Reno, Nev.-based Renown Health is tightening its cybersecurity posture as AI-driven threats evolve rapidly and external attacks grow more sophisticated.
Steven Ramirez, chief information security and tech officer, said the recent emergence of autonomous AI attacks — including one linked to the Chinese government — signals a turning point for health systems already under pressure to secure sprawling digital footprints.
Threat actors can now use AI to automate reconnaissance, craft targeted phishing campaigns and accelerate attack timelines in ways that were not possible even a year ago.
“AI is continuing to be a buzzword, but a lot more of that’s coming to fruition. We saw the news that the Chinese government did the first ever AI autonomous attack on some various interests,” he said during an interview with the “Becker’s Healthcare Podcast.” “We finally saw how threat actors can leverage AI to target various organizations.”
The news compressed the window health systems have to detect and respond to attacks. Threat actors no longer need weeks or months to understand a health system’s structure, partners or leadership.
“They can learn so much about the organization, leadership, players, service lines, partners, and all of that in a click of a button or a phrase,” he said. “So that’s really where we’re having to stay up to speed and continue to evolve and make sure that we’re addressing these risks as we move forward.”
AI adoption requires a disciplined, reality-based view
Inside Renown, leaders are distinguishing cybersecurity and technology platforms with real value from marketing hype by building a governance structure that prevents uncontrolled pilots or poorly understood tools from entering the environment. That started with education.
“There’s a lot of different AI buzzwords and what is AI and not AI,” Mr. Ramirez said. “There’s machine learning. There’s using AI for searching. There’s autonomous AI that uses machine learning. There’s different components that make up AI.”
With the complexity and constant evolution of AI, it’s a challenge for leaders to decide whether to build internally, partner with an outside organization or invest in new technology. Executives need to evaluate build-versus-buy decisions with discipline, leaning on established partners where possible and avoiding unnecessary internal development. Mr. Ramirez and his team take a deeper dive into each AI-driven project to understand which option makes the most sense.
“Is this something that you want to go with a tried and true partner like the Microsofts of the world or the Epics that have embedded road maps with AI versus thinking that we’re gonna try to build it, and create a lot of these components ourselves,” he said. Using mature tools, he argued, reduces time to implementation, improves security and cuts long-term maintenance overhead.
Just as importantly, leaders need strong data governance, because any AI model is only as good as the data feeding it.
“If you’ve got machine learning, you’re looking at activities and components over time or actually leveraging the data to make decisions. I know there’s a lot of opportunities on both sides of the house with both types of AI,” said Mr. Ramirez. “That’s the importance of having strong AI use cases where you can crawl, run, walk and do your due diligence to really make sure you’re protecting your organization from the data protection standpoint. There’s a lot of different security tools we can leverage to make sure we’re keeping all the data in house and make sure the data isn’t being misused.”
Cybersecurity strategy must scale with organizational growth
As Renown expands its digital front door and virtual clinical offerings, Mr. Ramirez said cybersecurity risk increases accordingly. The CISO’s role is not only to secure systems but to shape culture and embed good practices across every growth initiative.
“It’s important for us to make sure that we’re aligning to the strategy and growth of the organization just because of how technology is enabled and the digital front door that we’re continuing to grow, optimize, and expand,” he said. “That’s just expanding your risk profile.”
Cybersecurity leaders must act as translators — bringing emerging threats, real-world events and risk indicators into boardrooms and operational meetings.
“It’s always important that CISOs are storytellers. We need to understand how to educate people,” said Mr. Ramirez. “For example, after the first autonomous AI attack, we communicated that to my governance, compliance, audit and steering committee. We also had our operational meetings where we share what we’ve been focused on and building a foundation to put investments and controls to help protect against this. It’s building a layered approach to make sure we’re protecting against today’s threats and the threats of tomorrow with how the technology continues to evolve.”
To reinforce this culture, Renown uses multiple committees and governance bodies to review new technology, vet risk and maintain situational awareness across departments.
“If it’s ingrained into people’s DNA, they know cybersecurity is an important pillar,” he said.
The fundamentals still matter more than the hype
Despite the rapid evolution of AI, the most effective cybersecurity strategy is still built on fundamentals like identity protection, patching, access controls and monitoring.
“I think the hype of AI really makes people think that we have to change our approach. But from the cybersecurity practice, if we focus on the fundamentals, it’ll set us up for success with any net new technology or emerging risk,” said Mr. Ramirez. “If you really think about looking at phishing or social engineering, that’s going to be something threat actors use to try to target organizations. If you’re thinking about vulnerability management and watching, that’s going to apply to AI and technologies as well.”
Identity access management as the single most important investment, especially in constrained financial environments. Multifactor authentication, privileged access management and visibility into service accounts are nonnegotiable elements of defense.
AI-enhanced analytics can help health systems make tactical, data-driven decisions, especially as resources tighten. As financial pressure forces health systems to reduce or flatten IT budgets, governance becomes even more critical.
“Governance is free,” Mr. Ramirez said. “Strong governance goes a long way within the organization and being creative in how you can attack different components. For example, we see a rise in phishing targeting various players, so we’ve invested a lot in technologies, awareness and training, but have also looked at blocking certain roles from having external email. That’s a no- or low-cost concept. As we continue to look at the headwinds and potentially need to look at cost reductions, staying flat from our overall budgets means it’s really important to think outside the box and do a lot of foundational elements very well versus chasing all the shiny bright objects within IT.”
Renown has layered its governance model across committees, risk assessments, onboarding workflows and contract approvals to ensure cybersecurity is not an afterthought.
“We want to not be Swiss cheese in our intake process,” he said.
The system has cybersecurity assessments and AI assessments to understand how AI is used with all technology coming in and confirm the technology will integrate well within the current IT ecosystem. He personally signs off on all technology purchases, ensuring each tool undergoes a security review before it reaches production systems.
“That’s a lot more work,” he said. “But puts the accountability on us to make sure that we’re actually reviewing, looking at the cybersecurity posture, looking at any risk that some technologies might be bringing into the organization.”
Looking ahead
Mr. Ramirez said the next major opportunity is AI-driven automation for IT service desks and operational workflows. He expects conversational AI to become a front-line support tool that reduces labor needs and resolves routine issues more efficiently. The health system can leverage technology and the human talent to scale the service desk up or down based on need.
“The basic elements are where AI can support the service desk, as well as not taking, research and decision analytics once we get to that point,” said Mr. Ramirez. “There’s a lot of opportunity in the progression we’re seeing with AI and being able to actually start to deliver in some of these key areas as well as night and day expansions and actual usability on the clinical side to help curb physician burnout, more process optimization, real time data analytics and more.”
