Kevin Tambascio on balancing security with availability of services in healthcare
06/05/24 • 32 min
Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.
In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks.
Listen to hear more about:
- The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
- Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
- Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats
Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.
In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks.
Listen to hear more about:
- The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
- Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
- Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats
Previous Episode
Tennisha Martin on bridging the cyber talent gap through diversity
Cybersecurity organizations tend to have unrealistic hiring expectations, according to Tennisha Martin, founder and executive director of the training-focused nonprofit BlackGirlsHack. That can make it hard for would-be candidates to stand out and contribute to solving urgent cybersecurity challenges.
In the latest episode of WE’RE IN!, Tennisha unpacks the important work of The BlackGirlsHack Foundation, which provides training resources and cybersecurity education to underserved communities. That includes giving Black children avenues to complete cybersecurity certifications and snag their first jobs in the industry.
“Part of the reason why I started BlackGirlsHack was because I was a black girl that was trying to get into cyber security and I was like, hey, I've got a whole bunch of degrees and years of experience and certifications, and if I'm having a hard time, I know that the people who are fresh out of high school, for example, may be having a hard time as well,” she said.
Listen to hear more about:
- How recently reported corporate cutbacks in DEI initiatives are impacting the work of organizations like BlackGirlsHack
- How Tennisha came to be nicknamed “mother of hackers”
- Why gamifying cybersecurity can be key to building the next generation of cyber talent
Next Episode
Ads Dawson on developing the OWASP Top 10 for Large Language Models
Ads Dawson, release lead and founding member for the Open Web Application Security Project (OWASP) Top 10 for Large Language Model Applications project, has no shortage of opinions on securing generative artificial intelligence (GenAI) and LLMs. With rapid adoption across the tech industry, GenAI and LLMs are dominating the conversation in the infosec community. But Ads says the security approach is similar to other attack vectors like APIs. First, you need to understand the context of AI-related vulnerabilities and how an attacker might approach hacking a particular AI model.
In the latest episode of WE’RE IN!, Ads talks about including threat modeling from the design phase when integrating GenAI into applications, and how he uses AI in his red teaming and application security work.
Listen to hear more about:
The misuse of AI, such as creating deep fakes for financial gain or manipulating powerful systems like the stock market
The role of governments in securing the AI space and the concept of “safe” AI
How the infosec community can contribute to OWASP frameworks
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/were-in-511070/kevin-tambascio-on-balancing-security-with-availability-of-services-in-66939804"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to kevin tambascio on balancing security with availability of services in healthcare on goodpods" style="width: 225px" /> </a>
Copy