Info Risk Today Podcast

Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

New York State's stringent new cybersecurity requirements for many hospitals will have a ripple effect, raising the security bar and expectations for healthcare providers across many other states, predicts Chris Stucker, deputy CISO at Wisconsin-based Froedtert ThedaCare Health.

Rural and small community hospitals are continuing to face growing cyber challenges driven by limited and shrinking resources, staffing shortages, and increasingly sophisticated cyber threats, said Jackie Mattingly, senior director at privacy and security consulting firm Clearwater.

While information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply.

Microsegmentation no longer remains a buzzword. In today's threat landscape, organizations are adopting it as a frontline defense against cyberattacks and higher cyber insurance premiums. About 90% of organizations are using some form of segmentation, according to Akamai's 2025 Segmentation Impact Study.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data.

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

New Texas health information legislation that began to go into effect on Sept. 1 includes several noteworthy provisions including requirements related to health record data storage and artificial intelligence, said regulatory attorney Rachel Rose. Rose explains the significance of the new state law.

Default credentials, weak passwords, misconfigurations and a variety of other security shortcomings are exposing millions of medical devices and their data on the internet, said Soufian El Yadmani, CEO and co-founder of Modat, who shared recent research findings.

Recent advisories from U.S. federal authorities on vulnerabilities in certain operational technology devices underscore the potential security risks that many healthcare providers frequently underestimate, said Sila Özeren, a security research engineer at Picus Security.

The use on online tracking tools on the health-related websites and apps of HIPAA and non-HIPAA regulated entities continues to be a lightning rod due to a long list of ongoing data privacy, regulatory and legal concerns, said partner and attorney Elizabeth Hodge of the law firm Akerman.

Why do AI agents require new identity governance approaches and the current controls not enough?

In this 15-minute podcast, identity experts examine key findings from recent industry research on machine identity governance and how you can secure them

Cybercrime gang Scattered Spider is the top suspect in several recent cyberattacks in the U.S. insurance sector, and it's likely that threat actors could still be lurking in other insurers' IT environments, said Peter McMurtrie of consulting firm West Monroe.

Rural hospitals and small medical practices must be creative and open-minded in when it comes locking down their digital footprint, said Jim Roeder, vice president of IT at Lakewood Health System. There's help from the private- and public-sectors and open source tools.

As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP.

The flood of new artificial intelligence tools, including those to help cybersecurity teams, can overwhelm healthcare CISOs and their security staff, fueling "AI fatigue" that in itself can create additional cyber risk, said Drew Henderson and Jon Hilton, practice leaders at consulting firm LBMC.

Smaller and rural hospitals and clinics, as well as federally qualified health centers, are constantly battling cybersecurity resource constraints, and especially serious workforce shortages, said Jennifer Stoll of OCHIN, a nonprofit provider of health IT services and products.

While many of the proposed updates to the HIPAA Security Rule are reasonable expectations, others will be extremely onerous to implement if federal regulators finalize the rule's overhaul as it's written today, said Stephen Goudreault of Gigamon and Samantha Jacques of McLaren Health.