CareersLogin
besler logo
besler logo sticky
877-4-BESLER
Blog, The Hospital Finance Podcast®

The Cost of Treating Cybersecurity Like an IT Problem [PODCAST]

besler insights blog corner graphic

In this episode, Vivek Desai Chief Technology Officer for RLDatix in North America, discusses the cost of treating cybersecurity like an IT problem. 

Podcast (hfppodcast): Play in new window | Download

Subscribe: RSS | More

Learn how to listen to The Hospital Finance Podcast® on your mobile device.

Highlights of this episode include:

  • Why it’s important that healthcare organizations start treating cybersecurity and AI risks as business risks
  • Biggest barriers for executive buy-in for cybersecurity investments
  • What governance structures and safeguards are most critical at this time
  • How healthcare leaders can build a workforce that understands and practices cyber hygiene

Kelly Wisness: Hi, this is Kelly Wisness. Welcome back to the award-winning Hospital Finance Podcast.  We’re pleased to welcome Vivek Desai. Vivek is an accomplished engineering and platform executive specializing in infrastructure, data, security, and product-led growth. Vivek currently serves as the chief technology officer for RLDatix in North America where he leads digital transformation initiatives and technological strategy to drive growth and innovation. With a strong background in both business and technical leadership, he excels at building cross-functional teams and influencing strategic decisions. His extensive experience includes managing large budgets, driving cloud migration, and enhancing cybersecurity measures across various organizations. Vivek’s leadership has consistently resulted in operational efficiencies and improved service quality. His strategic vision and hands-on approach have been pivotal in achieving long-term organizational goals. In this episode, we’re discussing the cost of treating cybersecurity like an IT problem. Welcome. And thank you for joining us, Vivek.

Vivek Desai: Thank you for having me, Kelly. I’m looking forward to the conversation.

Kelly: Me too. Let’s go ahead and jump in. So, leaders often view cybersecurity as a technical concern rather than a strategic one. Why is it important that healthcare organizations start treating cybersecurity and AI risks as business risks?

Vivek: That’s a really good question. So, we want to really reframe the problem. It’s not really a business risk. It’s a fundamental shift in how we want to manage the risk and turn it into a business-continuity-and-safety-for-our-patient sort of problem. In that, right, the downtime, data loss, it’ll ultimately involve delay of care, misdiagnosis, or even potential harm to patient. AI is going to add another sort of dimension to this that we are slowly but surely getting used to, which is data integrity and algorithmic biases. So, that may lead to clinical decisions, regulatory exposures, or even reputational damage if things go totally awry. So, we have to start to treat cybersecurity and AI as business risks and reframe the conversation. So, it becomes that we’re protecting the trust, revenue, and the mission of care, not just defending servers and systems anymore.

Kelly: Completely agree with that. So, what are the biggest barriers to executive buy-in for cybersecurity investments? And how can IT leaders more effectively make the case for financial investment?

Vivek: So, I hear this problem over and over again. And the biggest barrier is the perception and the ROI. So many executives still treat cybersecurity as a cost center rather than an enabler or a resilience mechanism. They’re kind of focused on just the near-term ROI while you’re managing the cyber risks, and you’re not really talking through the longer term gain of preventing future losses, which is really hard to quantify, but still doable. What I like to recommend to some IT leaders is to transition it into a business language. You have to start to use and tie it to metrics that are around investment of avoidance of costs. And some avoidance of costs in the healthcare world would be regulatory fines, downtime, misinterpretations, and/or reputational damage. The other thing that there’s now more and more information out there is you should start benchmarking against peers and leveraging how your security maturity program is compared to others. And you want to really start to get that model that will help support that digital transformation. Ultimately, the message boils down to, “We’re not spending on cybersecurity, we’re actually investing in business continuity and patient trust.”

Kelly: No, that makes a lot of sense when you explain it that way. As health systems integrate more AI tools into operations, how should leaders approach AI oversight alongside traditional cybersecurity measures? And what governance structures or safeguards are most critical at this time?

Vivek: So, we are currently going through this process at RLDatix, and a lot of our customers are also going through this process. And what the leading indicators are is you have to have an AI governance committee, and that committee has to be multidisciplinary. It has to have, if you’re in a hospital setting, clinicians. It has to have legal. It needs to have security officers. It also needs compliance officers. If you are a SaaS provider like ourselves, you want to include data scientists and other people on your AI team. Once you get that, you then have to have this committee define a set of standards. And the three that I really like to focus on for beginners in this is model validation, data provenance, and ethical use of data and AI. So, you focus on that. You have the security team focusing on how to integrate AI threat modeling in. They got to start to look at that versus just considering network vulnerabilities and other things. So, they have to look at risks like model poisoning, data drift, and misuse of data. So those are kind of the critical safeguards. So, it kind of boils down to four key areas, AI model transparency and diversion control around it. Continuously monitoring the models for bias and performance degradation. You want to make sure you have your proper audit trails and access controls. And last but certainly not least, if you do have a AI-related incident, you need to have an incident response playbook that addresses any AI-related failures.

