The Doctronic hack: a wake-up call for pharmacy’s full practice future
Image created with Google Gemini 3.1 (Nano Banana Pro model), March 2026.
Do we want primary care managed by a vulnerable algorithm or by the unhackable clinical professional behind the pharmacy counter?
I’ve been tracking the headlines about the Doctronic AI hack in Utah, and frankly, it’s the kind of "I told you so" moment that should make every healthcare regulator in the country pause.
If you haven’t seen the report from Mindgard—the "Red Team" that pressure-tested the system—it’s eye-opening. They managed to get Doctronic’s AI bot to bypass its safety protocols completely. The irony is thick: while we are told these bots could be the future of "primary care access," the Mindgard team got the bot to provide instructions for cooking methamphetamine when it was supposed to be handling a limited set of prescription refills.
I’m currently reaching out to Byron Crowe, the Chief Medical Officer at Doctronic, for an official response. But regardless of their response, this incident reinforces a constant theme I’ve been beating the drum on for years: We already have a highly trained, unhackable solution to the primary care access problem. They’re called pharmacists. Steven Leonard and Tim Frost have written extensively on this. (Links to articles below)
The human in the loop
The "Techy Surgeon," Christian Pean, MD, recently wrote a thorough breakdown of this hack. He points out that while AI tools are great for orchestration and workflow, they lack the "human in the loop" necessary for high-stakes clinical decisions.
When a patient walks into one of the 50,000 community pharmacies across this country, they aren’t talking to an algorithm that can be "jailbroken" into giving dangerous advice. They are talking to a professional who knows that if a patient’s Lipitor has run out, the answer is a clinical assessment, not a recipe for a controlled substance.
We have a safe, existing system in place. We just need to activate it.
Why full practice authority matters now
The Doctronic incident is a "signal event." It demonstrates the need for additional layers of testing to ensure public safety. Meanwhile, pharmacists are sitting on the sidelines in most states, restricted by outdated regulations.
Full Practice Authority would allow pharmacists to:
Reauthorize prescriptions for chronic conditions like hypertension or diabetes.
Perform screenings for the “big three:” heart disease, diabetes, and high blood pressure.
Act as a hybrid partner with AI, using the technology to speed up research while providing the final clinical sign-off that ensures patient safety.
Currently, only a handful of states have granted anything resembling full practice authority. That leaves the rest of the country where the "access problem" is being solved by experimental bots instead of proven professionals.
My take: the market vs. the bot
I’m not saying we should ban AI. I think there’s a happy medium where AI sits in a pharmacist’s pocket to double-check research in seconds. But we should let the free market decide: Do you want your primary care from a bot that can be hacked by a tech team in New Zealand, or from the pharmacist down the street who knows your history?
This hack isn't just a tech failure; it’s a reminder that pharmacists can do this better.
Take action: contact your state board
We need to move the needle on this, state by state. If you’re lucky enough to practice in a state that already has some form of full practice authority—like Idaho, Colorado, Montana, Indiana, Iowa and others trialing or implementing some form of standard of care for pharmacists—your voice is more important than ever. Reach out to your state’s Board of Pharmacy not just to ask for progress, but to provide them with any on-the-ground success stories they need to defend and expand these rules.
For everyone else, it’s time to remind our regulators that we are the safe, human solution to the access crisis that AI simply cannot solve. Ask them where they stand on Full Practice Authority and use the Utah hack as the reason why.
To make it easy, I’ve provided a template below. ☺️
Advocacy template: email your state board
Note: If your state already has full practice authority, swap the request for an "update" with a "thank you" and a brief example of how you or another pharmacist or pharmacy has used their authority to help a patient safely.
To: [Find your Board's email address below]
Subject: Urgent Inquiry: Full Practice Authority and Public Safety (Re: Doctronic Incident)
Dear Members of the Board,
I am writing to you today as a [pharmacist/concerned healthcare professional] regarding the recent security breach of the Doctronic AI pilot in Utah. As reported by the security firm Mindgard, this "AI doctor" was easily manipulated into providing dangerous, non-medical instructions, bypassing critical safety protocols.
This incident is a signal event that highlights the danger of relying on automated systems to fill gaps in primary care access. We have a more reliable, "unhackable" solution already integrated into our communities: the licensed pharmacist.
I am requesting an update on the Board’s current position and legislative agenda regarding Full Practice Authority for Pharmacists. In light of the vulnerabilities exposed in AI-driven care, what steps is the Board taking to empower pharmacists to provide the clinical services—such as chronic medication reauthorization and health screenings—that our patients desperately need?
Pharmacists provide the essential "human in the loop" that technology lacks. I look forward to hearing how our state plans to lead on this issue.
Sincerely,
[Your Name]
[Your Pharmacy/Organization]
Where to send your email
The National Association of Boards of Pharmacy (NABP) maintains a verified directory of every state board.
👉 Click here to find your state board’s contact information
Select your state from the list to find the direct email for the Executive Director or the general board inquiry inbox.
