The weaponisation of AI in the healthcare sector & the national security risks (UK) Part 1

 by Zara Hayat, International Relations Correspondent at Intelligence Forums

Part 1 explores why healthcare AI should be understood not merely as a technological innovation, but as an emerging national security challenge. It examines how AI adoption, cyber threat evolution, fragmented UK policy frameworks, and contested health data governance together create vulnerabilities that hostile actors can exploit.

AI, Healthcare and the New National Security Risk:

Healthcare systems are some of the most critical infrastructures in modern society becoming increasingly reliant on digital platforms, analytics, and AI-enabled tools to coordinate care, manage capacity, and extract insight from complex datasets over time. Yet the same features that make modern day healthcare ‘AI ready’ (large volumes of sensitive data and complex interdependent workflows) also are the very features that make it an unusually attractive target for hostile actors. With regards to the UK specifically, this matters as healthcare is not only considered a social good but is intertwined with the state’s legitimacy, crisis capacity, and resilience. The state’s own National Risk Register treats a cyber-attack on the health and social care system as a national risk and frames impacts in terms of extended disruption, service degradation, and downstream harm. The National Audit Office's investigation into the 2017 WannaCry ransomware attack offers an empirical baseline. It concluded how cyber disruption to the NHS can quickly translate into cancelled services, operational contingency, and enduring recovery costs, exposing long term systemic weaknesses that hostile actors can exploit.

The primary claim being made is that AI weaponisation creates a national security risk through a security governance gap i.e. there is a consistent mismatch between not only how AI is governed and integrated into high-stakes public service systems but also how national security institutions conceptualise and respond to evolving cyber threats. The National Cyber Security Centre assesses that AI will almost certainly enhance reconnaissance, social engineering, and vulnerability exploitation by 2027. Yet there is ample literature that indicates that policy capacity and coherence are strained by definitional ambiguity, uncertainty, institutional fragmentation, and the political dynamics of consultation and legitimacy.

National security risks emerge from the interaction or connection between governance conditions and evolving adversarial capabilities. This piece develops and applies a structural analytical framework that combines the UK’s risk governance documents with a technical lens or categorisation of artificial intelligence enabled attack pathways to highlight how vulnerabilities are produced and not just how they are exposed. Contrary to popular belief, these risks laid out are not inevitable. Instead, they are shaped by very specific policy choices, particularly those concerning data centralisation procurement and regulatory design. These policy choices expand the attack surface and condition the resilience of the system. By basing these dynamics on real data from the UK, such as the National Risk Register, NCSC threat assessments, and the backdrop of NHS data governance, this article highlights how the weaponisation of AI is most effectively understood not as a future speculative threat, but as an emergent and policy-mediated national security challenge embedded within contemporary healthcare systems.

Why Healthcare AI is becoming a strategic vulnerability:

Existing scholarship spans a multitude of domains including but not limited to technological adoption in healthcare, cyber threat evolution and public policy responses. Despite the sheer volume of information, these literatures remain unevenly connected. This article first examines the rapid expansion of AI within healthcare systems and the conditions that render them both technologically advanced and strategically vulnerable. Then it considers the emerging literature on the weaponisation as well as the specific risks that are posed to health services. Following that it evaluates how public policy frameworks especially within the UK conceptualise and respond to these threats. Lastly it identifies key gaps and blind spots within the existing literature especially focusing on the limited integration between AI governance and national security perspectives.

The rise of AI and its use in the healthcare industry:

Healthcare is among the most data-intensive sectors in modern society, generating electronic health records, imaging data, and real-time operational indicators that make it an optimal environment for AI adoption.  AI has a substantial role in public health surveillance, epidemiological research, communication, and resource allocation. In conjunction to this, the World Health Organisation’s recent guidance on large multi-modal models in health reflects the general assumption that AI will increasingly be used across healthcare, research and public health settings. However the same conditions that make healthcare ‘AI ready’ or suitable for AI adoption are also the same basis that create a distinct vulnerability. Since AI in healthcare is not simply a technical tool being added to an otherwise stable and sustainable system, it becomes a part of a socio-technical environment made up of patients, clinicians, procurement arrangements, data infrastructures, professional norms, and organisational routines. A socio-technical perspective is particularly useful here as it conceptualises technological systems as shaped by the interaction between technical infrastructures, institutional arrangements, and human actors, rather than just as isolated tools.

