Cybersecurity at ViVE Podcast

Rethinking Network Defense in Healthcare

Cybersecurity in healthcare isn’t just about keeping attackers out anymore. It’s about what happens after they get in. In this episode, Chris Boehm [https://www.linkedin.com/in/chrisboehmii/], Field CTO of Zero Networks [https://zeronetworks.com/], breaks down how organizations can move toward “Zero Trust” without disrupting clinical operations. From legacy systems and third-party access to the growing risks of AI, Chris shares how visibility, identity-based segmentation, and smarter automation are helping healthcare organizations stay secure while keeping care moving.  As healthcare organizations struggle to secure complex environments and protect sensitive patient data, it’s time to prioritize resilience over reactive strategies. Learn how healthcare teams can proactively reduce attack surfaces and build self-defending networks that keep critical operations running – even during active cyber incidents.  In this episode, they talk about: * Traditional perimeter-based security is no longer enough to protect healthcare organizations from modern cyber threats. * The industry is shifting from a focus on preventing breaches to a focus on containing them once they occur. * “Zero Trust” in practice means continuously verifying identity and controlling access rather than assuming anyone inside the network is safe. * Identity-based segmentation plays a critical role in reducing risk without disrupting day-to-day workflows. * Healthcare organizations face a unique challenge in balancing strong security measures with the need to maintain seamless clinical operations. * Most organizations achieve partial network segmentation, which leaves gaps that attackers can exploit. * Solutions like those from Zero Networks enable full segmentation while still allowing normal business and clinical activities to continue. * AI tools introduce new risks by potentially accessing more data than intended, especially without proper oversight. * A lack of visibility into network activity remains one of the biggest gaps in modern cybersecurity strategies. * Organizations must begin preparing now for upcoming regulatory changes, including evolving HIPAA requirements. * Real-world challenges such as workforce turnover and limited IT resources make implementing and maintaining security even more complex. A Little About Chris: Chris is the Field Chief Technology Officer at Zero Networks, leading security strategy and revenue alignment globally. He drives enterprise growth by connecting customer realities to product, go-to-market, and executive decision-making across complex, high-value enterprise pursuits. Specialize in Zero Trust architecture, identity-based microsegmentation, and lateral movement prevention—helping organizations reduce risk while enabling scale and operational resilience. He’s also held leadership roles at SentinelOne during its post-IPO growth to ~$800M ARR and at Microsoft, contributing to the early adoption and enterprise scaling of security platforms such as Azure Sentinel. Not to mention, Chris has advised CISOs and executive teams on security strategy, risk, and transformation—translating complex challenges into measurable business outcomes.

Compliance Isn’t Security: The Biggest Cybersecurity Myth in Healthcare (HITRUST Explained)

In this episode of the Cybersecurity at Vibe series on The Beat Podcast, host Sandy Vance sits down with Shreesh Bhattarai [https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/], Director of HITRUST at A-LIGN [https://www.a-lign.com/], for a candid and practical conversation about one of the most misunderstood topics in healthcare cybersecurity. With nearly a decade of experience building one of the highest-volume HITRUST assessment practices in the market, Shreesh breaks down the difference between checking a compliance box and actually being secure, walks through the three levels of HITRUST certification, and shares what organizations need to do right now to prepare for an AI-driven future. Whether you are just starting your compliance journey or managing nine certifications with a team of five, this episode has something for you. In this episode, they talk about: * Compliance is the baseline, not the finish line, and treating it as a once-a-year exercise is a serious mistake * The biggest risk in compliance is not failing the audit, but passing it while still being insecure * HITRUST has three certification levels: E1 (crawl), I1 (walk), and R2 (marathon) * Organizations should choose the certification that matches their risk profile, not just go for the biggest one * The best audits are boring because everything is already embedded in day-to-day operations * HITRUST's "audit once, report multiple times" approach eliminates duplicative work across frameworks * AI governance plans are no longer optional; shadow AI is a real and growing risk * HITRUST now offers an AI cybersecurity assessment to help organizations put guardrails around AI use A Little About Shreesh: Shreesh Bhattarai is Director and HITRUST Practice Lead at A-LIGN, where he works at the intersection of cybersecurity assurance, regulatory pressure, and business growth. Since 2017, he has led more than 500 HITRUST certifications and assessments across healthcare, digital health, and high-growth technology organizations. Shreesh partners directly with CEOs, CISOs, and executive teams navigating increasing scrutiny from regulators, customers, and third parties. He is known for challenging the “check-the-box” compliance mindset and reframing HITRUST as a strategic trust mechanism — one that strengthens security posture, accelerates enterprise sales, and reduces third-party risk friction. He leads a national team of security professionals within A-LIGN’s HITRUST practice and regularly speaks on the evolution of compliance in healthcare at forums including ViVE, Health and HITRUST Collaborate. Prior to A-LIGN, he was part of the audit practice at Ernst & Young, focusing on SOX 404 and SOC engagements.

