Banking Information Security Podcast

NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league's use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

While recent draft guidance from the Food and Drug Administration on artificial intelligence-enabled medical devices is non-binding, the document signals that the agency is intensifying its regulatory scrutiny of these technologies, said Dr. Scott Schell of IT consulting firm Cognizant.

As uncertainty mounts about the range of cyber resources the federal government will continue to offer healthcare and other critical infrastructure sectors during the Trump administration, states will need to step up their support, said Mike Hamilton, field CISO of cybersecurity firm Lumifi Cyber.

Artificial intelligence-based tools are among the most promising advancing technologies for healthcare sector organizations to help to address cybersecurity resource shortages, said Chris Tyberg, CISO of medical device and consumer health product manufacturer Abbott.

The use of artificial intelligence is not only reshaping healthcare delivery in the sector but also healthcare cybersecurity within organizations, said Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.

Legacy apps and medical devices continue to pose persistent and considerable risk to healthcare IT environments, and many organizations are still unaware of their prevalence in their settings, said Keith Fricke, partner and principal consultant at tw-Security, who discusses mitigation steps to take.

State privacy laws, such as Washington State's My Health My Data Act, could throw a curve ball in the use of certain consumer information for artificial intelligence and machine learning endeavors, said regulatory attorney Adam Greene of the law firm Davis Wright Tremaine.

Quantum computing could bring the next technology "revolution" in healthcare, but organizations will face critical cybersecurity issues when quantum becomes a reality, said attorney Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

So far, medical devices affected in ransomware attacks have mostly been a casualty of IT networks being taken offline. But the potential nightmare scenario is a targeted device attack in which cybercriminals threaten to kill patients, said Dr. Eric Liederman, CEO of consulting firm CyberSolutionsMD.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The adoption of privacy enhancing technologies, including fully homomorphic encryption, can help secure data as it is collected, integrated and shared for detecting and responding to public health emergencies such as bird flu, said Kurt Rohloff, co-founder and CTO of Duality Technologies.

A proposed state privacy law awaiting the signature of New York State's governor promises to make the processing of and sale of health information by a wide array of organizations much more complicated and restrictive, said regulatory attorney Angie Matney, who explains why.

It's critical for healthcare providers that offer telehealth and remote patient monitoring services to incorporate these systems into their organizational risk programs, including how they plan to address issues such as patch management from afar, said attorney Betsy Hodge of the law firm Akerman.

States will increasingly be stepping up to fill gaps in the healthcare sector with new cyber legislation and requirements as the Trump administration promises to roll back regulations, predicts attorney Amy Magnano of the law firm Morgan Lewis' healthcare practice.

While artificial intelligence platforms and tools promise to offer encouraging potential in healthcare, many are unprepared to deal with the risks these emerging technologies pose - similar to the early days of social media, said Keith Fricke, partner and principal of tw-Security.

With the pace of global change so often creating a sense of accelerating chaos, it's easy to view cyber defenders as firefighters constantly on call. But Black Hat conference founder and creator Jeff Moss warned that "things have been on fire for as long as I can remember."

Under the Trump administration, the proposed update to the HIPAA Security Rule - issued in the final weeks of the Biden administration - is likely to get trimmed but not totally cut, predicts regulatory attorney Sharon Klein of the law firm Blank Rome. What else should the health sector expect?