Cybersecurity at ViVE Podcast

In this episode of the Cybersecurity at Vibe series on The Beat Podcast, host Sandy Vance sits down with Shreesh Bhattarai, Director of HITRUST at A-LIGN, for a candid and practical conversation about one of the most misunderstood topics in healthcare cybersecurity. With nearly a decade of experience building one of the highest-volume HITRUST assessment practices in the market, Shreesh breaks down the difference between checking a compliance box and actually being secure, walks through the three levels of HITRUST certification, and shares what organizations need to do right now to prepare for an AI-driven future. Whether you are just starting your compliance journey or managing nine certifications with a team of five, this episode has something for you.In this episode, they talk about:Compliance is the baseline, not the finish line, and treating it as a once-a-year exercise is a serious mistakeThe biggest risk in compliance is not failing the audit, but passing it while still being insecureHITRUST has three certification levels: E1 (crawl), I1 (walk), and R2 (marathon)Organizations should choose the certification that matches their risk profile, not just go for the biggest oneThe best audits are boring because everything is already embedded in day-to-day operationsHITRUST's "audit once, report multiple times" approach eliminates duplicative work across frameworksAI governance plans are no longer optional; shadow AI is a real and growing riskHITRUST now offers an AI cybersecurity assessment to help organizations put guardrails around AI useA Little About Shreesh:Shreesh Bhattarai is Director and HITRUST Practice Lead at A-LIGN, where he works at the intersection of cybersecurity assurance, regulatory pressure, and business growth. Since 2017, he has led more than 500 HITRUST certifications and assessments across healthcare, digital health, and high-growth technology organizations. Shreesh partners directly with CEOs, CISOs, and executive teams navigating increasing scrutiny from regulators, customers, and third parties. He is known for challenging the “check-the-box” compliance mindset and reframing HITRUST as a strategic trust mechanism — one that strengthens security posture, accelerates enterprise sales, and reduces third-party risk friction. He leads a national team of security professionals within A-LIGN’s HITRUST practice and regularly speaks on the evolution of compliance in healthcare at forums including ViVE, Health and HITRUST Collaborate. Prior to A-LIGN, he was part of the audit practice at Ernst & Young, focusing on SOX 404 and SOC engagements.

In this episode, host Sandy Vance sits down with Gary Salman, CEO and co-founder of Black Talon Security, for a passionate and informative conversation about the growing ransomware crisis in healthcare. With over 30 years in health tech and a background as a part-time law enforcement captain, Gary brings a unique perspective to cybersecurity. He draws parallels between street-level crime and digital attacks. Whether you lead a large hospital system or a small specialty practice, this episode is packed with practical insights on how to assess your cyber risk, respond to an active breach, and build a culture of leadership accountability before disaster strikes.In this episode, they talk about:About 90% of breached healthcare organizations end up paying the ransomSmall practices are just as targeted as large health systems, especially those with strong insurance policiesLack of visibility across the full attack surface is the most common security blind spotContinuous Threat Exposure Management (CTEM) is replacing outdated point-in-time assessmentsKnown Exploitable Vulnerabilities (KEVs) are a primary attacker entry point, yet most orgs patch them too slowlyAI is helping hackers build malicious tools faster and with less technical skillDuring a breach, deciding how quickly to shut down the network is the most critical early callMost IT providers never deliver a documented risk report to leadership, leaving executives in the darkGary's cyber risk grading tool gives non-technical leaders a real-time security score per facilityDocumented, improving risk scores can reduce regulatory penalties after a breachMost ransomware attacks are preventable with proper patching, configuration, and monitoringA Little About Gary:Gary Salman is the CEO and Co-Founder of Black Talon Security, a leading innovator in cybersecurity solutions for healthcare. With an impressive 32-year career in healthcare technology, Gary is both a seasoned security expert and visionary. In the late 1990s, he developed one of the earliest cloud-based dental practice management systems that was acquired by a publicly traded company in 2002. Gary also has a unique background, as he is still actively involved in law enforcement as a Deputy Sheriff.Under his leadership, Black Talon monitors and secures approximately 65,000 devices worldwide. The company provides cybersecurity services to a wide range of clients, from small practices to some of the largest healthcare organizations in the United States, including many of the top 20 Dental Service Organizations (DSOs).As a respected authority in his field, Gary is a frequent lecturer at major national dental association meetings. Black Talon's services are endorsed by numerous state and national associations, affirming his expertise and influence. His work has been highlighted in over 100 prestigious dental and medical publications, reinforcing his status as a thought leader in healthcare cybersecurity. Gary has also trained tens of thousands of healthcare professionals on best practices for securing their practices and clinics.Beyond preventative measures, Black Talon also specializes in cyberattack remediation, successfully guiding hundreds of healthcare organizations through recovery from security breaches. Their expertise is often enlisted by leading law firms and cyber insurance carriers, underscoring their prominence in the field.

