11.8K
Downloads
71
Episodes
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Join us monthly for an interactive Cyberside Chats: Live!
Youtube channel: https://www.youtube.com/LMGsecurity
Register Here: https://lmgsecurity.zoom.us/webinar/register/WN_4FpdxB0VQo6aURK1p7_k_g
Episodes
18 hours ago
18 hours ago
65% of US doctors are using an AI tool their hospital never approved — on personal phones, under click-through contracts. Sherri and Matt unpack what every CISO and IT leader should learn from it about shadow AI, "free" professional tools, and the contracts nobody's reading.
The tool is OpenEvidence — 27 million clinical queries in April 2026 alone, 60% of them shaping actual treatment decisions. Doctors love it because the alternative was Googling patient symptoms on a personal browser. Their hospitals mostly don't know it's happening, and the vendor's click-through Business Associate Agreement authorizes them to use that data to train their models forever.
Healthcare is the example. The same pattern is showing up in legal, financial services, engineering, and HR right now — different tool, same structural risk. Tune in for five concrete takeaways security and IT leaders can use this week.
Key Takeaways:
- Inventory shadow AI. Ask your staff what AI tools they use to do their jobs, not whether they're using unauthorized tools. The real number is likely 2–5x what you'll find.
- Read the actual contract before letting any AI tool touch sensitive data. Find the training-data clause, the termination clause, the audit rights, and who the "Customer" really is. Click-through BAAs don't protect the employer.
- Treat every AI prompt as a disclosure. Removing names doesn't make data safe. Combinations of attributes, dates, locations, roles, rare events, can re-identify people even without a name attached.
- Take a position on shadow AI and communicate it. Decide which tools your organization sanctions, which it blocks, and which fall in between. Silence is implicit endorsement.
- Push back on every "free" professional AI tool. Ask who's paying and what they're buying. If it's not you, the product is your professionals' decisions.
Resources:
- https://www.nbcnews.com/tech/tech-news/openevidence-ai-doctor-medical-physician-login-app-what-npi-uptodate-rcna341064
- https://www.healthcare.digital/single-post/clinical-intelligence-a-strategic-analysis-of-openevidence-and-the-multi-agent-medical-ai-ecosystem
- https://www.ama-assn.org/system/files/physician-ai-sentiment-report.pdf
No comments yet. Be the first to say something!