Government Information Security Podcast

Large language models have a well-earned reputation for making things up. But for AI cybersecurity architect Erica Burgess, rather than being a bug, GPT hallucinations can be a threat-modeling feature. "I like to think of the hallucinations as just ideas that haven't been tested yet," she said.

Use cases of AI in healthcare will continue to expand in 2026 - including for back-office automation, ambient exam room documentation, claims processing and clinical decision support - but so will critical privacy, security, legal and other risks, said attorney Wendell Bartnick of law firm Reed Smith.

Implantable brain devices introduce a new and significantly more complex class of cybersecurity risk and critical privacy concerns, compared with traditional medical devices, given the sensitivity of neural data, says Professor Kevin Fu of the Archimedes Center at Northeastern University.

Healthcare sector mergers and acquisitions dramatically amplify cybersecurity and data privacy exposure for potential buyers and sellers, said attorney Jonian Rafti of law firm Proskauer. But there are critical steps entities can take to reduce those risks, he said.

Third-party security threats remain one of the most critical risks facing the healthcare sector. But now the increasing use of artificial intelligence by vendors adds a new layer of third-party concerns, said independent consultant Rick Doten, former healthplan CISO at Centene Corp.

Healthcare data breaches are becoming more frequent but smaller in scale, targeting smaller entities and high-value credentials and records - and AI is reshaping both the attack landscape and fraud patterns, said Jim Van Dyke, senior principal of innovation at TransUnion.

Preparing a healthcare workforce to responsibly engage with AI tools without over relying on automation or undermining human oversight will require awareness training akin to phishing exercises, said Skip Sorrels, field CTO and CISO at security firm Claroty.

Smart eyewear such as Meta-AI Ray Ban glasses - which sport microphones, cameras and can connect to artificial intelligence - pose emerging patient privacy and other risks especially when worn in healthcare settings, said Garrett Zickgraf of consulting firm LBMC.

Boards are becoming increasingly focused on understanding the mechanics and implications of agentic artificial intelligence, but traditional governance processes aren't built for the speed and complexity of today's AI-driven innovation cycles, said JoAnn Stonier, former chief data and AI officer at Mastercard.

Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

New York State's stringent new cybersecurity requirements for many hospitals will have a ripple effect, raising the security bar and expectations for healthcare providers across many other states, predicts Chris Stucker, deputy CISO at Wisconsin-based Froedtert ThedaCare Health.

Rural and small community hospitals are continuing to face growing cyber challenges driven by limited and shrinking resources, staffing shortages, and increasingly sophisticated cyber threats, said Jackie Mattingly, senior director at privacy and security consulting firm Clearwater.

While information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply.

Microsegmentation no longer remains a buzzword. In today's threat landscape, organizations are adopting it as a frontline defense against cyberattacks and higher cyber insurance premiums. About 90% of organizations are using some form of segmentation, according to Akamai's 2025 Segmentation Impact Study.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data.

A new AI-powered clinical decision support system developed by Google and NASA aims to help astronauts diagnose and treat medical issues during space missions - even when real-time communication with Earth is unavailable, said Chris Hein, field CTO of Google Public Sector.

New Texas health information legislation that began to go into effect on Sept. 1 includes several noteworthy provisions including requirements related to health record data storage and artificial intelligence, said regulatory attorney Rachel Rose. Rose explains the significance of the new state law.

Default credentials, weak passwords, misconfigurations and a variety of other security shortcomings are exposing millions of medical devices and their data on the internet, said Soufian El Yadmani, CEO and co-founder of Modat, who shared recent research findings.

Recent advisories from U.S. federal authorities on vulnerabilities in certain operational technology devices underscore the potential security risks that many healthcare providers frequently underestimate, said Sila Özeren, a security research engineer at Picus Security.