Data Privacy,
Data Security,
Fraud Management & Cybercrime
Additional Insights: U.S. Health Data Privacy Enforcement, The Reality Versus Hype of LLMs in Security
This week’s discussion features four editors from ISMG examining the disintegration of the ransomware collective Black Basta, exploring the wider implications for contemporary cybercriminal organizations, the evolving landscape of U.S. health data privacy regulations, and the true capabilities of large language models (LLMs).
The panel includes Anna Delaney, director of productions; Mathew Schwartz, executive editor of DataBreachToday and Europe; Marianne Kolbasuk McGee, executive editor of HealthcareInfoSecurity; and Tom Field, senior vice president of editorial. Their dialogue highlighted several critical issues facing the cybersecurity landscape today.
One major topic was the decline of Black Basta, which has suffered from internal discord and a loss of affiliates, yet ransomware remains a viable model with new factions continuously emerging. This ongoing evolution suggests a potential shift in adversary tactics, possibly incorporating initial access and persistence strategies as outlined in the MITRE ATT&CK framework.
Another point of discussion was the stricter U.S. health data privacy laws, epitomized by Washington’s My Health My Data Act and New York’s proposed Health Information Privacy Act. These regulations significantly influence how businesses handle consumer health information, likely escalating regulatory enforcement and resulting in complex legal challenges related to data protection. Such regulations heighten the need for organizations to understand adversary tactics like privilege escalation in their compliance strategies.
The panelists also referenced insights from a recent interview with cybersecurity and privacy experts Edna Conway, Michelle Dennedy, and Wendy Nather, who provided valuable forecasts for 2025 and how businesses might identify authentic LLM applications amidst marketing exaggerations. This highlights the necessity for organizations to differentiate between legitimate technological advancements and mere promotional hype to safeguard their operational integrity.
ISMG’s Editors’ Panel is a weekly feature, with a rich archive addressing pressing themes such as the privacy concerns surrounding the U.S. government’s AI transitions and the recent crackdown on ransomware in Russia.
