Close Menu

    Subscribe to Updates

    Get the latest creative news from Healthradar about News,Health and Gadgets.

    Bitte aktiviere JavaScript in deinem Browser, um dieses Formular fertigzustellen.
    Wird geladen
    What's Hot

    What CISOs Must Get Right

    13. Juli 2026

    Less is more with the Oura Ring 5

    12. Juli 2026

    Your smartwatch is an unlikely festival essential, from paying without digging out your phone to finding your way back to your tent — here are 5 key settings to enable

    11. Juli 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram Pinterest Vimeo
    healthradar.nethealthradar.net
    • Home
    • Ai
    • Gadgets
    • Health
    • News
    • Contact Us
    Contact
    healthradar.nethealthradar.net
    Home»News»What CISOs Must Get Right
    News

    What CISOs Must Get Right

    HealthradarBy Healthradar13. Juli 2026Keine Kommentare6 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    What CISOs Must Get Right
    Share
    Facebook Twitter LinkedIn Pinterest Email


    What CISOs Must Get Right
     Chris Bevil, Principal, Global Cyber Resilience & AI, Commvault

    Healthcare remained one of the most targeted sectors for ransomware in 2025, accounting for 22% of disclosed attacks in one widely cited industry analysis.  More broadly, 93% of healthcare organizations reported at least one cyberattack in the past 12 months.  As of the end of 2025, at least 642 large healthcare breaches had been reported, affecting nearly 57 million individuals. 

    But the implications for the healthcare industry extends beyond traditional cybersecurity and data risk. First and foremost, healthcare is a patient safety environment. This means that AI security failures can become care-delivery failures, not just privacy incidents 

    As risks continue to become more frequent and consequential, generative AI (GenAI) is reshaping both the threat landscape and the operating model in healthcare. This powerful technology makes it faster, cheaper, and easier to launch sophisticated cyberattacks, such as by leveraging “vibe coding.” GenAI also allows for well-meaning employees to expose sensitive data to unsanctioned tools. In healthcare, the first AI problem is often not a malicious model attack, it is uncontrolled use of AI with PHI, clinical content, credentials, or internal workflows. 

    In light of these rapidly growing threats, healthcare organizations can no longer rely on preventing every breach. Instead, they must assume compromise and focus on resilience, maintaining safe operations and recovery with confidence. 

    The Reality of Modern Threats and Why Gen AI Changes Everything 

    The pace of innovation of GenAI is staggering. Everyday there seems to be a new innovation, which has accelerated with the rise of AI agents. Often, GenAI tools have low price points or are open source. With this democratization comes the ability to develop more sophisticated methods for using GenAI to enhance phishing, impersonation, malware development, reconnaissance, and social engineering. 

    Of course, the number one vector remains human error. This risk is amplified by AI-generated content and AI-assisted workflows. They make attacks more convincing and easier to execute. 

    GenAI risks in healthcare span multiple layers. Data leakage (PHI exposure), prompt injection and model manipulation, and integration risk across clinical and operational systems are all key concerns. There is also an expanded attack surface from copilots and agents, as well as identity and authorization drift when AI tools are connected to EHRs, collaboration tools, knowledge bases, and ticketing systems. 

    Beyond this, organizations must consider third-party and supply-chain risk from foundation model providers, AI plugins, model gateways, and embedded AI in SaaS platforms, along with insecure retrieval pipelines and retrieval-augmented generation (RAG) connectors that expose sensitive data. Furthermore, there is AI-generated output risk, including hallucinations. Then there are model and data provenance risks, in which organizations may not know what model they are using, what data it was trained on, or how outputs are being logged. 

    This is why it’s important to do the following with the adoption of GenAI: 

    • Full inventory of AI systems, models, agents, data sources, and connectors. 
    • Risk-tiering based on use case, data sensitivity, and level of autonomy. 
    • Human-in-the-loop requirements for higher-risk use cases. 
    • Logging of prompts, output, tool use, data access, and administrative changes. 
    • Vendor due diligence for model providers and AI-enabled software. 

    The New Mandate for CISOs: From Security to Resilience 

    For healthcare CISOs, AI security is now part of operational resilience. The question is no longer “Are we using AI?” Rather, it’s about, “Where is AI making decisions, summarizing information, triggering actions, or touching regulated data, and can we govern and recover those workflows safely?” 

    As for boards, they are asking another set of questions: 

    • “How fast can we recover?” 
    • “How do we maintain minimum viable operations if core clinical, administrative, identity, or AI-enabled workflows are degraded?” 

