TBW ADVISORS LLC

Tag: healthcare

  • Industry Whispers: AI in Medicine: Promise or Peril?

    Industry Whispers: AI in Medicine: Promise or Peril?

    oin us for “AI in Medicine: Promise or Peril?”—a candid discussion with leading experts on how artificial intelligence is reshaping healthcare. From groundbreaking diagnostic tools to ethical dilemmas and patient safety concerns, we’ll explore whether AI is the ultimate game-changer or a ticking time bomb. Gain insights into what’s real, what’s hype, and what’s next for medical innovation. Don’t miss this chance to separate fact from fiction and prepare for the future of healthcare.

    Research Code: TBW2129

    Cannot make it live? Register and submit your question. The answer will be in the video on TBW Advisors’ YouTube Channel.

    NO AI note takers allowed. Event copyrighted by TBW Advisors LLC All Rights Reserved.

    BIOS

    Doreen Galli, PhD MBA

    Doreen Galli, PhD MBA is the Chief of Research at TBW Advisors LLC and regular contributor to Computer Talk Radio. She’s led significant and measurable changes as an executive at IBM, DPWN, Dell, ATT, and most recently Microsoft. Dr Galli was Chief Technology and Chief Privacy Officer in Azure’s MCIGET. Gartner recognized Dr. Galli as an expert in data ingestion, quality, governance, integration, management, and all forms and analytics including sensor data.

    Barry P. Chaiken, MD, MPH

    Barry P. Chaiken, MD, MPH is a physician, public health specialist, and internationally recognized expert in healthcare AI, clinical informatics, and digital transformation. Trained at SUNY Downstate Medical Center and the Harvard School of Public Health, Dr. Chaiken previously worked with the U.S. Centers for Disease Control and Prevention, experience that informs his expertise in public health analytics, system-level strategy, and the design of resilient, data-driven healthcare systems.

    A former Chairperson of the Healthcare Information and Management Systems Society (HIMSS), he has served as a strategic advisor to healthcare IT companies, life sciences organizations, and health systems worldwide. Dr. Chaiken is the author of Future Healthcare 2050 and Navigating the Code, and is a leading keynote speaker on AI, trust, clinician workflow, and patient experience.

    A two-time cancer survivor and 41-year rider in the Pan-Mass Challenge, Dr. Chaiken brings a unique perspective that connects clinical knowledge, policy insight, and human experience.

    Susie Branagan BSN,RN

    Susie Branagan is a highly experienced nurse and healthcare leader whose career spans 25 years of ICU, pediatric psychiatry, adult medical-surgical care, telemetry, perioperative services, and hospital leadership. She has served in roles from frontline clinician to Nurse Manager, gaining a deep understanding of patient care, caregiver well-being, and the operational realities that shape healthcare systems.

    As the founder of Susie Branagan Consulting, Susie specializes in trauma-informed care, Just Culture principles, leadership development, communication strategies, and building safe, supportive care environments. She helps teams strengthen accountability, improve psychological safety, and respond to challenging situations with clarity, compassion, and evidence-based practice.

    What sets Susie apart is that everything she teaches comes directly from real-life experience, not from textbooks or theory. Her coaching, trainings, and leadership support are grounded in decades of navigating complex cases, supporting distressed families, advocating for staff, and leading teams through high-pressure clinical moments.

    Susie’s mission is to transform healthcare culture by empowering leaders and caregivers with practical, human-centered tools that create safer, stronger, more resilient organizations.

    Chris Hutchins

    Chris Hutchins is the Founder & CEO of Hutchins Data Strategy, a consultancy that helps healthcare organizations unlock the value of data, AI, and analytics with clarity, ethics, and measurable impact. A nationally recognized voice in healthcare transformation, Chris previously served as SVP and Chief Data & Analytics Officer at LifePoint Health, and prior to that, as Chief Data & Analytics Officer at Northwell Health, New York’s largest integrated delivery network.

    Over the past two decades, Chris has led enterprise-wide initiatives in self-service analytics, ambient AI, digital governance, and workforce enablement, always with a sharp focus on care equity, operational sustainability, and trust. His leadership is grounded in building practical, inclusive strategies that bring technologists, clinicians, and operators into shared alignment.