This is where ideas of AI hype become especially pertinent. A captivating argument is that AI hype in healthcare encompasses both utopian and dystopian forms. Utopian narratives frame artificial intelligence as a solution to aspects such as strained health services, workforce shortages, administrative burdens and diagnostic inefficiencies. Dystopian narratives on the other hand give heed to the loss of privacy and security, automation bias, surveillance, and ethical harm. It is not just that hype exists, rather that hype can itself become a bigger governance problem than thought to be. If AI is framed as an urgent and imperative saviour to the healthcare industry, this can compress deliberation, accelerate procurement, and drive attention away from determinants of healthcare outcomes that are not AI like staffing, infrastructure, professional judgement, and organisational growth. Critically, both utopian and dystopian accounts often overstate the autonomy of AI systems while underplaying the role of institutions, social context, and human decision-making creating a precarious environment to work in. The NHS Federated Data Platform more concretely illustrates these terms. According to NHS England, the platform is seen as a means of linking data across trusts and systems for the purpose of supporting clinicians, reducing administrative burdens and improving planning. Despite this the controversy regarding Palantir’s involvement with the NHS clearly depicts that AI enabled healthcare infrastructure is not merely a question of technical efficiency. It raises issues regarding data centralisation, vendor dependence, transparency, the importance of public trust and perceived potential surveillance risk. The Palantir case highlights how AI adoption in healthcare can create both operational opportunity and strategic exposure. Centralised platforms do have the power to improve coordination but they could also create high value targets, increase dependence on external providers and generate valid concerns regarding legitimacy that impact the public’s willingness to support AI contingent health data sharing. This is why the rise of AI is not only a story of technological progress but of how healthcare systems become increasingly dependent on infrastructures whose failure, manipulation, or contestation may produce consequences beyond the clinical domain.

The weaponisation of AI & the risks posed to the health services:

AI weaponisation requires careful definition because the term can otherwise collapse distinct forms of risk into a single inflated category. The weaponisation of AI refers to the deliberate use of AI systems to cause harm or gain strategic advantage, either through direct exploitation of AI (e.g., poisoning and evasion attacks) or by enhancing existing malicious activities such as phishing and cyber reconnaissance. This explanation is in line with the UK’s NCSC assessments that the major short-term threat comes from the evolution and enhancement of pre-existing tactics and procedures instead of entirely new AI hacking capabilities. In the healthcare sector, it can be understood in two distinct yet connected ways. Firstly AI can be used as an accelerant of pre-existing hostile activity making cyber operations faster, cheaper, more scalable, and more effective. Secondly AI systems themselves can become targets of manipulation through malware, data poisoning, evasion, inference and privacy attacks.

The second form of weaponisation is in regards to attacks against AI systems themselves. The National Institute of Standards and Technology adversarial machine learning taxonomy provides more precise vocabulary for distinguishing between different forms of AI-specific risk, including poisoning, evasion, and inference or privacy attacks. In the context of healthcare these risks are particularly high risk as AI systems may increasingly support triage, imaging, diagnostics, resource allocation, and clinical decision-making. For example, an adversarial attack that subtly or indirectly corrupts training data, manipulates model outputs, or extracts sensitive information will likely not produce immediate system failure, but instead would degrade the integrity of clinical decisions in ways that are difficult to quickly or initially detect. The danger is not only that systems go offline, but that systems remain operational while producing compromised outputs. That is the key difference between AI specific attacks and conventional cyber disruption. Therefore, the national security implications extend across several domains including but not limited to availability confidentiality, integrity and trust. Attacks on availability can disrupt vital health service delivery. Attacks on confidentiality can expose sensitive health data, enabling coercion, blackmail, espionage, or strategic intelligence gathering. The NHS–Palantir case is relevant here not as evidence of such an attack, but as an example of how centralised data infrastructures and contested governance can heighten concerns around confidentiality, legitimacy, and public trust especially during times of crisis. Similarly, an attack on integrity can undermine clinical decision-making, resource allocation, or public health surveillance. Generative AI can also amplify misinformation, enabling hostile actors to undermine public trust in health advice or state competence without directly compromising hospital systems.

