Inconsistent AI terminology across healthcare organizations creates measurable risk in procurement, vendor contracts, and patient safety oversight.
To close that gap, the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) today published its AI Cyber Glossary. The CWG also released the “Health Industry Third-Party AI Risk and Supply Chain Transparency Guide.” The 109-page resource addresses cybersecurity risks in AI-driven supply chains.
The glossary establishes governance-ready definitions that clinical, operational, compliance, and technical stakeholders can apply with confidence. Greg Garcia, Executive Director of the HSCC CWG, noted that the resource fills a critical need. Healthcare has lacked shared, sector-specific language for AI. As a living document, the glossary will serve as the terminological foundation for all HSCC AI Task Group guidance materials.
Drawing from established frameworks such as the NIST AI Risk Management Framework (NIST AI RMF) and the joint HSCC-HHS Health Industry Cybersecurity Practices (HICP), the Guide adapts best practices to reflect the realities of AI-driven supply chains in healthcare—including data lineage tracking, model auditability, embedded third-party dependencies, and post-deployment monitoring. It outlines critical control areas such as vendor security attestations, model explainability thresholds, and fail-safe requirements for AI-enabled clinical and operational systems. The Guide enables organizations to define accountability expectations and drive performance standards across their extended AI ecosystem.
Crucially, the Guide addresses the growing gaps in discovery and disclosure processes that make AI supply chain risk so difficult to manage. Many HCOs operate with incomplete or outdated vendor inventories, while AI-specific cybersecurity risks—such as synthetic data misuse, training data leakage, and adversarial inference—go unreported by vendors. To counter this, the Guide promotes proactive due diligence, dynamic risk profiling, and contractual transparency. It equips risk managers, compliance teams, and procurement officers with scalable tools to surface hidden dependencies, identify cascading failure points, and align third-party AI vendors and products with missioncritical safety, privacy, and resilience goals.
Read more and access the AI glossary and guide in HealthSystemCIO. Learn More
