Why Healthcare Needs Cyber Resilience, Not Just Cybersecurity

Security vs. Convenience: Can Healthcare Have Both?

Workforce security in healthcare is no longer just about compliance—it’s about creating a seamless, secure digital experience for employees and patients.  In this episode, host Sandy Vance chats with Chandramouli Dorai [https://www.linkedin.com/in/chandramoulidorai?originalSubdomain=in], Chief Evangelist - Cybersecurity Solutions and Digital Signatures at Zoho.com [http://zoho.com]. Today, they will explore how password management, secure browsers, multi-factor authentication (MFA), identity and access management (IAM), and identity verification in document signing all come together to build a zero-trust, future-ready healthcare workforce.  Healthcare organizations are under constant pressure to strengthen cybersecurity without slowing down clinicians and staff.  In this episode, they talk about: * Healthcare organizations face a constant challenge in balancing strong cybersecurity protections with the need for convenience and productivity. * Weak and reused passwords remain one of the most common vulnerabilities across organizations, despite years of awareness efforts. * The 2024 Change Healthcare cyberattack demonstrated how a single account without multi-factor authentication can lead to massive data breaches and operational disruption. * Employees often disable or avoid MFA because they perceive it as adding friction to their daily workflows. * Modern authentication strategies must tightly integrate password management, single sign-on, and MFA to reduce friction while improving security. * Passwordless authentication methods such as passkeys, Face ID, and Touch ID are helping organizations improve both security and user experience. * Organizations adopting passwordless authentication are seeing measurable reductions in login time and increased user adoption. * Identity and access management platforms can enforce role-based and time-based access controls to reduce unnecessary exposure to sensitive systems. * AI-powered behavioral analytics can detect suspicious login activity and help organizations respond more quickly to threats. * Secure onboarding and offboarding processes are critical for protecting healthcare data and preventing unauthorized access. * Many healthcare organizations still operate in complex legacy environments, making interoperability and integration essential for workforce security solutions. * CIOs should approach AI adoption strategically by first understanding their current environment, educating users, and implementing changes in phases. A Little About Mouli: Chandramouli Dorai (Mouli) is the chief evangelist for cybersecurity solutions and digital signatures at Zoho Corporation. Mouli brings over 12 years of experience leading marketing and product strategy at Zoho. He carries an active interest in topics like workforce productivity, security, trust, and compliance, often sharing his thoughts and expertise on social media platforms like X and LinkedIn.  “The greatest example is the 2024 Change Healthcare breach, which happened because of one compromised account. That one account lacked multi-factor authentication, which was a loose end, and the attacker was able to get into the network and get away with millions of confidential records. The major problem is the trade-off between security and convenience.”

Rethinking Network Defense in Healthcare

Cybersecurity in healthcare isn’t just about keeping attackers out anymore. It’s about what happens after they get in. In this episode, Chris Boehm [https://www.linkedin.com/in/chrisboehmii/], Field CTO of Zero Networks [https://zeronetworks.com/], breaks down how organizations can move toward “Zero Trust” without disrupting clinical operations. From legacy systems and third-party access to the growing risks of AI, Chris shares how visibility, identity-based segmentation, and smarter automation are helping healthcare organizations stay secure while keeping care moving.  As healthcare organizations struggle to secure complex environments and protect sensitive patient data, it’s time to prioritize resilience over reactive strategies. Learn how healthcare teams can proactively reduce attack surfaces and build self-defending networks that keep critical operations running – even during active cyber incidents.  In this episode, they talk about: * Traditional perimeter-based security is no longer enough to protect healthcare organizations from modern cyber threats. * The industry is shifting from a focus on preventing breaches to a focus on containing them once they occur. * “Zero Trust” in practice means continuously verifying identity and controlling access rather than assuming anyone inside the network is safe. * Identity-based segmentation plays a critical role in reducing risk without disrupting day-to-day workflows. * Healthcare organizations face a unique challenge in balancing strong security measures with the need to maintain seamless clinical operations. * Most organizations achieve partial network segmentation, which leaves gaps that attackers can exploit. * Solutions like those from Zero Networks enable full segmentation while still allowing normal business and clinical activities to continue. * AI tools introduce new risks by potentially accessing more data than intended, especially without proper oversight. * A lack of visibility into network activity remains one of the biggest gaps in modern cybersecurity strategies. * Organizations must begin preparing now for upcoming regulatory changes, including evolving HIPAA requirements. * Real-world challenges such as workforce turnover and limited IT resources make implementing and maintaining security even more complex. A Little About Chris: Chris is the Field Chief Technology Officer at Zero Networks, leading security strategy and revenue alignment globally. He drives enterprise growth by connecting customer realities to product, go-to-market, and executive decision-making across complex, high-value enterprise pursuits. Specialize in Zero Trust architecture, identity-based microsegmentation, and lateral movement prevention—helping organizations reduce risk while enabling scale and operational resilience. He’s also held leadership roles at SentinelOne during its post-IPO growth to ~$800M ARR and at Microsoft, contributing to the early adoption and enterprise scaling of security platforms such as Azure Sentinel. Not to mention, Chris has advised CISOs and executive teams on security strategy, risk, and transformation—translating complex challenges into measurable business outcomes.

