Recap 2023 Predictions 2024 – Ep 439 

It’s time to recap Donna and David’s 2023 HIPAA and cybersecurity predictions and hear what their crystal ball says about what to look out for in 2024. And, since AI exploded in 2023, we asked ChatGPT for predictions for 2024 too.

In this episode:

Recap 2023 Predictions 2024 – Ep 439

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Thanks to our donors.

April 9-12, 2024 HIPAA PriSec Boot Camp!!!!

Will be held in Atlanta. Exact location TBD

Recap 2023 Predictions 2024

[07:22] 2023

1. ✔ Cyber Coverage costs will be driving adoption of formal cyber security programs, more than regulations.
   1. Regulators can’t easily do what your insurance company can do.
2. ✔ Tight budgets will continue to squeeze out as much as possible from IT and cybersecurity but there isn’t much more than can be squeezed.
   1. These budgets were already short and it showed.
   2. Those who cut more will be most likely to worry about the impacts from item 1
3. ✔ Recognized Security Practices education will begin to create discussions with leadership concerning implementation.
4. ✔ Healthcare cybersecurity will get attention in Congress since it is one of the very rare things that both sides can work together to accomplish something.
5. ✔ Cybersecurity will change at an even faster pace on both sides. Threats will increase and evolve at a faster rate. Cybersecurity defenders (tools, info, etc.) will also see a more rapid change. Hang on for the ride.
6. [16:30] Web 3.0 and ✔ AI will be the buzz words of the year working in tandem.
7. ✔ Human-operated ransomware will become a bigger threat. As advanced attacks continue to emerge, human-operated ransomware is becoming an inevitable threat. As these ransomware gangs use increasingly sophisticated techniques, security teams must adapt their protection strategies accordingly.
8. ✔ As much as I don’t want to put this on the list again… Supply Chain will still be big news. Watch out MSPs.
9. Attacks against critical infrastructure will be a problem (not just cyber).
10. ✔ Donna and David will refresh and relaunch HIPAA For MSPs and Kardon Club. It will be the premier and exclusive resource for PriSec, both within healthcare entities and Managed Service Providers. CHMSP will be the only certification for MSPs accredited by a healthcare accreditation association.
11. User authentication methods will change (and hopefully improve). Google has just released a new authenticated token system that, once more widely adopted, will be a move in the right direction. We already did an episode on new options earlier this year when we covered FIDO.
12. ✔ Cyber Risk Management will proliferate

[22:52] 2024

1. When do we hit singularity?
   1. Definition from Google Dictionary – a hypothetical moment in time when artificial intelligence and other technologies have become so advanced that humanity undergoes a dramatic and irreversible change.: “maybe the singularity just happened, and we didn’t notice”.
2. HMWH releases a rap theme song
3. HIPAA changes for security will fuel the push for using HICP, CPGs and other frameworks
   1. CPGs are the outcomes we need and HICP is how we get there.
   2. No proof means you aren’t doing it at all.
   3. Things like MFA will be bare minimums. The problem is even MFA is already becoming less effective. Next steps will be considered advanced for a much shorter time than it took MFA to become the standard. AI will see to it one way or another.
   4. If you are behind, start ASAP. We’ve been saying this for a long time. If these things had caught on voluntarily the regulations would need to be changed.
4. [31:39] Exploits, the new ransomware.
   1. There will be a shift from bad actors in attacking organizations to get PHI and PII for extortion to selling the org’s exploitable data, such as vulnerabilities, identities, privileges, and hygiene. They will offer an amount for them to stop selling it but you can bet, just like the data, they are honest criminals and get rid of everything.
   2. Orgs with regulations may see bad actors reporting the breach for you.
   3. The extortion techniques will continue to evolve and adapt to the protections we all put in place.
   4. As long as people are paying the ransom amounts this will not get better it will keep getting worse.
   5. Watch for AI to become the one that is trained to actually have a conversation with victims using phishing to get them replying and offering up everything they need. Then, they sell that to someone to use and they keep moving to the next victim. It can operate 24/7 in any language and any tone.
5. AI ups and downs.
   1. AI will continue to evolve and the fight for top dog will be fierce. This can be good and bad for consumers from the standpoint of options, but may be very risky from a privacy and security standpoint.
   2. “Crapware” will be a problem, adding to the cyber risk landscape.
   3. Gartner Predicts 2023 report “By 2025, the consumerization of AI-enabled fraud will fundamentally change enterprise attack surface driving more outsourcing of enterprise trust and focus on security education and awareness.”
   4. Recommendations on the advancements of deep fakes don’t make it easy for the bad guys to recreate your likeliness or steal your voice based on publicly available data. We are totally screwed there!
   5. Wait until the AI itself gets hacked. Saw this term and got nervous: LLLMs (Leaky Large Language Models).
   6. We must have AI working on our behalf with our tools and protections to give us a fighting chance.
6. [39:09]Increase in hacktivism.
   1. It is an election year. Deepfakes?
   2. Increase in worldwide unrest gives rise to cyber warfare far more than people know.
   3. AI will help make these bigger issues to deal with.
   4. Pakistan PM voice created with AI used to send a speech from prison.
7. “People” problems will continue to fuel threats. There are always too few or too many people
   1. Gartner Predicts 2023 report “By 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.”
   2. The Gartner 2022 secure behavior research shows that “when incentivized to meet delivery goals, technology innovation or a fast-paced release cycle, business technologists are likely to take more risks.”

ChatGPT’s thoughts

1. Increased Reliance on Cloud Services: Small healthcare businesses are likely to increasingly rely on cloud-based solutions for data storage and management. Cloud providers often offer enhanced security features that can be more cost-effective and efficient for small businesses than developing in-house solutions. However, this will also require careful vetting of providers for compliance with healthcare regulations like HIPAA.
2. Enhanced Training and Awareness Programs: As small businesses may not have the same resources as larger organizations for sophisticated security systems, there will be a greater emphasis on training staff in cybersecurity best practices. Educating employees about phishing scams, proper handling of sensitive data, and safe digital practices will be crucial.
3. Collaboration for Cybersecurity Resources: Small businesses might collaborate to share resources and information regarding cybersecurity. This could include community-driven platforms for sharing threat intelligence, pooling resources for more robust security tools, or joint training initiatives.
4. Adoption of Telehealth-specific Security Measures: With the rise of telehealth, small healthcare providers will need to implement specific security measures to protect remote communications and patient data. This could include encrypted communication channels, secure patient portals, and stringent access controls.
5. Greater Scrutiny on Vendor Risk Management: Small healthcare businesses will need to carefully assess and manage the security risks posed by third-party vendors. This means conducting thorough security assessments of vendors, especially those who handle sensitive health data, and establishing clear contracts that stipulate compliance with privacy regulations.

For small businesses, balancing budget constraints with the need to maintain high standards of data security and privacy will be a key challenge. The predictions above highlight potential strategies and trends that could help small healthcare businesses navigate these challenges in 2024.

That’s our recap of last year’s predictions and our new predictions for 2024. Here’s to a better, more productive, secure and successful 2024! Happy New Year, everyone!

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.