The UK’s fragmented policy response:

The UK policy response to AI in healthcare is structurally fragmented, and this fragmentation is itself a source of national security vulnerability. UK policy has increasingly recognised the importance of AI and cyber risk yet the connection between AI governance and national security remains underdeveloped. The National Risk Register or NRR is especially significant as it treats a cyber-attack on the health and social care system as a national risk. The NRR’s primary focus is to translate disruption into consequence and resilience terms not to provide a detailed account of how AI-specific vulnerabilities might alter the threat landscape as a whole. For that case the NCSC’s 2024 and 2025 assessments provide a stronger account of AI’s impact on hostile actor capabilities. The NCSC assessments are primarily cyber threat documents, not healthcare governance frameworks. They address how attackers may use AI, not how healthcare AI systems are procured or made resilient. This produces a critical policy gap: national security institutions frame AI as a threat multiplier while healthcare governance institutions frame it as an innovation challenge. Especially in regards to healthcare, ideas such as AI readiness, digital transformation and innovation led reform are not simply neutral descriptions. They have the power to legitimise and exacerbate rapid deployment, centralised data infrastructures and private sector partnerships even when the security implications of these choices are unclear and under specified. Naturally due to the under-exploration of the topic at the time being, AI policy-making occurs under conditions of deep uncertainty and with haste where policymakers must make decisions before the full consequences of AI deployment are known. It is this very uncertainty that can encourage reliance on vendor expertise, compressed consultation and a risky pilot now govern later form of approach. Definitional ambiguity around AI can also be a major cause for mismatch between policy and practices with governance frameworks at times focusing on abstract notions or the future of artificial intelligence while overlooking deployed systems that are currently shaping decision-making.

The UK’s own AI regulatory model also known as the pro innovation approach to AI regulation intensifies these tensions. It is a flexible, principles-based, sector-led approach that may allow adaptation to technological change, but can also create gaps in accountability, enforcement, and cross-sector coordination. This matters when speaking in regards to healthcare as AI systems can fall between regulatory categories. They can be understood as medical devices, operational tools, data platforms, decision-support systems or as administrative infrastructures depending on the context. The Medicines and Healthcare products Regulatory Agency (MHRA) guidance on software and AI as a medical device depicts how the UK is developing mechanisms to govern AI-enabled clinical safety but it is important to keep in mind that clinical safety is not the same as national security resilience. In other words, a system may demonstrate clinical utility whilst still creating strategic exposure especially if it increases dependence on centralised data flows, non-transparent vendors or poorly audited infrastructures. The NHS Palantir Federated Data Platform case is the appropriate example to capture this public policy dilemma. NHS England establishes the platform as a tool to improve coordination, reduce administrative burdens, and enable better use of NHS data.

What current debates miss:

Whilst the existing literature provides important insights, it leaves behind several blind spots. The first is that AI healthcare scholarship often focuses on ethics, bias, privacy, clinical performance, and patient safety which are undeniably imperative but fail to give adequate heed to hostile actor behaviour. The problem is that security is often treated as a secondary or a technical matter rather than as a central feature of AI governance in critical public services such as healthcare. As a result of this, the data out. there may often explain why artificial intelligence in healthcare may be ethically or clinically risky but often fails to explain how those risks could be deliberately exploited by hostile actors. The second blind spot is that cyber and national security literature often treats AI primarily as an accelerant of existing cyber operations. A clear example of this would be in the National Cyber Security Centre’s assessments which are considered valuable precisely because they avoid speculative claims about dramatic new AI attack capabilities. However it is this very focus that can leave space for AI-specific integrity risks within clinical AI pipelines. In other words, if AI is treated mainly as a tool that helps attackers conduct phishing, reconnaissance, and vulnerability exploitation, then the literature may understate the risks posed by attacks on AI models themselves.

Another blind spot is that concerning public policy and governance. The literature surrounding AI governance explains aspects such as hype, uncertainty, definitional ambiguity transparency and institutional fragmentation well but often falls short of connecting these conditions to real national security outcomes. On the flip side, national security literature explains resilience, threat evolution, and critical infrastructure protection well but falls short when paying attention to the governance conditions through which the vulnerabilities are produced. One body of literature explains how AI systems are adopted and governed; another explains how hostile actors exploit vulnerability; but a few at best connect and explain how governance choices in healthcare produce the conditions that hostile actors can exploit. Arguably the most important blind spot concerns trust and legitimacy. Public trust is often deemed as an ethical or democratic concern in health data governance debates which albeit correct is incomplete. In the context of national security, trust also becomes a part of resilience. If public confidence in health institutions, data-sharing, or AI-enabled systems collapses, then the state’s capacity to govern during crisis is weakened. Again, the NHS-Palantir controversy highlights how the legitimacy of AI enabled health infrastructure cannot be separated from its security implications. If a system is by all other metrics technically secure but publicly mistrusted it can still be considered strategically fragile as contested legitimacy can reduce compliance, perpetuate slow implementation and create opportunities for hostile information manipulation.