Data Breach Today Podcast

In this episode of "Cybersecurity Insights," Eyal Fisher discussed Sweet Security's Cloud Runtime Security Suite, which helps CISOS and security teams defend against all stages of a cyberattack by gathering data, generating insights, baselining the normal environment and looking for deviations.

A directory service should be a "source of truth," said Justin Kohler, vice president of products at Spector Ops. But when users are overprivileged or misconfigurations occur, that creates attack hubs. Kohler discusses BloodHound, a solution he says is like Google Maps for Active Directory.

President Joe Biden's recent executive order for artificial intelligence encourages investment in AI while setting a vision for a regulatory framework to address issues involving AI technology safety, bias and other concerns in healthcare, said attorney Wendell Bartnick of the law firm Reed Smith.

Despite the high frequency of major health data breaches involving vendors, many healthcare sector entities remain lax in their approach to manage and reduce third-party security risk, said Glen Braden, CIO and principal of compliance auditing firm Attest Health Care Advisors.

AI is being used "by everyone" these days, including by malicious nation-state actors, and that is raising the level of threats and risks facing hospitals and other healthcare entities, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.

Exciting advancements in medicine through the use of AI are already happening, and many more are in the pipeline. But they need to be approached carefully and vetted properly for risk, said Dr. Eric Liederman, medical informatics and national privacy and security leader at Kaiser Permanente.

Regulating AI is "like regulating Jell-O," said Massachusetts risk counsel Jenny Hedderman, but states are looking at regulating "areas of harm" rather than AI as a whole. In this episode of "Cybersecurity Insights," Hedderman discusses privacy, third-party vendor risk, and lawyers' use of AI.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," former Uber CSO Joe Sullivan discusses the Uber trial and offers guidance to future CISOs. Was the Uber case a data breach or not. Sullivan explained why that making that distinction can be complicated.

Stolen and compromised credentials continue to be the crux of major health data security incidents involving cloud environments. But stronger credential management practices and a focused approach to "least privilege engineering" would help, said Taylor Lehmann of Google Cloud.

In this episode of CyberEd.io's podcast series "Cybersecurity Unplugged," Alex Zeltcer of nSure.ai discusses how fraudsters access your payment information, how industrialized payment fraud attacks operate, and how nSure.ai uses discriminative AI to identify these attacks and cut their scale.

Visibility, consistency, efficiency - are goals every security leader strives to achieve across cloud environments, and remains one of the key digital transformation challenges. Cisco's Sean Baze talks about how to overcome this challenge and discover new efficiencies through a data-driven approach.

Not so long ago, security organizations rallied behind "best of breed" security solutions. But now, trying to reduce tech debt, rationalize tools and consolidate vendors, there is a push for the platform approach. Cisco's Amilcar Alfaro talks about how to tap into the platform advantage.

The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.

Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.

The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.

Eric Eddy, principal technical marketing engineer at Cisco, discusses critical aspects of user-centric security. From alleviating the security burden on users to the role of zero trust in granting access, Eric provides actionable insights for achieving a seamless and robust security posture.

Medical device makers in their premarket submissions to the Food and Drug Administration under the agency's new refuse to accept policy for cybersecurity should pay close attention to details such as a product's software bill of materials and vulnerability management, said Jessica Wilkerson of FDA.

It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.

In this episode of CyberEd.io's podcast series, "Cybersecurity Insights," Daniel DeSantis, director of CISO Advisory at Cisco, and Pam Lindemoen, CISO adviser at Cisco, discuss how generative AI will change and elevate the role of the CISO as well as what the future holds for network security.

Any healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Office for Civil Rights.