer regulated data leaks and the regulatory penalties that follow.”