Speed Data: Protecting Private Healthcare Data With Doug Cox

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Our guest this week is Doug Cox, Principal Security Architect for Salesforce. Doug reflected on the beginnings of cybersecurity with host Megan Garza, recounting how a youthful prank sparked his interest in technology.

He also discussed the future of tech, particularly with the rising influence of AI, and shared why it’s so crucial to safeguard sensitive healthcare data.

The evolution of cybersecurity

A high-school hack may have landed Doug Cox in the hot seat with his principal, but it also paved the way for the Principal Security Architect’s career in technology.

“When I was a kid, we had one computer. I learned how to do a loop and was able to print out something bad about teachers 100 times,” the Salesforce pro recalled. “I got in trouble, had to pay for the paper, and my parents grounded me. So that was my first hacking attempt.”

In the early days of cybersecurity, threat actors didn’t yet have access to sophisticated malware or bots. Instead, their method of attack was of the dial-tone variety.

“Cybersecurity started to really show up with phone hacking,” Doug said. “Back in the day, you could use this 2,600 MHz sound and open up a long-distance phone call. And then, as the internet grew, I became more aware of cybersecurity with every job I took.”

“Back in the 80s, we were more concerned about physical security than anything else — people getting in and messing with equipment and things like that.”

“It’s been quite a journey,” he said.

Ransomware’s unexpected risk in healthcare

Today, Doug works closely with customers in the health and life science sector, helping them understand security and compliance and guiding them through the complicated regulatory landscape.

“HIPAA is something I deal with on a daily basis, and it tends to be a bit of a murky thing,” he said. “There are some really hard requirements our customers face when it comes to HIPAA and HITRUST.”

Customers are also interested in better understanding ransomware and exploring ways to safeguard their data, Doug said.

“Our customers want to know about ransomware and how they can help prevent attacks.”

Protecting critical data from ransomware is crucial in highly regulated sectors like healthcare. However, Doug pointed out that giving in to attackers' demands can have serious consequences.

“They set a precedent and it’s a lot of very sensitive information contained in health records, so it’s a big deal.”

The ethical implications of gen AI

As Doug looks toward the future, he emphasizes the importance of collaborating with his customers.

“You have to understand ethical standards as well. We talk about this in our AI world; we want to make sure AI is done ethically and correctly for customers — as well as securely,” he said.

Since 2022, the use of AI to generate content, videos, photography, code, and more has spread like wildfire. However, bad actors can manipulate gen AI tools to write malicious code, locate vulnerabilities, launch large-scale attack campaigns, and generate fake data sets for extortion attempts. 

To secure your org’s sensitive data, you must recognize the advantages and potential issues with generative AI and establish guidelines for acceptable sharing practices. 

If you’re interested in deploying AI copilots at your organization, start with Varonis’ free Copilot Security Scan. This assessment provides you with a summary of your Copilot data security risks and delivers practical advice for an effective generative AI rollout.