Select Page

Zero Trust, AI Governance & Shadow AI Podcast | Clearwater

Health Stealth Radio, host Frank Ketida

Healthcare Cybersecurity: Zero Trust, AI Governance & Shadow AI

Healthcare cybersecurity is changing faster than most programs can absorb. In this first episode of Health Stealth Radio, host Frank Ketida sits down with Dave Bailey, Vice President of Consulting Solutions and Strategy at Clearwater, for a direct conversation about the threats that rarely make the conference stage. Dave spent his early career in Air Force cyber, ran security for a multi-hospital health system, and has spent nearly a decade advising healthcare organizations face to face. His read on the landscape is practical, and it is not always comfortable.

What you will hear in this episode

  • Why zero trust is a multi-year engineering program in healthcare, not a purchase.
  • How attackers are already using Artificial Intelligence (AI) to sharpen social engineering.
  • Where agentic AI is genuinely useful, and where it gets dangerous near the point of care.
  • Why you cannot govern the shadow AI you have never inventoried.
  • How to treat quantum readiness as a board-level risk starting now.

Zero trust in healthcare, and the case for resilience

Zero trust has become table stakes. Saying the words is easy. Dave's point is that the hard part is engineering the basic building blocks underneath it: network segmentation, minimum access, and a defensible design rather than tools bolted on after the fact. Healthcare carries an unusually large attack surface, so those fundamentals take years, not quarters.

His preferred frame is resilience, defined plainly as the ability to operate under duress. You do not know whether your program can take a hit until you practice taking one.

If it was easy, it would already be done. Dave Bailey on implementing zero trust in healthcare

Agentic AI and the governance question

On agentic Artificial Intelligence, Dave draws a simple line: the closer a tool sits to the point of care, the riskier its deployment, and the more governance it demands. Farther from care, in administrative work like scheduling and billing, the same tools can save real time when the right controls are in place.

Regulatory responsibility does not ease with AI. It intensifies. Signing a Business Associate Agreement (BAA) for an enterprise AI platform does not automatically make every downstream connection compliant. Governance, he argues, only gets an organization to the start line. Managing the risk across the full lifecycle of the model is the actual work.

Governance is getting to the start line. You still have to manage the risk throughout the lifecycle. Dave Bailey on AI governance in healthcare

Shadow AI: you cannot govern what you cannot see

Every vendor claimed to be AI-powered two years ago. Now the questions are harder, and the tools staff quietly adopt are multiplying. Dave's guidance is unglamorous and correct: build an AI inventory first, because governance begins with knowing what is actually in use across the environment.

Quantum readiness as a managed risk

Quantum computing is not an immediate threat, but it is a real one, and Dave recommends treating it the way any serious risk is treated. Put it on the board agenda. Inventory the cryptography the organization relies on today. Plan the transition to quantum-safe encryption before the timeline forces the decision.

The human cost: CISO burnout

The conversation closes on something no framework solves. Flat budgets, thinner margins, and a threat environment that never pauses have made burnout among healthcare Chief Information Security Officers (CISOs) very real. It is a fitting note for a show built to talk about the parts of cybersecurity people would rather not say out loud.

Healthcare cybersecurity questions this episode answers

What is the biggest AI threat in healthcare cybersecurity today?

Social engineering. Attackers use Artificial Intelligence (AI) to make phishing and impersonation more convincing, so the fastest-moving risk is human-targeted, not just technical.

Why is zero trust so hard to implement in healthcare?

Healthcare has an unusually large attack surface. The basic building blocks, network segmentation and minimum access, are lengthy engineering efforts, so zero trust is a multi-year program rather than a switch you flip.

What is shadow AI, and why does it matter in a hospital?

Shadow AI is Artificial Intelligence (AI) tools used by staff without governance or an inventory. You cannot govern what you cannot see, so building an AI inventory is the first step.

Is agentic AI safe to use in healthcare?

It depends on distance from care. The closer to the point of care, the higher the risk. Administrative uses are lower risk when governance and human review are in place.

How should healthcare organizations prepare for quantum computing risk?

Treat quantum as a managed risk and a board-level topic. Inventory the cryptography you rely on now and plan the transition to quantum-safe encryption.

Facing these decisions in your own program?

Clearwater's consultants help healthcare organizations build zero trust, govern Artificial Intelligence, and grow resilience. Get out of the storm and into Clearwater.

Talk with our consultants

Healthcare—Secure, Compliant, Resilient

Health Stealth Radio, Episode 1. Featuring Dave Bailey, Clearwater. © Clearwater Security & Compliance.

Related Blogs

No results found.