Becker’s Healthcare Podcast — Episode Summary

Guest: Steven Ramirez, Chief Information Security Officer & Tech Officer, Renown Health
Host: Laura Dardo
Release Date: December 1, 2025

Overview

In this episode, Laura Dardo sits down with Steven Ramirez, CISO and Tech Officer at Renown Health, to discuss the rapidly evolving landscape of cybersecurity in healthcare. The conversation dives into the unique threats posed by AI, the importance of governance, the growing need for strong identity and access management, and innovative ways to embed cybersecurity into organizational culture—all amid tightening budgets. Ramirez highlights proactive initiatives and emerging opportunities at Renown Health, offering listeners pragmatic advice and real-world examples from the front lines of healthcare IT.

Key Discussion Points & Insights

Steven Ramirez's Background and Renown Health

Renown Health is a major integrated health system in Northern Nevada, with diverse patient populations and service lines.
Ramirez has served as CISO and Tech Officer for nearly four years, overseeing cybersecurity across various community-focused facilities.
[00:39] — "We're integrated health system, four different locations and fresh transplant center, urgent care where the area trauma center. So really a lot of different service lines." — Steven Ramirez

The Rising Threat of AI-Driven Attacks

Headline Event: Recent reports of the "first ever AI autonomous attack" instigated by the Chinese government serve as a wake-up call to the healthcare sector. [01:34] — “We finally saw how threat actors can leverage [AI] to target various organizations. ... AI is only going to get more sophisticated in tactics and techniques.” — Steven Ramirez
AI enables even less technically skilled attackers to become more sophisticated quickly, automating reconnaissance and increasing the speed and depth of attacks.
AI’s use in phishing, social engineering, and intelligence-gathering is rapidly accelerating, requiring healthcare organizations to evolve defense strategies.

Governance & Strategic AI Adoption

Strong, informed governance is essential as AI buzz grows, ensuring leaders distinguish between true AI, machine learning, and traditional tech enhancements. [03:48] — “It's really critical to have strong governance because there's a lot of different AI buzzwords and what is AI and not AI.” — Steven Ramirez
Build vs. Buy: Leaning on established partners (e.g., Microsoft, Epic) for AI capabilities can ease implementation and security challenges, especially versus building proprietary tools from scratch.
Data governance is crucial: ensuring tight control over data access, use, and protection prevents unintended leakage or misuse, a key risk with AI-powered tools.

Cybersecurity Hygiene & Organizational Alignment

Expanding digital patient engagement increases the “risk profile,” heightening the urgency for strong cybersecurity principles to be foundational, not an afterthought.
Embedding cybersecurity as a cultural pillar involves active education—Ramirez acts as “storyteller” and “evangelist” internally, working through multiple committees to raise awareness and maintain focus. [06:18] — “I always say, being storytellers. … It's again building in that layered approach to really just make sure that we're protecting against today's threats and the threats of tomorrow.” — Steven Ramirez

Skills, Fundamentals & Evolving Talent Needs

Despite technological hype, the fundamentals—patching, vulnerability management, strong access controls—are more critical than ever.
[09:01] — “If we focus on the fundamentals … it’ll set us up to be successful in any net new technology, emerging risk, etc.” — Steven Ramirez
Ramirez takes an "all hazard" or emergency management approach: robust practices apply no matter the technology.

Budget-Aware Best Practices & Identity Management

Governance is emphasized as a high-impact, low-cost option: “Governance is free.”
Creative solutions, like restricting external email for certain roles, can enhance protection without major investment.
Identity and access management is foundational, as Ramirez notes, “80% of all cybersecurity events and attacks stem from an identity based attack.” Multi-factor authentication, privileged access management, and identity governance are highlighted as strategic priorities. [11:49] — "I Consider myself an Identity junkie, that 80% of all cybersecurity events and attacks stem from an identity based attack. So ... strategically on identity will go a long way for organizations." — Steven Ramirez
Widespread staff training and harnessing organizational culture creates a "first line of defense."

