The Doctronic hack: a wake-up call for pharmacy’s full practice future

Written By Harry Travis

Image created with Google Gemini 3.1 (Nano Banana Pro model), March 2026.

Do we want primary care managed by a vulnerable algorithm or by the unhackable clinical professional behind the pharmacy counter?

I’ve been tracking the headlines about the Doctronic AI hack in Utah, and frankly, it’s the kind of "I told you so" moment that should make every pharmacist in the country pause.

If you haven’t seen the report from Mindgard—the "Red Team" that pressure-tested the system—it’s eye-opening. They managed to get Doctronic’s AI bot to bypass its safety protocols completely. The irony is thick: while we are told these bots could be the future of "primary care access," the Mindgard team got the bot to provide instructions for cooking methamphetamine when it was supposed to be handling a limited set of prescription refills.

I’ve reached out to Byron Crowe, the Chief Medical Officer at Doctronic, and the State of Utah Office of AI Policy for comment (see below). As it typically the case in these situations, the headlines do not tell the whole story. I am not going to try to parse the details of the innerworkings of the Doctronic chatbot and Mindgard’s attack. The bigger issue is how will the pharmacy profession respond.

This incident reinforces a constant theme I’ve been beating the drum on for years: We already have a highly trained, unhackable solution to the primary care access problem. They’re called pharmacists. Steven Leonard and Tim Frost have written extensively on this. (Links to articles below)

We would like to share a few clarifications to make sure the system is accurately described. The testing described in the Mindgard report involved Doctronic’s general AI health assistant, not the prescription-renewal workflow being evaluated in Utah’s regulatory sandbox. These are separate systems. The examples referenced involve text generated during a single chat session and do not alter the system’s underlying model, configuration, or knowledge base. As is widely understood across the industry, adversarial prompting can cause conversational AI systems to generate incorrect text. For that reason, Doctronic’s architecture does not rely on chatbot output alone. The assistant can generate documentation such as a SOAP note, but a SOAP note cannot authorize, transmit, or generate a prescription. In the Utah pilot, medication renewals occur only through a separate clinical workflow limited to previously prescribed, non-controlled medications that must pass structured eligibility checks. Controlled substances are categorically excluded from the program. The pilot operates under a human-on-the-loop model, where licensed healthcare professionals supervise system performance and intervene if anomalies arise. The activity described in the report did not and could not result in any improper prescription refill, nor could it result in the issuance of a prescription for a controlled substance through the Utah workflow
— Byron Crowe, Chief Medical Officer, Doctronic

The human in the loop

The "Techy Surgeon," Christian Pean, MD, recently wrote a thorough breakdown of this hack. He points out that while AI tools are great for orchestration and workflow, they lack the "human in the loop" necessary for high-stakes clinical decisions.

When a patient walks into one of the 50,000 community pharmacies across this country, they aren’t talking to an algorithm that can be "jailbroken" into giving dangerous advice. They are talking to a professional who knows that if a patient’s Lipitor has run out, the answer is a clinical assessment, not a recipe for a controlled substance.

We have a safe, existing system in place. We just need to activate it nationwide.

Why full practice authority matters now

The Doctronic incident is a "signal event." It demonstrates the need for additional layers of testing to ensure public safety. Kudos to the State of Utah for providing just the environment for this type of regulatory experimentation. Meanwhile, pharmacists are sitting on the sidelines in most states, restricted by outdated regulations.

Full Practice Authority would allow pharmacists to:

  • Reauthorize prescriptions for chronic conditions like hypertension or diabetes.

  • Perform screenings for the “big three:” heart disease, diabetes, and high blood pressure.

  • Act as a hybrid partner with AI, using the technology to speed up research while providing the final clinical sign-off that ensures patient safety.

Currently, only a handful of states have granted anything resembling full practice authority. That leaves the rest of the country where the "access problem" may be solved by AI bots instead of proven professionals.

