GenAI has become mainstream in the healthcare sector, with 88% of organizations now integrating cloud-based genAI apps into their operations, 96% using apps that leverage user data for training, 98% using apps that incorporate genAI features,  and 43% experimenting with running some genAI infrastructure locally. These numbers lag behind the global averages of 94% of organizations using genAI apps in the cloud and 54% exploring running them locally.

At the same time, the use of personal genAI accounts has declined from 87% to 71% over the past year. This trend signals a strategic shift toward centralized, organization-approved genAI solutions designed to strengthen security and ensure compliance. ​Healthcare organizations should continue to adopt enterprise-grade genAI applications with robust security features to protect sensitive data while advancing in this direction.

The top ten genAI apps used in the healthcare industry mirror global trends, with the following highlights 

• ChatGPT is by far the most widely used genAI app in healthcare and other sectors. 
• Google Gemini is steadily gaining traction as a leading alternative to ChatGPT.

The remainder of the top ten is a range of domain-specific and embedded AI tools.

Now that genAI apps have become mainstream in the healthcare sector, organizations have been rapidly adopting DLP as a mitigating control for the increased data security risk that comes with genAI use. Notably, a substantial portion of sensitive data shared with genAI apps includes regulated data (a problem previously highlighted in this report for unapproved and personal apps as well), source code, and intellectual property. This trend suggests that genAI applications offer innovative solutions, but also introduce new vectors for potential data breaches. Healthcare organizations must balance the benefits of genAI with the implementation of strict data governance policies to mitigate associated risks.​

To manage the data risks associated with genAI apps, organizations in the healthcare sector are rapidly adopting DLP policies. Using DLP policies to monitor and control access to genAI applications has grown significantly, rising from 31% to 54% of healthcare organizations over the past year. This increase highlights a stronger commitment to safeguarding sensitive data, as more healthcare providers recognize the risks associated with unmonitored genAI usage. By implementing DLP controls, organizations are taking a proactive approach to reduce data risks during interactions with genAI tools. This shift marks an essential step toward the responsible and secure integration of AI in healthcare environments.

While the specific genAI apps blocked may differ by organization, apps with consistently high block rates, like those in the top 10 list below, should prompt all organizations to evaluate the presence of those apps in their own environments. It is also a good opportunity to reassess controls across entire categories of genAI tools. DeepAI is the most commonly blocked genAI app in healthcare organizations, often due to concerns around privacy practices and a lack of enterprise-grade controls. The remaining apps on the list, including Tactiq, Scite, and JasperAI, also appear frequently, with blocking decisions typically influenced by the presence of more secure or better-aligned alternatives. These patterns reflect how healthcare organizations are using block policies to redirect users to use approved tools that meet internal requirements.