Skip Sorrels, field CTO and CISO at security firm Claroty, said awareness training, akin to a phishing exercise, will be needed to prepare healthcare workers to engage with AI tools responsibly, without over-relying on automation or compromising human oversight.
“There's the essence of a tabletop exercise. I can imagine a phishing simulation, but done in the form of AI,” Sorrells said.
For example, “They're going through situations like quizzes, and they're using AI, but essentially AI is training them that it's not something that should be introduced into AI, this is an open platform, it's not safe, it's not safe within the walls of a university or a hospital,” he said.
This kind of scenario-based training would be most meaningful, he said. “I think AI has to be situation-based because it means different things to different people.”
Preparing and training healthcare workers to use AI responsibly and safely is just one of several critical aspects needed for healthcare AI governance, he said.
In this audio interview with Information Security Media Group (see audio link below photo), Mr. Sorrels also talked about:
- Other important aspects of healthcare AI governance.
- How should the governance of AI in healthcare respond to the increasingly sophisticated use of AI by threat actors?
- Public and private sector collaboration to build a strong framework for AI healthcare.
- Healthcare AI developments to watch over the next year.
Sorrells is a cybersecurity leader with more than 25 years of experience building and scaling robust security programs, particularly in the healthcare sector. He started his career as a nurse in Texas before transitioning into the technology industry, contributing to cybersecurity architecture and solutions for the U.S. Department of Defense at Dell. Prior to joining Claroty, Sorrels served as Director of Cybersecurity at Ascension Healthcare, where he built and led a medical device security program that evolved into extensive OT and XIoT cybersecurity initiatives.