Unique Approaches at Renown Health

Layered Intake & Approval: Multiple committees (President’s council, finance, IT, legal, auditing/compliance, governance, business continuity, etc.) vet all new initiatives, with phase-gate and final CISO sign-off baked into the process.
Preemptive Assessment: All new technology undergoes standard cybersecurity and AI capability review before integration. [14:48] — “We also have an intake of doing cybersecurity assessments, AI assessments … getting that much information up front and then understanding how that tech's going to work in your ecosystem ... puts the accountability on us to make sure that we're actually reviewing.” — Steven Ramirez
Ramirez acknowledges governance can be “tiresome” but views it as vital for risk reduction and strategic alignment.

AI in Service Desk & Meeting Physician Burnout

Highlights “voice calling and AI” as a powerful future lever to reduce costs and automate level 1–2 support desk functions.
Envisions AI handling common requests (“password reset,” “how do I…") to scale operations efficiently. [17:19] — “I think voice calling and AI is going to be a huge opportunity ... now to the point that we have Autonomous AI ... if you think about being able to build knowledge base for some of the key areas ... that can help drive down the necessity of having a service desk fully staffed.” — Steven Ramirez
On the clinical side, AI promises to impact physician burnout, real-time analytics, and process optimization, with rapid improvements in adoption and usability.

Notable Quotes and Memorable Moments

On AI Threat Evolution:
“We finally saw how threat actors can leverage it to target various organizations. ... AI is only going to get more sophisticated in tactics and techniques.”
— Steven Ramirez, [01:34]
On Governance:
“It's really critical to have strong governance because there's a lot of different AI buzzwords and what is AI and not AI.”
— Steven Ramirez, [03:48]
On Identity Management:
“I Consider myself an Identity junkie, that 80% of all cybersecurity events and attacks stem from an identity based attack.”
— Steven Ramirez, [11:49]
On Culture and Training:
"It takes everybody in the organization to be successful. ... our end users ... are some of our bigger risk items we need to look at, but also our first line of defense."
— Steven Ramirez, [13:50]
On the Future with AI-Driven Support:
“Voice calling and AI is going to be a huge opportunity ... that conversational component ... can help drive down the necessity of having a service desk fully staffed.”
— Steven Ramirez, [17:19]

Timestamps for Key Segments

[00:39] — Ramirez introduction and Renown Health overview
[01:34] — AI-aided cyber threats and implications for healthcare
[03:48] — Importance of governance and thoughtful AI adoption
[06:18] — Aligning cybersecurity with organizational strategy and culture
[09:01] — Emphasis on fundamentals regardless of changing technology
[11:49] — Critical investments in governance and identity management
[14:48] — Renown’s multi-layered technology intake process
[17:19] — AI’s promise for cost reduction, call desk automation, and clinician support

Tone & Style

The episode maintains a pragmatic, forward-looking, and candid style, fueled by Ramirez’s passion (“evangelizing,” “spreading the gospel”) and knack for distilling complex concepts into actionable advice. His approach is collaborative, emphasizing education, culture, and wrapping security into the fabric of organizational strategy.

Key Takeaways

AI brings both opportunity and new risks; defensible governance is non-negotiable.
Cybersecurity fundamentals—especially identity management—are foundational amid rapid tech change.
Proactive, layered governance and intake processes reduce risk and align stakeholders.
Effective security is cultural—education and partnership across every level is critical.
AI offers transformative opportunities, especially in reducing administrative burdens and countering clinician burnout, but vigilance is required.

For healthcare leaders navigating AI and cybersecurity, Ramirez’s advice is clear: focus on strong governance, identity defense, education, and a layered, resilient approach—without getting sidetracked by every shiny new thing.

