The recent breach of the Change Healthcare platform serves as a strong reminder that the healthcare sector remains extremely vulnerable to different types of attacks. In late February, a ransomware gang known as Black Cat claimed responsibility for hacking Change Healthcare, a subsidiary of UnitedHealth Group. The intruders disrupted operations and stole up to four terabytes of data, including personal information, payment details, insurance records, and other sensitive information. It is also reported that a ransom payment of $22 million was made. What is even more concerning is that Change Healthcare is being extorted again by another ransomware group. Incidents such as this jeopardize the survival of countless healthcare providers nationwide due to delays in patient care and delays in making reimbursements. This hack generated massive economic and legal shockwaves across the US healthcare industry, from major industry players to small-town, rural physician practices. In this episode, Amer Deeba, CEO and Co-founder at Normalyze joins me to review the state of cyber security and maturity of the healthcare industry and talk about proactive defense strategies to fortify sensitive healthcare data.

Action Items

• Quantify the value of sensitive data assets and identify the highest risk areas.
• Implement continuous monitoring and controls where sensitive data resides.
• Connect data security priorities to organizational mission and goals to gain leadership buy-in.
• Innovate solutions focused on data visibility, classification, access controls, and continuous auditing.

Time Stamps



00:02 -- Introduction

03:18 -- Guest's Professional Highlights

04:19 -- State of Cybersecurity Maturity in the Healthcare Industry

9:01 -- Consequences of healthcare data leak

10:54 -- Challenges of securing healthcare data

12:03 -- Practical strategies for securing healthcare data

18:07 -- A proactive approach to securing healthcare data

21:55 -- Best practices

29:21 -- Making the business case

32:46 -- Closing Thoughts

Memorable Amer Deeba Quotes/Statements

"We're expecting that by 2026, about 175 zettabytes of data will be available across multiple types of cloud environments."

"It all starts by understanding where are your most important and critical assets, where are your crown jewels, and whether you are able to understand at any point in time where this information is, who has access to that information, how can they access that information? Do you have the right controls and mechanisms in place in order to secure it, to understand the value of it for your organization and make sure that it's fortified from such attacks."

"With data exploding and moving everywhere, between environments and between cloud and SaaS applications and on-prem, this is the new frontier for attackers."

"You're not boiling the ocean; you are prioritizing based on where your most sensitive information is, and you are making sure there are no attack paths to this data."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website:

The fast-evolving quantum computing phenomenon represents a paradigm shift in how computers process data. Due to its ability to process vast amounts of data and solve complex problems at an unprecedented speed, quantum computing holds great promise for new material discovery through the simulation of physical systems, portfolio optimization in finance, and more. It also poses a significant threat to cybersecurity, requiring a change in how we encrypt our data. Even though quantum computers don’t technically have the power to break most of the current forms of encryption yet, we need to stay ahead of the threat and come up with quantum-proof solutions now. If we wait until those powerful quantum computers start breaking our encryption, it will be too late. I had the pleasure of discussing the quantum computing phenomenon and its cybersecurity implications with Duncan Jones, Head of Cybersecurity, at Quantinuum. We discussed the potential threats and opportunities of quantum computing for cybersecurity, as well as its potential to revolutionize various industries. We recognized the need for new algorithms resistant to quantum computing, staying ahead of technological innovations, investing in cybersecurity measures, and prioritizing the migration of sensitive data to quantum-resistant algorithms.

Action Items

1. Assess organizational risk exposure from quantum computing threats like "store now decrypt later" attacks.
2. Prioritize migration of sensitive long-term data to quantum-safe encryption.
3. Speak to vendors about their roadmaps for quantum-safe migration.
4. Explore available quantum random number generators and other quantum cybersecurity technologies through pilot programs and starter kits.
5. Choose credible service providers who are partnering with reputed organizations and prove their claims.
6. Raise awareness of quantum computing implications among leadership and get buy-in for piloting relevant quantum cybersecurity technologies.