Why Healthcare Organizations Are Losing the Cyber War (and How to Fight Back)

In this episode, host Sandy Vance sits down with Gary Salman [http://linkedin.com/in/garysalman], CEO and co-founder of Black Talon Security [https://www.blacktalonsecurity.com/], for a passionate and informative conversation about the growing ransomware crisis in healthcare. With over 30 years in health tech and a background as a part-time law enforcement captain, Gary brings a unique perspective to cybersecurity. He draws parallels between street-level crime and digital attacks.  Whether you lead a large hospital system or a small specialty practice, this episode is packed with practical insights on how to assess your cyber risk, respond to an active breach, and build a culture of leadership accountability before disaster strikes. In this episode, they talk about: * About 90% of breached healthcare organizations end up paying the ransom * Small practices are just as targeted as large health systems, especially those with strong insurance policies * Lack of visibility across the full attack surface is the most common security blind spot * Continuous Threat Exposure Management (CTEM) is replacing outdated point-in-time assessments * Known Exploitable Vulnerabilities (KEVs) are a primary attacker entry point, yet most orgs patch them too slowly * AI is helping hackers build malicious tools faster and with less technical skill * During a breach, deciding how quickly to shut down the network is the most critical early call * Most IT providers never deliver a documented risk report to leadership, leaving executives in the dark * Gary's cyber risk grading tool gives non-technical leaders a real-time security score per facility * Documented, improving risk scores can reduce regulatory penalties after a breach * Most ransomware attacks are preventable with proper patching, configuration, and monitoring A Little About Gary: Gary Salman is the CEO and Co-Founder of Black Talon Security, a leading innovator in cybersecurity solutions for healthcare. With an impressive 32-year career in healthcare technology, Gary is both a seasoned security expert and visionary. In the late 1990s, he developed one of the earliest cloud-based dental practice management systems that was acquired by a publicly traded company in 2002. Gary also has a unique background, as he is still actively involved in law enforcement as a Deputy Sheriff. Under his leadership, Black Talon monitors and secures approximately 65,000 devices worldwide. The company provides cybersecurity services to a wide range of clients, from small practices to some of the largest healthcare organizations in the United States, including many of the top 20 Dental Service Organizations (DSOs). As a respected authority in his field, Gary is a frequent lecturer at major national dental association meetings. Black Talon's services are endorsed by numerous state and national associations, affirming his expertise and influence. His work has been highlighted in over 100 prestigious dental and medical publications, reinforcing his status as a thought leader in healthcare cybersecurity. Gary has also trained tens of thousands of healthcare professionals on best practices for securing their practices and clinics. Beyond preventative measures, Black Talon also specializes in cyberattack remediation, successfully guiding hundreds of healthcare organizations through recovery from security breaches. Their expertise is often enlisted by leading law firms and cyber insurance carriers, underscoring their prominence in the field.