Compliance Isn’t Security: The Biggest Cybersecurity Myth in Healthcare (HITRUST Explained)

In this episode of the Cybersecurity at Vibe series on The Beat Podcast, host Sandy Vance sits down with Shreesh Bhattarai [https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/], Director of HITRUST at A-LIGN [https://www.a-lign.com/], for a candid and practical conversation about one of the most misunderstood topics in healthcare cybersecurity. With nearly a decade of experience building one of the highest-volume HITRUST assessment practices in the market, Shreesh breaks down the difference between checking a compliance box and actually being secure, walks through the three levels of HITRUST certification, and shares what organizations need to do right now to prepare for an AI-driven future. Whether you are just starting your compliance journey or managing nine certifications with a team of five, this episode has something for you. In this episode, they talk about: * Compliance is the baseline, not the finish line, and treating it as a once-a-year exercise is a serious mistake * The biggest risk in compliance is not failing the audit, but passing it while still being insecure * HITRUST has three certification levels: E1 (crawl), I1 (walk), and R2 (marathon) * Organizations should choose the certification that matches their risk profile, not just go for the biggest one * The best audits are boring because everything is already embedded in day-to-day operations * HITRUST's "audit once, report multiple times" approach eliminates duplicative work across frameworks * AI governance plans are no longer optional; shadow AI is a real and growing risk * HITRUST now offers an AI cybersecurity assessment to help organizations put guardrails around AI use A Little About Shreesh: Shreesh Bhattarai is Director and HITRUST Practice Lead at A-LIGN, where he works at the intersection of cybersecurity assurance, regulatory pressure, and business growth. Since 2017, he has led more than 500 HITRUST certifications and assessments across healthcare, digital health, and high-growth technology organizations. Shreesh partners directly with CEOs, CISOs, and executive teams navigating increasing scrutiny from regulators, customers, and third parties. He is known for challenging the “check-the-box” compliance mindset and reframing HITRUST as a strategic trust mechanism — one that strengthens security posture, accelerates enterprise sales, and reduces third-party risk friction. He leads a national team of security professionals within A-LIGN’s HITRUST practice and regularly speaks on the evolution of compliance in healthcare at forums including ViVE, Health and HITRUST Collaborate. Prior to A-LIGN, he was part of the audit practice at Ernst & Young, focusing on SOX 404 and SOC engagements.

Why Healthcare Organizations Are Losing the Cyber War (and How to Fight Back)

