Kevin Tambascio on balancing security with availability of services in healthcare

Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.

In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it’s equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks. 

Listen to hear more about: 

• The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
• Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
• Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats