Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

Network segmentation is among new potential mandates for regulated entities under a proposed update to the HIPAA security rule, but many organizations continue to struggle to implement that as well as other critical best practices, said Candice Moschell of consulting firm Crowe LLP.

Pending health information privacy legislation in New York state, if signed into law, could make the use of patient data by telehealth and remote patient monitoring companies for certain activities much more difficult, said Aaron Maguregui, a partner at law firm Foley and Lardner, who explains why.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

Chief Information Officer Meerah Rajavel shares Palo Alto Networks' strategy for enterprise AI: securing models from the outset, combating adversarial use and leveraging increased productivity and automation to cut manual workloads across engineering, support, sales and HR.

The Health Sector Coordinating Council is urging the Trump administration to drop work on a proposed HIPAA security rule update and instead engage in a collaborative dialogue with healthcare sector leaders to create alternative cyber requirements, said Greg Garcia, executive director of HSCC.

NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league's use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

While recent draft guidance from the Food and Drug Administration on artificial intelligence-enabled medical devices is non-binding, the document signals that the agency is intensifying its regulatory scrutiny of these technologies, said Dr. Scott Schell of IT consulting firm Cognizant.

As uncertainty mounts about the range of cyber resources the federal government will continue to offer healthcare and other critical infrastructure sectors during the Trump administration, states will need to step up their support, said Mike Hamilton, field CISO of cybersecurity firm Lumifi Cyber.

Artificial intelligence-based tools are among the most promising advancing technologies for healthcare sector organizations to help to address cybersecurity resource shortages, said Chris Tyberg, CISO of medical device and consumer health product manufacturer Abbott.

The use of artificial intelligence is not only reshaping healthcare delivery in the sector but also healthcare cybersecurity within organizations, said Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.

Legacy apps and medical devices continue to pose persistent and considerable risk to healthcare IT environments, and many organizations are still unaware of their prevalence in their settings, said Keith Fricke, partner and principal consultant at tw-Security, who discusses mitigation steps to take.

State privacy laws, such as Washington State's My Health My Data Act, could throw a curve ball in the use of certain consumer information for artificial intelligence and machine learning endeavors, said regulatory attorney Adam Greene of the law firm Davis Wright Tremaine.

Quantum computing could bring the next technology "revolution" in healthcare, but organizations will face critical cybersecurity issues when quantum becomes a reality, said attorney Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

So far, medical devices affected in ransomware attacks have mostly been a casualty of IT networks being taken offline. But the potential nightmare scenario is a targeted device attack in which cybercriminals threaten to kill patients, said Dr. Eric Liederman, CEO of consulting firm CyberSolutionsMD.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The adoption of privacy enhancing technologies, including fully homomorphic encryption, can help secure data as it is collected, integrated and shared for detecting and responding to public health emergencies such as bird flu, said Kurt Rohloff, co-founder and CTO of Duality Technologies.