"Third parties are a common entry point for cyber attacks. This is something you really want to make sure you have under control."

Notable Moments

[00:01:15] Third-party due diligence and security reviews.

[00:03:25] How regulatory requirements like HIPAA, PCI DSS, GDPR shape due diligence.

[00:05:28] Ongoing monitoring and review expectations.

[00:06:19] Physical access risks: background checks for on-site vendor personnel.

[00:07:44] Company's responsibility to vet vendors, especially as AI evolves.

[00:09:42] What documentation to request and how to evaluate red flags.

[00:12:27] Common red flags: incomplete training, high-severity pen-test findings, litigation.

[00:17:07] Dawn-Marie's "core four" steps for starting a third-party review program.

In this episode Dawn-Marie Dalsass, Compliance and Risk Management Director at Redox, discusses the truth behind third-party security. Our conversation exposes the hidden gaps organizations overlook and the simple first steps that make all the difference. Take a listen to hear common red flags, documentation to request, review frequency, financial and operational considerations, and the surprising basics every organization should verify before engaging a vendor.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Cybersecurity is a shared responsibility. One organization's defense can strengthen an entire community."

Notable Moments

00:01:00 – What an ISAC is and how it began

00:02:40 – How Health ISAC has grown globally

00:04:44 – Top threats facing healthcare today

00:09:25 – AI's role in both defense and attacks

00:13:45 – Impact of the Cybersecurity Information Sharing Act

00:18:03 – Why information sharing builds community trust

00:19:28 – Government collaboration challenges

00:23:49 – Final proactive cybersecurity advice

Errol Weiss, Chief Security Officer of Health ISAC, joins Jody Mayberry and Megan McCloud to explore how collaboration fuels cybersecurity resilience in healthcare. They discuss evolving threats like ransomware and AI-driven attacks, the importance of information-sharing networks, and how global cooperation keeps patient data safe.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"We're not trying to avoid AI because of the scary security issues; we're trying to deploy it securely so we can unlock its true potential."

Notable Moments

01:09 – Rene Brandel on why he began hacking Y Combinator AI agents to find security gaps.

02:30 – How quickly AI systems can be breached without strong security oversight.

03:51 – The risk of cross-user data access and violating HIPAA's minimum necessary standard.

07:05 – Understanding permissions creep and why AI agents should be treated like individual users.

10:23 – How malicious actors can use code execution capabilities to manipulate AI systems.

13:44 – Sandboxing AI agents and why "don't roll your own security" is the new rule.

15:23 – Three areas of AI procurement to prioritize: authentication, capabilities, and integration.

18:11 – Why traditional pen tests miss AI-specific threats and the need for continuous testing.

21:21 – Meghan reflects on the speed of AI advancement and the importance of security champions.

Rene Brandel, CEO of Casco and a Y Combinator founder, shares his team's findings after testing AI agents from leading startups. He reveals how quickly AI systems can be exploited through prompt injection, permissions creep, and code execution flaws. Our conversation explores why healthcare must treat AI as a regulated entity, not a novelty. The episode dives into sandboxing solutions, authentication strategies, and how to build a new generation of AI security champions.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com