On the 23rd episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Matt Modica, Vice President and Chief Information Security Officer at BJC HealthCare. BJC HealthCare is one of the largest non-profit healthcare organizations in the United States, operating 14 hospitals across Missouri and Illinois. BJC has over 30,000 employees and over 4,200 doctors across its network. In this conversation, Matt discusses the unique challenges of securing patient privacy in a digital world, new opportunities and risks in healthcare with recent AI advancements, and aligning security practices with an AI-enabled future.

Quick hits from Matt:

On the increasing effectiveness of AI powered attacks: “Voice technology and mimicking a person got very good. Pretending to be somebody else and trying to get credential access or compromise credentials, it's not just executives anymore. It's anybody with a credential. So the credential is valuable and they're being sold. It's just a matter of how criminals can best get the ID and password to be able to sell.”

On critical areas where AI allows us to focus more attention: “We have time to do the things we've always talked about wanting to do. We've talked about wanting to do more threat hunting, about wanting to do more risk quantification. We've always talked about wanting to do a better job and be more proactive in shifting security left in our, in our agile environment, our workflows and things. So we have some time to do that now because we're making some of those things either automated or more efficient.”
On the maintained need for humans in the loop with enterprise AI: “ When you're running a large enterprise, uptime is of utmost importance. If I change a firewall rule that blocks something legitimate, I'm going to hear about that. If that was done because it was a low security risk, but the automation decided to do that, then there’s a lot of ramifications there. I don't know if we'll ever get to a hundred percent full automation. I think we're always going to have to have someone validating accuracy. And the models and making sure that our risk tolerance as an organization is taken into consideration as we instrument those things or allow those things to take action on our behalf.”

Book Recommendation: The One Minute Manager by Ken Blanchard and Spencer Johnson

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Josh Meer.