Kelly: No, I love that. And I do love the idea of having that AI governance committee. That was a really good call out there. With growing pressure to innovate, especially with AI, how can organizations effectively balance embracing new technologies while maintaining strong security measures? That’s a tough one.

Vivek: It is a tough one. A lot of companies are struggling in this. What we’re doing at RLDatix is we are doing something that we like to call Secure by Design and innovation. And what that means for us is we are embedding privacy, security, and compliance requirement at the earliest stages possible. Most of the time, before we even write one line of code, we get all of those teams, requirements, and buy-ins in. What that has helped us do is truly adopt an agile risk management framework. We have short iteration cycles. They’re included with regular security testing. We have the ability to do threat modeling. But also the main thing about this is governance shouldn’t be seen as a gatekeeper. We want to make sure it’s an enabler. When we get all these requirements upfront, the team has a clear understanding of path to production. Then we become a partner of innovation and not an obstacle. That’s when we can truly move faster and safer together.

Kelly: No, I love that. That’s excellent information there. So, what role does organizational culture play in cybersecurity readiness? And how can healthcare leaders build a workforce that understands and practices cyber hygiene across all levels?

Vivek: Another good question. Answers kind of vary. But where I like to go to is simply that security is not a one-person job, it’s everyone’s job. Awareness accountability have to be ingrained into daily operations in the healthcare industry and for companies like ourselves that work in healthcare. So, what we want to do and what we’ve tried to do is we continue to have regular updated training. We also provide simulated phishing attack. But the thing that we’re very proud of is we’re transparent and communicate when threats are known, and we publish them out. We help normalize the vigilance aspect of it. That also helps. Obviously, the other good thing is a good cyber hygiene program is the leadership model has to also have the right behavior. And again, we want to make sure we turn cybersecurity from a compliance task into a shared organizational value. That’s the main thing.

Kelly: Yeah. No, I love what you said that security is everyone’s job. That’s so true. Beyond protecting data from breaches, how can health systems safeguard the integrity and accuracy of patient data, particularly as AI systems rely heavily on these data sets for decision making?

Vivek: So, we’re currently doing this right now. And as you pointed out, it’s not just about confidentiality of the data, it’s about the integrity and accuracy when we’re talking AI systems. And it ultimately comes down to data quality. We need to make sure that the data is of the highest quality. It’s not corrupt, it’s not incomplete. And we have systems in place that detect biases and data sets because those three things will ultimately lead to flawed clinical insights. Currently, what we’re doing at RLDatix is we’re implementing a strong data provenance system, which tracks the data from origin all the way to insights. We also have a robust validation and deduping system in place so we can start to use that data securely. We are looking at ways of adding encryption and hashing to start detecting any sort of tampering in that data. Last but certainly not least, we have established a data stewardship role which kind of oversees the data quality across all of the departments. Those are just four ways that I think can help level up the integrity and accuracy of the patient data coming to us.

Kelly: No, we love that. Thank you for sharing that with us. And thank you, Vivek, for sharing your insights with us on the cost of treating cybersecurity like an IT problem. If a listener wants to learn more or contact you to discuss this topic further, how best can they do that?

Vivek: The best way to reach us is just go to our website, which is www R-L-D-A-T-I-X dot com, www.rldatix.com.

Kelly: Thank you so much. And thank you for joining us today, Vivek.

Vivek: I appreciate it. Thank you for having me, Kelly. It was a pleasure.

Kelly: Yes. And thank you all for joining us for this episode of The Hospital Finance Podcast. Until next time…

[music] This concludes today’s episode of The Hospital Finance Podcast. For show notes and additional resources to help you protect and enhance revenue at your hospital, visit besler.com/podcasts. The Hospital Finance Podcast is a production of BESLER | SMART ABOUT REVENUE, TENACIOUS ABOUT RESULTS.

 

If you have a topic that you’d like us to discuss on the Hospital Finance podcast or if you’d like to be a guest, drop us a line at update@besler.com.

The Hospital Finance Podcast

 

SUBSCRIBE for Weekly Insider Updates

  • Podcast Alerts
  • Healthcare Finance News
  • Upcoming Webinars

By submitting your email address, you are agreeing to receive email communications from BESLER.

BESLER respects your privacy and will never sell or distribute your contact information as detailed in our Privacy Policy.

New Webinar
Reserve Your Seat
CY 2026 OPPS Final Rule Summary

Wednesday, Jan. 14, 2026
1 PM ET

live streaming
Podcasts
Listen Now
Webinars
View Webinars
Insights
See Library

Partner with BESLER for Proven Solutions.

man creating hospital revenue integrity and reimbursement strategies