AI Adoption Expands 'Shadow IT' Risks

- The use of unauthorized software and apps, or "shadow IT," is a significant financial issue, accounting for 30% to 40% of IT spending in large enterprises. In healthcare, the financial stakes are even higher, with the average cost of a data breach reaching $10.93 million per incident. - In 2023, 74% of healthcare data breaches involved third-party vendors, many of which fall under the umbrella of shadow IT. This problem is widespread, as a 2025 survey found that 86% of IT executives reported instances of shadow IT within their health systems. - The adoption of unmanaged AI, or "shadow AI," introduces distinct risks; a 2025 report found that 20% of organizations surveyed had suffered a data breach specifically due to unsecured AI tools. These unvetted systems can lead to HIPAA compliance violations and create patient safety risks if clinical decisions are influenced by unvalidated algorithms. - Frustration with official IT systems is a primary driver of shadow IT. For instance, nurses at UCHealth were spending over 30% of each 12-hour shift on clinical documentation within their Epic EHR. This highlights a common complaint that leads clinicians to seek more efficient, albeit unauthorized, tools. - An Epic EHR optimization project at UCHealth successfully reduced documentation time for acute care nurses by 18 minutes per 12-hour shift. This initiative, which involved removing unnecessary fields and redesigning flowsheets, demonstrates how informaticists can improve workflows and reduce the incentive for staff to use unapproved applications. - Nurse informaticists play a crucial role in mitigating shadow IT by bridging the gap between clinical needs and IT security. They help select and implement technology that fits into nursing workflows, educate staff on secure practices, and translate security policies into practical clinical processes, such as ensuring role-based access controls are correctly applied. - A significant governance gap exists, with over 60% of organizations reporting they have no policies in place to manage AI use or detect shadow AI. Establishing a formal AI governance framework is a key strategy for ensuring new technologies are implemented safely, ethically, and in compliance with healthcare regulations. - Clinicians often turn to shadow IT to solve real problems quickly when approved technology is seen as cumbersome or inferior. The goal for an informaticist is not just to block these tools, but to understand the underlying workflow gaps and partner with IT to provide secure, efficient solutions that meet frontline needs.