    Chris is also the creator and host of The Signal Room, a podcast platform amplifying leadership, ethics, and innovation in health. He is a frequent contributor to CDO Magazine, HIMSS, and other national forums, where he advocates for AI adoption that augments human care, not replaces it.

    Chris holds a deep belief that every data strategy is ultimately a human strategy, and that transformation only succeeds when it is designed with care at the center.

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other example products in the same category may have also been on display.

    TBW Advisors LLC logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?

    Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?

    Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?

    Published to clients: June 18, 2025                                                ID: TBW2063

    Published to Readers: June 19, 2025

    Email Whispers: July 22, 2025

    Public & Video Edition: July 23, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    Cybersecurity in healthcare is responsible for protecting the data that represents the life’s story of patients and infrastructure to enable proper care. Managing and securing the plethora of edge devices and the interoperability of all the technologies is an increasing challenge. There are four steps to take to enhance your healthcare cybersecurity: select a framework, leverage depth in defense, automate where possible, and test your environment.

    Target Audience Titles:

    • Chief Information Security Officer, Chief Information Officer, Chief Security Officer, Chief Technology Officer, Chief Compliance Officer, Chief Data Officer, Chief Privacy Officer
    • VP of Cybersecurity, Director of Information Security
    • Security Architect, Information Security Architect, Network Security Engineer, Systems Security Engineer, SOC Analysts, IAM Specialists, Director of Privacy

    Key Takeaways

    • Device maintenance and interoperability continue to challenge healthcare environments cybersecurity.
    • Four steps to enhance cybersecurity in healthcare environments. Select a framework, leverage depth in defense, automate where possible, and test your solution.

    Tags

    cybersecurity, privacy, healthcare, healthcare technology, health tech, HIMSS, HIPPA, medical devices, edge devices, IoT, depth in defense, automate, integration, cybersecurity frameworks, Evidently, Hal Wolf, Kai Romero, Brennen Reynolds, Absolute Security, Alexander Group, Trey Chamberlin, Aisera, Daniel Carvajal Marin

    What are the best practices for enhancing cybersecurity in healthcare?

    We took the most frequently asked and most urgent technology questions straight to the health systems technology experts gathering at the Healthcare Information and Management Systems Society (HIMSS) 2025 Global Health Conference and Exhibition or HIMSS 25 for short. This Whisper Report addresses the question regarding the best practices for enhancing cybersecurity in healthcare. Given that data breaches in 2024 affected 1 in 2 American’s health records, cybersecurity is top of mind in healthcare1. But healthcare data is not your shopping data, it represents much more. As Evidently’s Kai Romero shared, “the narrative Arc of who they are how they’ve suffered, how they’ve overcome the illnesses that they’ve experienced, you can’t treat that lightly … this is their life.” But there is a reason for concern in healthcare. For those unfamiliar, Russia has been found the source of ransomware attacks on the healthcare industry2. As HIMSS Hal Wolf shared, “security is a major issue our own the federal government the United States just announced that they were bringing down cyber security blockage or fundamentals against another foreign country recently that was yesterday.” There is no indication that the cyberattacks on healthcare will stop, just an announcement that the government is no longer stopping such attacks.

    Where are the vulnerabilities?

    Understanding that healthcare data represents the whole person and their life, where are the vulnerabilities coming from in the healthcare environment? Examining the source of the security vulnerabilities can offer insights to the efforts to defend and protect this valuable healthcare data. Turns out there are two large sources of vulnerabilities.

    Device Maintenance

    First, devices in the healthcare environment itself are an issue. As we discussed in Whisper Report: How can AI be effectively integrated into healthcare systems?, many devices on site are old. They may not have over the air (OTA) updates, may require human in the loop to update. As Absolute Security’s Brennen Reynolds stated, “any given organization that man that has our technology about 15% of the devices that are being manually managed have some missing critical security control which increases their risk to either an operational outage or a cyber event like Ransomware.” It may sound like simple advice you have heard a million times, but keeping your equipment up to date with the latest software and security patches is simply critical.