In this episode, host Sandy Vance sits down with Gary Salman [http://linkedin.com/in/garysalman], CEO and co-founder of Black Talon Security [https://www.blacktalonsecurity.com/], for a passionate and informative conversation about the growing ransomware crisis in healthcare. With over 30 years in health tech and a background as a part-time law enforcement captain, Gary brings a unique perspective to cybersecurity. He draws parallels between street-level crime and digital attacks.  Whether you lead a large hospital system or a small specialty practice, this episode is packed with practical insights on how to assess your cyber risk, respond to an active breach, and build a culture of leadership accountability before disaster strikes. In this episode, they talk about: * About 90% of breached healthcare organizations end up paying the ransom * Small practices are just as targeted as large health systems, especially those with strong insurance policies * Lack of visibility across the full attack surface is the most common security blind spot * Continuous Threat Exposure Management (CTEM) is replacing outdated point-in-time assessments * Known Exploitable Vulnerabilities (KEVs) are a primary attacker entry point, yet most orgs patch them too slowly * AI is helping hackers build malicious tools faster and with less technical skill * During a breach, deciding how quickly to shut down the network is the most critical early call * Most IT providers never deliver a documented risk report to leadership, leaving executives in the dark * Gary's cyber risk grading tool gives non-technical leaders a real-time security score per facility * Documented, improving risk scores can reduce regulatory penalties after a breach * Most ransomware attacks are preventable with proper patching, configuration, and monitoring A Little About Gary: Gary Salman is the CEO and Co-Founder of Black Talon Security, a leading innovator in cybersecurity solutions for healthcare. With an impressive 32-year career in healthcare technology, Gary is both a seasoned security expert and visionary. In the late 1990s, he developed one of the earliest cloud-based dental practice management systems that was acquired by a publicly traded company in 2002. Gary also has a unique background, as he is still actively involved in law enforcement as a Deputy Sheriff. Under his leadership, Black Talon monitors and secures approximately 65,000 devices worldwide. The company provides cybersecurity services to a wide range of clients, from small practices to some of the largest healthcare organizations in the United States, including many of the top 20 Dental Service Organizations (DSOs). As a respected authority in his field, Gary is a frequent lecturer at major national dental association meetings. Black Talon's services are endorsed by numerous state and national associations, affirming his expertise and influence. His work has been highlighted in over 100 prestigious dental and medical publications, reinforcing his status as a thought leader in healthcare cybersecurity. Gary has also trained tens of thousands of healthcare professionals on best practices for securing their practices and clinics. Beyond preventative measures, Black Talon also specializes in cyberattack remediation, successfully guiding hundreds of healthcare organizations through recovery from security breaches. Their expertise is often enlisted by leading law firms and cyber insurance carriers, underscoring their prominence in the field.

Why Healthcare Needs Cyber Resilience, Not Just Cybersecurity

In this episode of the Cybersecurity at ViVE series on The Beat Podcast, host Sandy Vance sits down with Chad Alessi [https://www.linkedin.com/in/chadalessi/], Managing Director of Cybersecurity at CTG [https://www.ctg.com/], for a wide-ranging conversation about what it really takes to protect healthcare organizations in today's threat landscape. With a background spanning chemical engineering, the U.S. Marines, energy sector Operational Technology security, and IT consulting, Chad brings a unique cross-industry perspective to healthcare cybersecurity. From the difference between cybersecurity and cyber resilience to the rise of AI-powered attacks, this episode is packed with practical insights for healthcare leaders who want to stay ahead of what is coming. In this episode, they talk about how: * Cyber resilience focuses on operational continuity when an attack happens, not just prevention * Breaches resolved within 200 days can save organizations over $1 million * Bad actors often sit idle inside networks for months, collecting data before launching an attack * Baseline requirements are identity-first security, including multi-factor authentication (MFA) and privileged access management * Human-only Security Operations Center (SOC) models are too slow to keep up with today's automated, AI-powered attacks * CTG uses Microsoft's Unified Security Operations (SecOps) platform to eliminate tool sprawl and improve response time * Zero-trust architecture is expanding from department-level to enterprise-wide in healthcare * New HIPAA regulations now require provable network segmentation for legacy medical devices * AI-assisted security operations will continue to grow in the next few years A Little About Chad: As CTG's Managing Director of Cybersecurity, Chad Alessi leverages decades of experience in technology, cybersecurity, and operational strategy across enterprise and mid-market sectors to meet the evolving cybersecurity needs of clients in the U.S. During his time in IT consulting, Chad was instrumental in driving IT transformation in the company's regulated pipeline and gas processing business units. He holds a BS in Chemical Engineering, an MBA from the University of Alabama, an MS in Information Systems with a concentration in Information Security from Syracuse University, and post-graduate certifications in leadership, full stack development, cybersecurity, and cloud computing. Chad is known for his strong work ethic, integrity, resourcefulness, and service-based leadership, which he attributes to his time in the U.S. Marine Corps.