In this episode of the Cybersecurity at ViVE series on The Beat Podcast, host Sandy Vance sits down with Chad Alessi, Managing Director of Cybersecurity at CTG, for a wide-ranging conversation about what it really takes to protect healthcare organizations in today's threat landscape. With a background spanning chemical engineering, the U.S. Marines, energy sector Operational Technology security, and IT consulting, Chad brings a unique cross-industry perspective to healthcare cybersecurity. From the difference between cybersecurity and cyber resilience to the rise of AI-powered attacks, this episode is packed with practical insights for healthcare leaders who want to stay ahead of what is coming.In this episode, they talk about how:Cyber resilience focuses on operational continuity when an attack happens, not just preventionBreaches resolved within 200 days can save organizations over $1 millionBad actors often sit idle inside networks for months, collecting data before launching an attackBaseline requirements are identity-first security, including multi-factor authentication (MFA) and privileged access managementHuman-only Security Operations Center (SOC) models are too slow to keep up with today's automated, AI-powered attacksCTG uses Microsoft's Unified Security Operations (SecOps) platform to eliminate tool sprawl and improve response timeZero-trust architecture is expanding from department-level to enterprise-wide in healthcareNew HIPAA regulations now require provable network segmentation for legacy medical devicesAI-assisted security operations will continue to grow in the next few yearsA Little About Chad:As CTG's Managing Director of Cybersecurity, Chad Alessi leverages decades of experience in technology, cybersecurity, and operational strategy across enterprise and mid-market sectors to meet the evolving cybersecurity needs of clients in the U.S. During his time in IT consulting, Chad was instrumental in driving IT transformation in the company's regulated pipeline and gas processing business units. He holds a BS in Chemical Engineering, an MBA from the University of Alabama, an MS in Information Systems with a concentration in Information Security from Syracuse University, and post-graduate certifications in leadership, full stack development, cybersecurity, and cloud computing. Chad is known for his strong work ethic, integrity, resourcefulness, and service-based leadership, which he attributes to his time in the U.S. Marine Corps.

Advances in data interoperability, democratized cloud access, and responsible AI governance are reshaping what is possible in healthcare innovation. In this episode, host Sandy Vance welcomes Jim Ducharme, Chief Technology Officer of ClearDATA, to discuss each of these forces impacting healthcare, from improving care through connected data, to empowering teams with greater cloud access, to building the policies and controls required to govern AI responsibly. Their conversation highlights the importance of secure, scalable infrastructure as healthcare organizations adopt AI and expand data sharing. Jim shares practical insights on balancing innovation with risk management, building trust in cloud environments, and establishing governance frameworks that support compliance.In this episode, they talk about:ClearDATA’s vision and the organizations they serveTechnologies and solutions designed to protect sensitive patient dataUnderstanding the financial and operational risks of cloud security failuresHow cloud democratization is making advanced technology more accessibleThe role of a secure cloud baseline in healthcare innovationBest practices for governance in data sharing and interoperabilityThe relationship between AI and data trustworthinessHow organizations can safely adopt and scale emerging AI capabilitiesA Little About Jim:Jim leads ClearDATA’s Engineering, Product Management, and IT teams. He has more than 25 years of experience leading product organizations in the identity, integrated risk, and fraud management markets. Prior to joining ClearDATA, Jim served as Chief Operating Officer of Outseer, an RSA Company, where he served over 10 years in executive leadership roles. Prior to RSA in 2012, he served in executive leadership roles for Aveksa, CA, and Netegrity. Ducharme frequently speaks at industry events and regularly contributes articles to trade publications. Jim also holds several patents and a Bachelor of Science in Computer Science degree from the University of New Hampshire. He and his wife live in Maine in their dream log home, which was featured in Log and Timber Home Living magazine.

In this episode, host Sandy Vance chats with Dr. Sean Kelly, the Chief Medical Officer and the SVP of Customer Healthcare Strategy at Imprivata. Together, they unpack how healthcare organizations can strengthen cybersecurity without slowing clinicians down—exploring everything from mobile device security and passwordless authentication to adaptive authentication, risky user behaviors, and the very real implications for patient safety, workflow efficiency, and ROI for healthcare leaders.In this episode, they talk about:How cybersecurity can be improvedThe impact that Imprivata has on clinicians Why multi-factor authentication systems aren’t more prevalent in the healthcare industryThe risky behaviors that open up organizations to security risksThe different things that Imprivata offers organizationsThe risks of patient harm in cybersecurity and privacyAdvice for CIOs or CFOs: workflow implications, security compliance, security and efficiency ROI, and financial valueAdaptive authentication at ImprivataA Little About Sean:Dr. Sean Kelly brings a uniquely well-rounded perspective to healthcare, shaped by a career that spans emergency medicine, healthcare leadership, technology, teaching, and entrepreneurship. An emergency physician at Beth Israel Lahey Health in Boston and an Assistant Clinical Professor of Emergency Medicine at Harvard Medical School, he is also the Chief Medical Officer and SVP of Customer Healthcare Strategy at Imprivata, where he helps guide product vision, go-to-market strategy, and customer experience after more than a decade with the company from startup through IPO and private equity ownership. He has led high-performing teams in both clinical and executive settings, contributed to care delivery improvements impacting millions of patients, published widely in emergency medicine and medical education, and earned multiple teaching awards. His background includes training at Harvard College, UMass Medical School, and Vanderbilt University, co-founding a concierge medical practice on Martha’s Vineyard, international teaching and humanitarian work, and service in roles ranging from hospital administration to disaster relief—all grounded in a deep commitment to learning, mentorship, and collaboration.