    Interoperability

    Healthcare creates complicated environments full of an array of diverse vendors. Somehow these vendors and their technology – or more specifically – the diverse array of data about the patient derived must interoperate. Not just interoperate, the data must come together to provide a picture of the patient for the practitioner. Unfortunately, as Alexander Group’s Tray Chamberlin pointed out, “a lot of interoperability issues and leaks.” Getting the technology to work together is so difficult in and of itself, the process created that ‘works’ may not be a secure solution. It is critical that during any interoperability project that protection of the data in the processes is the first a priority. Furthermore, the integration architecture and solution must      be examined at a detailed level to understand and identify any potential leakages created in the process.

    Solutions

    Organizations concern about security in healthcare technology is not going to go away. Per HIMSS’s Hal Wolf, “this is going to be the coinage of which we really improve Healthcare is information (and) information comes from data the data will be unprotected so .. it is why it (cybersecurity) is one of our (HIMSS) four focus points.. at HIMSS (25) digital Health transformation, AI, cyber security, and Workforce Development.” Information is how we improve care, thus information is the goldmine of healthcare. Figure 4 depicts Four Steps to Enhance your Healthcare Cybersecurity.

    4 steps to enhance healthcare cybersecurity 1. Select Framework 2. Leverage Depth of Defense 3. Deploy Automation 4. Test!

    Select Framework

    Through the various conversations while conducting this research, it became very clear that each organization has their own framework to guide their cybersecurity program. When selecting amongst the frameworks, ensure these common characteristics are present.

    • It should be 100% restricting while enabling productivity.
    • Needs guardrails and controls
    • It should be deliberate and intentional with how it handles your assets.

    Leverage Defense in Depth

    Regardless of where the technology is used within healthcare, certain security practices should be consistent. As Evidently’s Kai Romera shared, “some of the same things that we use in the clinical setting to protect patient data whether that’s logging out of a screen pretty quickly after it’s not active or you know taking away the protected patient information so that anyone who’s looking at the screen would not know who that patient was you want to know that they’re employing those things because this (is) patient data.” Understanding no single method covers all scenarios, it is good to use every method available when possible. For example, clinical data masking technology and standards can easily be applied to the terminals used at the front desk and billing as well.

    But data masking is not just useful at the terminal level. As Aisera’s pointed out, regarding you agentic AI solutions, we can do everything from masking PII for mask any personal data “architecture that’s going to keep your data private data privacy is probably the most important thing especially when it comes to healthcare right .. but also how it is stored right even in our cloud approach” our customers get the unique architecture so when you’re training the LLM you’re not trained in our models.”

    Deploy Automation

    Many shy away from automation, but as we pointed out in Conference Whispers: Black Hat USA 2019, a ransom ware attack can take down an organization in 30 minutes. What human on call can get notified, get online and stop an attack that fast? Furthermore, as Absolute Security’s Brennan Reynolds shared, “topic of automation there’s just too many things to be done in a day to allow and require humans to be doing all of the maintenance and management task so if the it devices across their organizations whether you have a th000 devices 10,000 or a million devices you’re never going to have enough staff to manually execute tasks to keep those devices safe and secure.” Thus it is physically impossible to stop many attacks or even simply update all the devices on site without automation.

    Test!

    Regardless of the care taken, it important to review the architecture and test the system. As Alexander Group’s Tray Chamberlin explained, “make sure that it’s not just we want this system we want to stand it up and we want the functionality but also going through the paces and testing and making sure that is playing nice but also doesn’t open up a new vulnerability within your system going forward.” A system that simply works is not the goal. Rather, a system must work and be secure, resilient, and hardened against attacks including its integration points is the minimum standard.

    We will close with remarks by HIMSS’s Hal Wolf, “ I think cyber security is going to continue to be at the Forefront of our thoughts whenever you’re dealing with data and information they are going to be bad actors… HIMSS is focused on cyber security we have cyber security forums (and) there are cyber security events taking place.”

    *When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

    Related playlists

    1. Whisper Report: HIMSS: Question 1: How can AI be effectively integrated into healthcare systems??
    2. Conference Whispers: HIMSS 25

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.