Becker’s Healthcare Podcast — Episode Summary

Guest: Steven Ramirez, Chief Information Security Officer & Tech Officer, Renown Health
Host: Laura Dardo
Release Date: December 1, 2025

Overview

Key Discussion Points & Insights

Steven Ramirez's Background and Renown Health

Renown Health is a major integrated health system in Northern Nevada, with diverse patient populations and service lines.
Ramirez has served as CISO and Tech Officer for nearly four years, overseeing cybersecurity across various community-focused facilities.
[00:39] — "We're integrated health system, four different locations and fresh transplant center, urgent care where the area trauma center. So really a lot of different service lines." — Steven Ramirez

The Rising Threat of AI-Driven Attacks

Headline Event: Recent reports of the "first ever AI autonomous attack" instigated by the Chinese government serve as a wake-up call to the healthcare sector. [01:34] — “We finally saw how threat actors can leverage [AI] to target various organizations. ... AI is only going to get more sophisticated in tactics and techniques.” — Steven Ramirez
AI enables even less technically skilled attackers to become more sophisticated quickly, automating reconnaissance and increasing the speed and depth of attacks.
AI’s use in phishing, social engineering, and intelligence-gathering is rapidly accelerating, requiring healthcare organizations to evolve defense strategies.

Governance & Strategic AI Adoption

Strong, informed governance is essential as AI buzz grows, ensuring leaders distinguish between true AI, machine learning, and traditional tech enhancements. [03:48] — “It's really critical to have strong governance because there's a lot of different AI buzzwords and what is AI and not AI.” — Steven Ramirez
Build vs. Buy: Leaning on established partners (e.g., Microsoft, Epic) for AI capabilities can ease implementation and security challenges, especially versus building proprietary tools from scratch.
Data governance is crucial: ensuring tight control over data access, use, and protection prevents unintended leakage or misuse, a key risk with AI-powered tools.

Cybersecurity Hygiene & Organizational Alignment

Expanding digital patient engagement increases the “risk profile,” heightening the urgency for strong cybersecurity principles to be foundational, not an afterthought.
Embedding cybersecurity as a cultural pillar involves active education—Ramirez acts as “storyteller” and “evangelist” internally, working through multiple committees to raise awareness and maintain focus. [06:18] — “I always say, being storytellers. … It's again building in that layered approach to really just make sure that we're protecting against today's threats and the threats of tomorrow.” — Steven Ramirez

Skills, Fundamentals & Evolving Talent Needs

Despite technological hype, the fundamentals—patching, vulnerability management, strong access controls—are more critical than ever.
[09:01] — “If we focus on the fundamentals … it’ll set us up to be successful in any net new technology, emerging risk, etc.” — Steven Ramirez
Ramirez takes an "all hazard" or emergency management approach: robust practices apply no matter the technology.

Budget-Aware Best Practices & Identity Management

Governance is emphasized as a high-impact, low-cost option: “Governance is free.”
Creative solutions, like restricting external email for certain roles, can enhance protection without major investment.
Identity and access management is foundational, as Ramirez notes, “80% of all cybersecurity events and attacks stem from an identity based attack.” Multi-factor authentication, privileged access management, and identity governance are highlighted as strategic priorities. [11:49] — "I Consider myself an Identity junkie, that 80% of all cybersecurity events and attacks stem from an identity based attack. So ... strategically on identity will go a long way for organizations." — Steven Ramirez
Widespread staff training and harnessing organizational culture creates a "first line of defense."

Unique Approaches at Renown Health

Layered Intake & Approval: Multiple committees (President’s council, finance, IT, legal, auditing/compliance, governance, business continuity, etc.) vet all new initiatives, with phase-gate and final CISO sign-off baked into the process.
Preemptive Assessment: All new technology undergoes standard cybersecurity and AI capability review before integration. [14:48] — “We also have an intake of doing cybersecurity assessments, AI assessments … getting that much information up front and then understanding how that tech's going to work in your ecosystem ... puts the accountability on us to make sure that we're actually reviewing.” — Steven Ramirez
Ramirez acknowledges governance can be “tiresome” but views it as vital for risk reduction and strategic alignment.

