Speed Data: Protecting Private Healthcare Data With Doug Cox

The Salesforce leader emphasizes the importance of securing sensitive healthcare data
Megan Garza
2 min read
Last updated October 14, 2024
Megan Garza and Doug Cox

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Our guest this week is Doug Cox, Principal Security Architect for Salesforce. Doug reflected on the beginnings of cybersecurity with host Megan Garza, recounting how a youthful prank sparked his interest in technology.

He also discussed the future of tech, particularly with the rising influence of AI, and shared why it’s so crucial to safeguard sensitive healthcare data.

The evolution of cybersecurity

A high-school hack may have landed Doug Cox in the hot seat with his principal, but it also paved the way for the Principal Security Architect’s career in technology.

“When I was a kid, we had one computer. I learned how to do a loop and was able to print out something bad about teachers 100 times,” the Salesforce pro recalled. “I got in trouble, had to pay for the paper, and my parents grounded me. So that was my first hacking attempt.”

In the early days of cybersecurity, threat actors didn’t yet have access to sophisticated malware or bots. Instead, their method of attack was of the dial-tone variety.

“Cybersecurity started to really show up with phone hacking,” Doug said. “Back in the day, you could use this 2,600 MHz sound and open up a long-distance phone call. And then, as the internet grew, I became more aware of cybersecurity with every job I took.”

“Back in the 80s, we were more concerned about physical security than anything else — people getting in and messing with equipment and things like that.”

The threat landscape went from nothing to everything now.

Doug Cox, Salesforce Principle Security Architect

 

“It’s been quite a journey,” he said.

Ransomware’s unexpected risk in healthcare

Today, Doug works closely with customers in the health and life science sector, helping them understand security and compliance and guiding them through the complicated regulatory landscape.

“HIPAA is something I deal with on a daily basis, and it tends to be a bit of a murky thing,” he said. “There are some really hard requirements our customers face when it comes to HIPAA and HITRUST.”

Customers are also interested in better understanding ransomware and exploring ways to safeguard their data, Doug said.

“Our customers want to know about ransomware and how they can help prevent attacks.”

Protecting critical data from ransomware is crucial in highly regulated sectors like healthcare. However, Doug pointed out that giving in to attackers' demands can have serious consequences.

One company paying off that ransom puts all the other companies at risk.

Doug Cox, Salesforce Principle Security Architect

 

“They set a precedent and it’s a lot of very sensitive information contained in health records, so it’s a big deal.”

The ethical implications of gen AI

As Doug looks toward the future, he emphasizes the importance of collaborating with his customers.

You need to listen to and understand your customers, and plan for upcoming risks. And you need to be able to instill this proactiveness into your customers.

Doug Cox, Salesforce Principle Security Architect

 

“You have to understand ethical standards as well. We talk about this in our AI world; we want to make sure AI is done ethically and correctly for customers — as well as securely,” he said.

Since 2022, the use of AI to generate content, videos, photography, code, and more has spread like wildfire. However, bad actors can manipulate gen AI tools to write malicious code, locate vulnerabilities, launch large-scale attack campaigns, and generate fake data sets for extortion attempts. 

To secure your org’s sensitive data, you must recognize the advantages and potential issues with generative AI and establish guidelines for acceptable sharing practices. 

If you’re interested in deploying AI copilots at your organization, start with Varonis’ free Copilot Security Scan. This assessment provides you with a summary of your Copilot data security risks and delivers practical advice for an effective generative AI rollout. 

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-rethinking-traditional-cybersecurity-principles-with-rick-howard
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
speed-data:-thinking-from-a-cyberattacker's-perspective-with-dalal-alharthi
Speed Data: Thinking From a Cyberattacker's Perspective With Dalal Alharthi
Dr. Dalal Alharthi talks about the importance of organizations anticipating a breach and seeing the world through the eyes of an attacker.
speed-data:-hiring-the-right-cybersecurity-professionals-with-leah-mclean
Speed Data: Hiring the Right Cybersecurity Professionals With Leah McLean
Cofounder of the nonprofit Whole Cyber Human Initiative, Leah McLean, shares her advice for recruiting teams looking for cybersecurity superstars and why it’s so important for women to have representation in tech.
speed-data:-behind-the-scenes-of-cyber-insurance-recovery-with-scott-godes
Speed Data: Behind the Scenes of Cyber Insurance Recovery With Scott Godes
Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP, chats about the importance of cyber insurance, and how data privacy has evolved.