Risk Never Sleeps, Episode #141

AI’s Dark Side: Phishing, Deepfakes, and the Future of Risk
Guest: Ross Leo, Chief Information, Compliance, and Privacy Officer at InvisALERT Solutions
Host: Ed Gaudet
Date: September 11, 2025

Episode Overview

This episode dives into the evolving landscape of digital risk in healthcare, focusing on AI’s role in phishing, deepfakes, and security threats. Ed Gaudet speaks with Ross Leo, an industry veteran whose career has spanned NASA, the military, and healthcare technology, about protecting patient safety amid rapid technological changes. The discussion covers practical cybersecurity, the growing sophistication of attacks, and the human side of risk.

Key Discussion Points

Ross Leo’s Role & InvisALERT Solutions

[00:53–03:25]

• InvisALERT Solutions provides patient safety compliance monitoring software for hospitals and emergency departments.
• Ross oversees security, privacy, and HIPAA compliance, ensuring their systems are resilient against cyber threats and don't become weak points in the healthcare supply chain.
• Quote:

  “Our priorities are making sure that as part of our customers’ supply chain, we are... the strongest link to defend them.” (Ross Leo, 02:59)

Top Threats in Healthcare: Protecting PHI

[01:42–03:25]

• Protected Health Information (PHI) is highly sought after by hackers and ransomware gangs due to its value and inadequate defenses compared to industries like banking.
• Ross's focus: building systems that are hard to infiltrate while supporting healthcare teams under pressure.
• Human error remains a core risk, but system design can minimize unintentional mistakes.

Phishing in Healthcare: Prevention by Design

[04:58–06:08]

• InvisALERT’s platform minimizes phishing risk by avoiding traditional email channels:

  “Our system... is not subject to phishing... the main delivery vehicle for a phish is going to be email. Our system is cloud-based and there is no email component built into it.” (Ross Leo, 05:06)

• All communication is geofenced and walled off from the broader internet; only insiders can access messaging features, greatly reducing external attack surfaces.

The Next 10 Years: AI-Driven Threats

[06:15–10:20]

• Ross foresees attackers increasingly using AI for more convincing phishing, deepfakes, and social engineering—making malicious messages indistinguishable from trusted contacts.
• AI is a tool, not inherently good or evil; its impact depends on the user’s intent.
• Quote:

  “With visuals like deepfake... I can make anything look like anybody, and then with AI, I can make it sound like or read like anybody…” (Ross Leo, 07:00)

• The biggest concern: once AI-generated attacks pass the “Turing Test,” humans may not distinguish real from fake, raising the need for new detection methods.
• Discussion of global expansion of threat actors, with a focus on young, tech-savvy individuals entering cybercrime as a viable path.

AI, Sentience, and the "Terminator" Scenario

[10:20–13:31]

• Ed raises the sci-fi prospect of autonomous, evil AI agents. Ross is skeptical of true AI sentience, emphasizing the lack of human-like moral perception in machines:

  “...there’s no way to program morals into it. Not really. Not the way that our brains work anyway.” (Ross Leo, 12:46)

• Any “evil” AI actions are fundamentally traceable to human programming and intent.

Reflections on Risk, Career, and Decision-Making

[13:51–20:01]

• If Ross could advise his 20-year-old self: deeply analyze risk, recognize its multiple dimensions (physical, technological, financial), and understand that risk carries opportunity as well as threat.
• Quote:

  “Risks also represent the opportunity to do something good, because risk works both ways.” (Ross Leo, 14:50)

• His riskiest life decision: joining the U.S. Navy without prior intent, which ultimately set him on a successful path.

Lessons from NASA and Healthcare Risk

[20:38–24:08]

• Military service led to a career at NASA, teaching Ross the consequences of poor risk assessment (e.g., Challenger disaster).
• NASA’s and healthcare’s approaches to risk assessment both focus on preemptively considering “how could this possibly go wrong” and using risk thoughtfully to add value.
• Quote:

  “I will say that working at NASA was the coolest job ever. ...It really taught me a lot about how the real world worked and how risk functions in the real world.” (Ross Leo, 23:00)

Advice for Breaking Into Cybersecurity & Healthcare

[27:27–35:13]

• For healthcare: demonstrate firsthand experience with care delivery or medical tech, as credibility in health requires a relevant background.
• For cybersecurity: a computer science foundation helps, but networking, programming, and even hands-on roles like access control are good entry points.
• Ross's own career pivoted on unexpected opportunities in IT within a healthcare context—embrace unexpected paths.
• Quote:

  “Don’t be afraid to go down a path that you may not have actually planned for.” (Ed Gaudet, 34:00)

• Programming and scripting are valuable, even if not everyone has a natural inclination.

Personal Touches: Music, Memories, and West Coast Roots

[25:07–26:12; 36:12–37:49]

• If stranded with five albums, Ross picks:
  • Pink Floyd: Wish You Were Here, Animals, and The Division Bell
  • Cream: Wheels of Fire
  • Iron Butterfly: In-A-Gadda-Da-Vida
• Notably, he fondly remembers a chance encounter with Big Brother and the Holding Company featuring Janis Joplin (Anaheim, mid-60s) and has San Francisco music roots.

Notable Quotes & Memorable Moments

• On AI-enabled phishing:

  “The more it sounds like you, the more I'm going to think it's actually you.” (Ross Leo, 06:45)

• On AI and morality:

  “While it is certainly possible to program machines, thinking machines, to do evil things, they'll never have the perception of what truly constitutes something evil unless we program that into them…” (Ross Leo, 12:44)

• On risk as opportunity:

  “Risks also represent the opportunity to do something good, because risk works both ways.” (Ross Leo, 14:50)

• On military service as risk:

  “...that was probably the riskiest thing because I didn't know if it was going to be any good for me. I didn’t know if it was going to work out and I didn't know what the future joining...” (Ross Leo, 18:33)

• Advice to new grads:

  “...they can’t be afraid to go there and learn it. They need to go there with an open mind that is hungry to learn whichever way they go.” (Ross Leo, 34:13)

Timestamps of Important Segments

• [01:42]: Top risk priorities and protecting PHI
• [05:04]: How InvisALERT designs out phishing vulnerabilities
• [06:15]: AI’s emergence as an attack tool—deepfakes, phishing, Turing Test
• [10:20]: Debating the “Terminator” risk and true AI sentience
• [14:08]: Life advice, understanding risk, and career choices
• [20:38]: NASA experiences, real-world lessons of risk
• [27:34]: Breaking into cybersecurity/healthcare—the value of risk-taking
• [25:07; 36:12]: Music picks and San Francisco music scene reminiscences

Wrap-up

Ross Leo paints a nuanced picture of healthcare risk, balancing optimism with realism. He sees technological advancement as both a formidable threat and a tool for greater safety—provided organizations take risk assessment seriously, foster adaptability, and don’t underestimate the human element on either side of the cyber-battle.

For more resources:
Visit censinet.com