Time Stamps



00:02 -- Introduction

01:59 -- Guest's Professional Highlights

06:19 -- Overview of Quantum Computing

08:19 -- Commercially Leveraging Quantum Computing

10:51 -- Evolution of Quantum Computing and Cyber Attacks

12:55 -- Recommendations on Leveraging Quantum Computing Benefits and Securing Data from Quantum Computing Enabled Cyber Attacks

17:49 -- Roadmap for Proactive Safeguards

23:34 -- Can quantum computing enabled encryption ensure that even if a human is a victim of a phishing attack, it will be hard to get into systems? Is that a fair aspiration?

26:38 -- What recommendations would you make for organizations who are trying to explore and adopt quantum computing?

29:19 -- Cybersecurity Challenges and Hurdles

32:52 -- Challenges of Quantum-Safe Migration

34:09 -- Cryptographic debt

37:32 -- Final Thoughts

Memorable Duncan Jones Quotes/Statements

"I think of my career as a series of very fortunate accidents, rather than some very carefully planned out thing."

"Quantum computing as a different form of computation, as opposed to necessarily always a better form of computation."

"Leading companies are now starting to engage with quantum computing because they know they have to build the skill sets, they have to develop the intellectual property that will begin to deliver value in the not too distant future."

"Quantum computers are becoming more and more powerful every year."

"We'll actually see Quantum as a as a big benefit for cybersecurity, but we've got some headaches to get through...

In this podcast, I enjoyed talking with Chirag Shah, Model N's Global Information Security Officer and Data Privacy Officer, about creating a security-minded culture. Infusing a security culture within organizations starts with leadership buy-in and support. Chirag highlighted the need for interactive and engaging training programs tailored to specific departments, involving real-world examples and practical scenarios. He stressed the significance of fostering a security mindset among employees through daily reminders and reinforcement and leveraging free or low-cost resources to implement effective security awareness programs. Chirag also emphasized the need for a strategic approach to security and a security-minded culture where employees are empowered and responsible for maintaining a strong security posture.

Action Items

Develop an interactive that delivers bite-sized security awareness content, quizzes, and scores performance.

Organize escape room and security hackathon events as hands-on learning initiatives.

Contextualize training for specific employee roles and responsibilities.

Incorporate security into employees' goals and recognize adherence to policies.

Lead by example and make security part of a company's vision and operations



Time Stamps



00:02 -- Introduction

02:38 -- Guest's Professional Highlights

04:14 -- Why do you emphasize the importance of infusing a culture of security?

06:35 -- How do you create a security-minded culture?

09:42 -- How do organizations create engaging and effective cybersecurity awareness training to develop security-minded cultures and cyber hygiene habits among employees?

15:49 -- Personalizing security

19:49 -- Dealing with common challenges and hurdles associated with creating security-minded cultures.

27:53 -- How do you get top management buy-in?

29:05 -- Creating a culture of accountability

36:35 -- Treating cybersecurity as a strategic enabler

37:57 -- Final Thoughts

Memorable Chirag Shah Quotes/Statements

"Security belongs to everyone, not just the security team. It's about embedding security awareness and responsibilities into the vision, mission, and day-to-day operations of all departments and employees."

"Security should become part of the daily goals for the execution of the business."

"Focus on security awareness training that is engaging, fun, and rewarding for employees, and move beyond annual compliance training to create a continuous security learning culture."

"When anyone asks, how big is your security team, I say about 1300 some people, right, because that's what my company is. All of them are our security team, and they are the security champions, and they helped me manage and drive the security program to the next level."

"What you want to do is implement a phased approach to security awareness training, starting with basic concepts and gradually increasing the complexity of those concepts."

"90% of the employees in US companies use laptops to conduct personal transactions, whether they're paying the credit card bill or they're booking travel tickets, they're all doing it online, and using a company laptop."

"Appoint security champions within different departments to assist in training and awareness."

"The message has to be very simple and to the point, so employees can understand and have an open dialogue."

"Implement pre-and post-training assessments and measure changes in employee knowledge."

"Leaders and managers should lead by...