AI in Service Desk & Meeting Physician Burnout

Highlights “voice calling and AI” as a powerful future lever to reduce costs and automate level 1–2 support desk functions.
Envisions AI handling common requests (“password reset,” “how do I…") to scale operations efficiently. [17:19] — “I think voice calling and AI is going to be a huge opportunity ... now to the point that we have Autonomous AI ... if you think about being able to build knowledge base for some of the key areas ... that can help drive down the necessity of having a service desk fully staffed.” — Steven Ramirez
On the clinical side, AI promises to impact physician burnout, real-time analytics, and process optimization, with rapid improvements in adoption and usability.

Notable Quotes and Memorable Moments

On AI Threat Evolution:
“We finally saw how threat actors can leverage it to target various organizations. ... AI is only going to get more sophisticated in tactics and techniques.”
— Steven Ramirez, [01:34]
On Governance:
“It's really critical to have strong governance because there's a lot of different AI buzzwords and what is AI and not AI.”
— Steven Ramirez, [03:48]
On Identity Management:
“I Consider myself an Identity junkie, that 80% of all cybersecurity events and attacks stem from an identity based attack.”
— Steven Ramirez, [11:49]
On Culture and Training:
"It takes everybody in the organization to be successful. ... our end users ... are some of our bigger risk items we need to look at, but also our first line of defense."
— Steven Ramirez, [13:50]
On the Future with AI-Driven Support:
“Voice calling and AI is going to be a huge opportunity ... that conversational component ... can help drive down the necessity of having a service desk fully staffed.”
— Steven Ramirez, [17:19]

Timestamps for Key Segments

[00:39] — Ramirez introduction and Renown Health overview
[01:34] — AI-aided cyber threats and implications for healthcare
[03:48] — Importance of governance and thoughtful AI adoption
[06:18] — Aligning cybersecurity with organizational strategy and culture
[09:01] — Emphasis on fundamentals regardless of changing technology
[11:49] — Critical investments in governance and identity management
[14:48] — Renown’s multi-layered technology intake process
[17:19] — AI’s promise for cost reduction, call desk automation, and clinician support

Tone & Style

Key Takeaways

AI brings both opportunity and new risks; defensible governance is non-negotiable.
Cybersecurity fundamentals—especially identity management—are foundational amid rapid tech change.
Proactive, layered governance and intake processes reduce risk and align stakeholders.
Effective security is cultural—education and partnership across every level is critical.
AI offers transformative opportunities, especially in reducing administrative burdens and countering clinician burnout, but vigilance is required.

wavePod

Steven Ramirez, Chief Information Security Officer at Renown Health

Powered by Wave AI

Summary

Becker’s Healthcare Podcast — Episode Summary

Overview

Key Discussion Points & Insights

Steven Ramirez's Background and Renown Health

The Rising Threat of AI-Driven Attacks

Governance & Strategic AI Adoption

Cybersecurity Hygiene & Organizational Alignment

Skills, Fundamentals & Evolving Talent Needs

Budget-Aware Best Practices & Identity Management

Unique Approaches at Renown Health

AI in Service Desk & Meeting Physician Burnout

Notable Quotes and Memorable Moments

Timestamps for Key Segments

Tone & Style

Key Takeaways

Summary

Becker’s Healthcare Podcast — Episode Summary

Overview

Key Discussion Points & Insights

Steven Ramirez's Background and Renown Health

The Rising Threat of AI-Driven Attacks

Governance & Strategic AI Adoption

Cybersecurity Hygiene & Organizational Alignment

Skills, Fundamentals & Evolving Talent Needs

Budget-Aware Best Practices & Identity Management

Unique Approaches at Renown Health

AI in Service Desk & Meeting Physician Burnout

Notable Quotes and Memorable Moments

Timestamps for Key Segments

Tone & Style

Key Takeaways