Why healthcare CFOs are stuck between AI demands and governance risks

Posted on by

Good morning. New research shows that many boards are greenlighting AI strategies without a clear view of whether the underlying controls actually work—leaving CFOs vulnerable when regulators, auditors, or investors demand proof. Among private sector industries, healthcare appears to face the steepest challenge.

Kiteworks, a tech security firm, has released its “,”—a report based on a survey of 225 security, IT, compliance, and risk leaders across 10 industries and eight regions.

One key finding: 53% of organizations cannot remove personal data from AI models once it’s been used, creating long-term exposure under GDPR, CPRA, and emerging AI regulations.

All respondents said agentic AI is on their roadmap, but governance controls for these systems are lagging. Overall, 63% can’t enforce purpose limitations on AI agents, 60% lack kill-switch capabilities, and 72% have no software bill of materials (SBOM) for AI models in their environment. The result, per the report: AI systems are accessing, processing, and learning from sensitive data while organizations can’t fully track where that data goes or prove how it’s used.

Of the 10 industries surveyed, government faces the steepest challenges due to legacy systems. In the private sector, however, healthcare stands out for weaknesses in controls and AI governance.

Healthcare organizations are also among the most conservative in AI spending. More than 80% of respondents said they currently have no API agents planned—technology that lets AI agents connect to external systems and operate in coordinated workflows. Kiteworks notes that while cautious deployment reduces near-term risk, delayed adoption may mean organizations fail to build the governance capabilities they’ll need as AI use expands.

This caution reflects long-standing economic constraints. Healthcare has lagged industries like banking and manufacturing in adopting advanced tech, largely due to thin operating margins, per . Yet industry leaders increasingly see AI as critical to financial sustainability. EVP and CFO Dennis Laraway told the publication that AI, robotics, and automation can help health systems scale by expanding patient coverage, boosting volume, and improving speed and accuracy—supporting cost transformation amid payment reform and regulatory pressure.

These competing forces are landing directly on CFOs’ desks.

“Healthcare CFOs are navigating an uniquely tough balancing act as AI investment pressure intensifies,” Tim Freestone, Kiteworks’ chief strategy officer, told me. “Unlike tech or retail, many health systems run on 2–3% margins in good years—making every tech decision feel existential rather than experimental.”

Freestone added that quantifying AI’s return on investment remains especially hard. “How do you put a dollar figure on faster diagnosis or reduced clinician burnout?” he asked. At the same time, any AI deployment involving patient data brings substantial compliance and security costs, he noted.

Because healthcare has been slow to develop AI governance frameworks, CFOs are increasingly asked to approve major tech investments their organizations may lack the internal expertise to evaluate or manage, Freestone said. “They’re essentially being told to build the plane while deciding whether to buy it,” he said.

As scrutiny shifts from AI ambition to AI execution, CFOs may find that governance—not innovation—becomes the real test.
 

Sheryl Estrada