Why Healthcare Needs Cyber Resilience, Not Just Cybersecurity

In this episode of the Cybersecurity at ViVE series on The Beat Podcast, host Sandy Vance sits down with Chad Alessi [https://www.linkedin.com/in/chadalessi/], Managing Director of Cybersecurity at CTG [https://www.ctg.com/], for a wide-ranging conversation about what it really takes to protect healthcare organizations in today's threat landscape. With a background spanning chemical engineering, the U.S. Marines, energy sector Operational Technology security, and IT consulting, Chad brings a unique cross-industry perspective to healthcare cybersecurity. From the difference between cybersecurity and cyber resilience to the rise of AI-powered attacks, this episode is packed with practical insights for healthcare leaders who want to stay ahead of what is coming. In this episode, they talk about how: * Cyber resilience focuses on operational continuity when an attack happens, not just prevention * Breaches resolved within 200 days can save organizations over $1 million * Bad actors often sit idle inside networks for months, collecting data before launching an attack * Baseline requirements are identity-first security, including multi-factor authentication (MFA) and privileged access management * Human-only Security Operations Center (SOC) models are too slow to keep up with today's automated, AI-powered attacks * CTG uses Microsoft's Unified Security Operations (SecOps) platform to eliminate tool sprawl and improve response time * Zero-trust architecture is expanding from department-level to enterprise-wide in healthcare * New HIPAA regulations now require provable network segmentation for legacy medical devices * AI-assisted security operations will continue to grow in the next few years A Little About Chad: As CTG's Managing Director of Cybersecurity, Chad Alessi leverages decades of experience in technology, cybersecurity, and operational strategy across enterprise and mid-market sectors to meet the evolving cybersecurity needs of clients in the U.S. During his time in IT consulting, Chad was instrumental in driving IT transformation in the company's regulated pipeline and gas processing business units. He holds a BS in Chemical Engineering, an MBA from the University of Alabama, an MS in Information Systems with a concentration in Information Security from Syracuse University, and post-graduate certifications in leadership, full stack development, cybersecurity, and cloud computing. Chad is known for his strong work ethic, integrity, resourcefulness, and service-based leadership, which he attributes to his time in the U.S. Marine Corps.

At the Intersection of Healthcare Innovation & Security: Cloud Governance and Data Interoperability

Advances in data interoperability, democratized cloud access, and responsible AI governance are reshaping what is possible in healthcare innovation. In this episode, host Sandy Vance welcomes Jim Ducharme [http://linkedin.com/in/jimducharme], Chief Technology Officer of ClearDATA [https://www.cleardata.com/], to discuss each of these forces impacting healthcare, from improving care through connected data, to empowering teams with greater cloud access, to building the policies and controls required to govern AI responsibly.  Their conversation highlights the importance of secure, scalable infrastructure as healthcare organizations adopt AI and expand data sharing. Jim shares practical insights on balancing innovation with risk management, building trust in cloud environments, and establishing governance frameworks that support compliance. In this episode, they talk about: * ClearDATA’s vision and the organizations they serve * Technologies and solutions designed to protect sensitive patient data * Understanding the financial and operational risks of cloud security failures * How cloud democratization is making advanced technology more accessible * The role of a secure cloud baseline in healthcare innovation * Best practices for governance in data sharing and interoperability * The relationship between AI and data trustworthiness * How organizations can safely adopt and scale emerging AI capabilities A Little About Jim: Jim leads ClearDATA’s Engineering, Product Management, and IT teams. He has more than 25 years of experience leading product organizations in the identity, integrated risk, and fraud management markets. Prior to joining ClearDATA, Jim served as Chief Operating Officer of Outseer, an RSA Company, where he served over 10 years in executive leadership roles. Prior to RSA in 2012, he served in executive leadership roles for Aveksa, CA, and Netegrity. Ducharme frequently speaks at industry events and regularly contributes articles to trade publications. Jim also holds several patents and a Bachelor of Science in Computer Science degree from the University of New Hampshire. He and his wife live in Maine in their dream log home, which was featured in Log and Timber Home Living magazine.