We understand why reports like this raise questions, and we take them seriously. Independent red-teaming can surface cases that are not encountered in ordinary use, and that kind of stress-testing is valuable as these systems mature. Healthcare systems — whether AI-supported or entirely human — must be designed with the expectation that information can be incomplete, misleading, or strategically framed. For that reason, pilots approved by our office are structured with layered safeguards, escalation pathways, physician oversight, physician review phases, and reporting requirements. Doctronic is responsible to maintain the safety of its systems, and the Office of AI Policy is responsible to exercise oversight and ensure that Utahn businesses are accountable and innovative while we learn about this emerging technology. Doctronic’s participation in our Learning Laboratory is designed to test and evaluate performance under real operating conditions. Structured oversight and empirical observation are central to the program. We will continue to monitor actual patient interactions, escalation rates, and clinical outcomes as the pilot progresses. We welcome community input as we continue to authorize pilots and develop AI policy.
— State of Utah Office of AI Policy (OAIP)

My take: the market vs. the bot

I’m not saying we should ban AI. I think there’s a happy medium where AI has a solo role or sits in a pharmacist’s pocket to double-check research in seconds. But we should let the free market decide: Do you want your primary care from a bot that can be hacked by a tech team in New Zealand, or from the pharmacist down the street who knows your history?

This hack isn't just a tech failure; it’s a reminder that pharmacists can do this better. If we are going to let the market decide, then pharmacists need a level playing field when compared to AI Bots and tech solutions. That is where you come in.

Take action: contact your state board

We need to move the needle on this, state by state. If you’re lucky enough to practice in a state that already has some form of full practice authority—like Idaho, Colorado, Montana, Indiana, Iowa and others trialing or implementing some form of standard of care for pharmacists—your voice is more important than ever. Reach out to your state’s Board of Pharmacy not just to ask for progress, but to provide them with any on-the-ground success stories they need to defend and expand these rules.

For everyone else, it’s time to remind our regulators that we are the safe, human solution to the access crisis that AI alone simply cannot solve. Ask them where they stand on Full Practice Authority and use the Utah hack as the reason why.

To make it easy, I’ve provided a template below. ☺️

Advocacy template: email your state board

Note: If your state already has full practice authority, swap the request for an "update" with a "thank you" and a brief example of how you or another pharmacist or pharmacy has used their authority to help a patient safely.

To: [Find your Board's email address below]

Subject: Urgent Inquiry: Full Practice Authority and Public Safety (Re: Doctronic Incident)

Dear Members of the Board,

I am writing to you today as a [pharmacist/concerned healthcare professional] regarding the recent security breach of the Doctronic AI pilot in Utah. As reported by the security firm Mindgard, this "AI doctor" was easily manipulated into providing dangerous, non-medical instructions, bypassing critical safety protocols.

This incident is a signal event that highlights the danger of relying exclusively on automated systems to fill gaps in primary care access. We have a more reliable, "unhackable" solution already integrated into our communities: the licensed pharmacist.

I am requesting an update on the Board’s current position and legislative agenda regarding Full Practice Authority for Pharmacists. In light of the vulnerabilities exposed in AI-driven care, what steps is the Board taking to empower pharmacists to provide the clinical services—such as chronic medication reauthorization and health screenings—that our patients desperately need?

Pharmacists provide the essential "human in the loop" that technology lacks. I look forward to hearing how our state plans to lead on this issue.

Sincerely,

[Your Name]

[Your Pharmacy/Organization]

Where to send your email

The National Association of Boards of Pharmacy (NABP) maintains a verified directory of every state board.

👉 Click here to find your state board’s contact information

Select your state from the list to find the direct email for the Executive Director or the general board inquiry inbox.

Related links

Harry Travis

Harry Travis is a nationally recognized speaker and thought leader on the transformative impact of AI, digital technologies, and emerging therapies on pharmacy. He has presented at prestigious industry events such as the PCMA Business Forum, Asembia Specialty Rx Summit, and the National Association of Specialty Pharmacy.

With a BS in Pharmacy from the University of Pittsburgh and an MBA from The Darden School at the University of Virginia, Harry combines academic rigor with decades of executive experience.

https://thetravisgrp.com
Previous

Are you an ostrich or an excavator?
Next

Voice agents: the next shift in specialty pharmacy intake