Securing Your Digital Practice in the Age of AI

The following post is a wrap up for our talk at the Business Symposium 2025 : PNZ

Artificial intelligence (AI) is transforming how we work, communicate, and make decisions – faster than any technology before it. Email took twenty years to become normal at work. Smartphones took ten. AI has gone mainstream in under two. For physiotherapy clinics and healthcare providers, this pace brings both incredible opportunity and serious risk.

At Physiotherapy New Zealand’s Business Symposium 2025, Daniel and Hayden spoke about how clinics can protect their digital practice in this new AI-driven world. Here’s a summary of the key insights and practical takeaways from our session.

The New Risks AI Brings

AI isn’t just a productivity tool – it’s also a powerful weapon in the wrong hands. Deepfake scams, AI-generated phishing, and criminal AI tools are rapidly evolving.

• Deepfakes and impersonation: Fraudsters can now mimic voices and videos of trusted people. Imagine receiving a call that sounds like your landlord or GP asking for sensitive details. One wrong move can mean losing money, data, and trust.
• AI-powered phishing: Gone are the days of badly written scam emails. AI can now craft personalised, flawless messages that look authentic. These attacks often bypass filters and busy staff.
• Criminal AI tools: Cybercriminals use the same AI we do – but to automate attacks, crack passwords, and replicate legitimate communication styles.

Even trusted platforms aren’t immune. Microsoft’s Copilot recently faced an exposure flaw, and research shows that over 80% of AI tools have experienced data breaches or credential theft. Yet, only a small fraction of businesses have formal AI policies in place.

Internal Risks Within Clinics

While external attacks are rising, internal risks are just as critical:

• Shadow IT – Staff using unapproved or free AI tools like ChatGPT can unknowingly expose patient data. Without visibility, there’s no control over what leaves your environment.
• AI accuracy – AI often “hallucinates” information, producing results that sound confident but are completely false. In clinical settings, even small errors can affect patient care.
• Reputation risks – Copy-pasting unchecked AI-generated content into emails, reports, or patient notes can undermine trust. Mistakes made by AI are still your responsibility.

The Digital Treatment Plan

Just as in physiotherapy, prevention is always easier than recovery. Here’s how clinics can build resilience through practical steps:

1. Set the rules: Create a clear AI use policy outlining what’s safe to input, what’s off-limits, and which tools are approved.
2. Control the tools: Restrict use to secure, vetted AI platforms like Microsoft Copilot, and block unapproved apps.
3. Limit access: Apply the principle of least privilege – give each role access only to what’s necessary.
4. Monitor and alert: Implement monitoring that flags unusual data exports or sharing. Simple Microsoft 365 alerts can make a big difference.

Externally, reinforce your defences through:

• Modern email security that analyses user behaviour, not just spelling/grammar.
• Strong MFA (multi-factor authentication) that uses challenge-response instead of basic push prompts.
• Data Loss Prevention (DLP) measures that control file sharing and limit USB transfers.

These don’t require massive budgets – they require awareness, good configuration, and consistency.

Prevention Over Rehab

AI has made the digital world faster, smarter, and riskier. The best defence isn’t panic – it’s preparation. Build habits that strengthen your clinic’s digital posture just as you would strengthen a patient’s body: with discipline, structure, and proactive care.

Start small. Introduce an AI policy, train your staff, and layer your security tools. You’ll already be ahead of most businesses – and much more resilient against what’s coming next.

AI Policy Template

We have made our AI policy Template free. You can download it here.