    What all these changes point to is a fundamental rethinking of cybersecurity. Again, it has become a patient safety issue. Ransomware and major cyber disruptions in healthcare are increasingly associated with patient care delays, diversions, and worsened outcomes. For example, a recent economics paper reports a 34–38% increase for patients already admitted when an attack begins. Other research shows that in-hospital mortality increased materially during ransomware incidents at attacked hospitals. 

    For CISOs, they must be able to explain AI risk in business terms: patient safety, downtime, trust, legal exposure, and recoverability. They must also be able to show the board where AI is being used, who owns it, how it is controlled, and how it will be operated during a cyber event 

    Compliance as a Resilience Enabler, Not a Checkbox 

    For AI risks in healthcare, HIPAA includes important updates, which are called the HIPAA Security Rule (proposed in December 2024). But for many organizations, there are other regulations that are becoming critical: 

    • HHS guidance on Security Rule implementations and cybersecurity expectations 
    • HITRUST 
    • PCI DSS for payment environments 
    • FDA expectations for AI/ML-enabled medical devices and medical device cybersecurity, where applicable 

    These reflect a major regulatory shift. There is more emphasis on faster reporting, including CIRCIA’s proposed requirement for covered entities to report covered cyber incidents within 72 hours and ransom payments within 24 hours. 

    As a result, healthcare organizations need to separate what is currently proposed, what is already in force, and what their state, contractual, payer, and partner obligations require. For example, the proposed HIPAA Security Rule would require written procedures to restore certain relevant systems and data within 72 hours. 

    This shift highlights that recovery speed and restoration prioritization are becoming explicit governance expectations, not just internal goals. Yet it is important to keep in mind that compliance is a point-in-time snapshot, which can change instantly. This underscores the need for continuous resilience. 

    With compliance frameworks, an organization will also be able to: 

    • Justify investments in resilience. 
    • Drive testing of systems. 
    • Build repeatable resilience processes. 

    Of course, compliance will not secure GenAI by itself. But CISOs should use compliance to force discipline around AI inventory, risk classification, data handling, human oversight, logging, vendor review, and recovery testing. 

    The winners of GenAI will not be those that adopt this technology the fastest – with insufficient controls.  Instead, success will require organizations to adopt clear governance, strong boundaries, continuous oversight and proven recovery.  

    The CISO’s role is to make sure that adoption happens safely, responsibly, and in a way that protects care delivery when something goes wrong. 


    About Chris Bevil

    Chris Bevil, a seasoned cybersecurity and compliance expert and former CISO, currently serves as principal, global cyber resilience & AI at Commvault. With a proven track record as a cybersecurity and compliance consultant, Chris has guided organizations through incident response, disaster recovery, and business continuity planning, helping them build robust cyber recovery strategies to mitigate potential threats. He transforms complex cybersecurity topics into practical, relatable insights, combining deep expertise with a passion for storytelling to connect with audiences and empower them to tackle today’s toughest challenges.



    Source link

    Artificial Intelligence CISOs
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleLess is more with the Oura Ring 5
    ekass777x
    Healthradar
    • Website

    Related Posts

    News

    Illumina builds out C-suite with 2 new execs

    10. Juli 2026
    News

    What Produce Longevity Can Teach Us About Personalized Health Care

    10. Juli 2026
    News

    AccurKardia and Wellysis Form Multi-Year Strategic Partnership to Deliver End-to-End Cardiac Monitoring

    10. Juli 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    Marvel’s Dyasonic: A Superhero Powered by Sound—and Diabetes Tech

    13. Juni 2025438 Views

    Tombot Secures $6.1M to Bring Lifelike Robotic Puppy to Seniors with Dementia –

    19. Juni 2025390 Views

    Luna ring review | TechRadar

    26. Dezember 2025154 Views

    Hims & Hers Acquires Australian Digital Health Eucalyptus for Up to $1.15B

    20. Februar 2026151 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Bitte aktiviere JavaScript in deinem Browser, um dieses Formular fertigzustellen.
    Wird geladen
    About Us

    Welcome to HealthRadar.net — your trusted destination for discovering the latest innovations in digital health. We are dedicated to connecting individuals, healthcare professionals, and organizations with cutting-edge tools, applications

    Most Popular

    Marvel’s Dyasonic: A Superhero Powered by Sound—and Diabetes Tech

    13. Juni 2025438 Views

    Tombot Secures $6.1M to Bring Lifelike Robotic Puppy to Seniors with Dementia –

    19. Juni 2025390 Views
    USEFULL LINK
    • About Us
    • Contact Us
    • Disclaimer
    • Privacy Policy
    QUICK LINKS
    • Ai
    • Gadgets
    • Health
    • News
    • About Us
    • Contact Us
    • Disclaimer
    • Privacy Policy
    Copyright© 2025 Healthradar All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.