Episode 68

Fortifying Healthcare Data: Proactive Defense Strategies

The recent breach of the Change Healthcare platform serves as a strong reminder that the healthcare sector remains extremely vulnerable to different types of attacks. In late February, a ransomware gang known as Black Cat claimed responsibility for hacking Change Healthcare, a subsidiary of UnitedHealth Group. The intruders disrupted operations and stole up to four terabytes of data, including personal information, payment details, insurance records, and other sensitive information. It is also reported that a ransom payment of $22 million was made. What is even more concerning is that Change Healthcare is being extorted again by another ransomware group. Incidents such as this jeopardize the survival of countless healthcare providers nationwide due to delays in patient care and delays in making reimbursements. This hack generated massive economic and legal shockwaves across the US healthcare industry, from major industry players to small-town, rural physician practices. In this episode, Amer Deeba, CEO and Co-founder at Normalyze joins me to review the state of cyber security and maturity of the healthcare industry and talk about proactive defense strategies to fortify sensitive healthcare data.

Action Items

  • Quantify the value of sensitive data assets and identify the highest risk areas.
  • Implement continuous monitoring and controls where sensitive data resides.
  • Connect data security priorities to organizational mission and goals to gain leadership buy-in.
  • Innovate solutions focused on data visibility, classification, access controls, and continuous auditing.

Time Stamps



00:02 -- Introduction

03:18 -- Guest's Professional Highlights

04:19 -- State of Cybersecurity Maturity in the Healthcare Industry

9:01 -- Consequences of healthcare data leak

10:54 -- Challenges of securing healthcare data

12:03 -- Practical strategies for securing healthcare data

18:07 -- A proactive approach to securing healthcare data

21:55 -- Best practices

29:21 -- Making the business case

32:46 -- Closing Thoughts


Memorable Amer Deeba Quotes/Statements

"We're expecting that by 2026, about 175 zettabytes of data will be available across multiple types of cloud environments."

"It all starts by understanding where are your most important and critical assets, where are your crown jewels, and whether you are able to understand at any point in time where this information is, who has access to that information, how can they access that information? Do you have the right controls and mechanisms in place in order to secure it, to understand the value of it for your organization and make sure that it's fortified from such attacks."

"With data exploding and moving everywhere, between environments and between cloud and SaaS applications and on-prem, this is the new frontier for attackers."

"You're not boiling the ocean; you are prioritizing based on where your most sensitive information is, and you are making sure there are no attack paths to this data."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024

Preventing Security Breaches Must Start at the Top

Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic



Latest Webinars & Podcasts with Dr. Chatterjee as the Guest

Non-profits and Cybersecurity, a CAPTRUST podcast

How can brands rethink data security to maintain customer trust?, A TELUS International podcast

Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza

Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

Listen for free

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.