Netskope examines how generative AI use changes healthcare security access
In a healthcare security briefing, Netskope reports heavy off-policy use of Generative AI (GenAI) alongside broader migration from Citrix toward Windows-based workflows, and it frames governance as a combined risk, compliance, and continuity problem. The update matters for enterprise security teams because it targets visibility, policy enforcement, and resilience across modern access paths.
Research Overview
Netskope’s 2025 Healthcare Threat Labs report says that about 60% of users were using GenAI tools outside IT oversight over the past year. The same research also states that 88% of healthcare organizations are integrating GenAI into clinical and operational workflows.
The briefing connects this adoption to changes in desktop and remote access patterns. It notes that many health systems have moved away from locked-down Citrix environments toward more flexible Windows-based workflows, which it says can expand the attack surface.
Key Findings
On the risk side, the post argues that Artificial Intelligence (AI) use is not the core issue by itself, but that it can be difficult to see under existing control coverage. It states that staff may use AI tools without connecting through a Virtual Private Network (VPN) or legacy gateway, leaving activity outside traditional perimeter visibility.
The briefing also links GenAI to changes in attacker methods, including phishing and reconnaissance. It cites a Harvard Business Review study that found AI-driven phishing has a 60% success rate.
Technical Breakdown
The post describes a data-first approach using Secure Access Service Edge (SASE) and zero trust concepts to create unified visibility across web, Software-as-a-Service (SaaS), private apps, and cloud services. It says that combining user identity, device posture, application activity, and data sensitivity can provide context for policy enforcement.
For shared clinical workstations, it describes identity-aware policy integration so that access and controls can follow individual clinicians rather than a single device or generic account. It also states that zero trust policies can adjust in real time based on the sensitivity of data and the context of the action.
In its example, the post describes an allowed path for sanctioned AI use with anonymized data, while higher-risk actions such as pasting PHI into a public model may be coached, blocked, or redirected to a governed corporate instance. It presents the goal as making AI use visible, governed, and safe rather than blocking AI generally.
Operational Impact
For compliance, the post states that regulations have not relaxed while adoption has increased, so governance teams still need answers about who accessed sensitive data, where it went, and how it was protected. It argues that data governance is harder when PHI appears in PDFs, images, scanned documents, and mixed media that legacy pattern-matching tools may not handle.
It also describes continuity as an operational requirement tied to patient care when systems degrade or fail, including impacts from delayed imaging, delayed medication administration, and manual workarounds. The post says continuity planning should assume failures and maintain workflow access across web, SaaS, private data centers, cloud workloads, and remote clinics.
To support continuity, the briefing describes in-line security inspection to preserve access performance, endpoint resilience for clinical workstations and shared devices, and early detection across web and cloud to isolate activity before ransomware spreads. It also notes that as organizations retire legacy access tools and migrate workloads, a unified zero trust access layer can keep policies consistent while workflows continue.
This blog signals that Netskope’s healthcare security guidance emphasizes unified, in-line visibility and governed access across risk, compliance, and continuity, reflecting reported off-oversight GenAI usage and evolving access environments. This “Blog Signals brief” is a fact-based summary of the vendor blog.