Healthcare’s AI Problem Isn’t the Model. It’s the Data. by HIPAA Vault

Everyone wants a piece of the AI gold rush.

But in healthcare, if your data is siloed, poorly labeled, and missing governance, AI can turn into a compliance problem fast.

On this week’s HIPAA Insider Show, Adam Z. speaks with Franck Leveneur, founder and CEO of Data-Sleek and former UCLA professor, about what it really takes to build AI-ready infrastructure in healthcare.

The big takeaway: having data is not the same as having AI-ready data.

Healthcare organizations may have EHRs, claims, IoT feeds, and operational records everywhere. But if that data is fragmented, lacks metadata, and has no clear lineage, it becomes much harder to trust AI outputs or explain them during an audit.

And when teams start “vibe coding” with LLMs, the risk grows. AI can generate code fast, but it can also make architectural decisions harder to understand, review, and defend.

AI should be an accelerator.
Not a substitute for governance, ownership, and human oversight.

Before deploying AI, healthcare teams need three basics:

• A clear inventory of their data

• Confidence in data quality

• Defined ownership and responsibility

Because in healthcare, AI readiness starts with governed data.

Quote of the Week
“They confuse having data and having AI-ready data.”
— Franck Leveneur

🎧 Listen on Spotify
▶️ Watch on YouTube

→ Ready to build AI on a stronger foundation?
Request a free consultation

Industry News Roundup

Iran-Linked Hackers Disrupt Medical Device Giant Stryker

Stryker is dealing with the kind of cyberattack every healthcare and medtech company fears: one that disrupts operations without ever demanding a ransom.

According to reports, the medical device giant was hit by an Iran-linked attack that appears to have involved data theft, system defacement, and the wiping of Windows-based devices across parts of the organization. The company said the incident disrupted access to certain information systems and business applications, and it has not yet provided a timeline for full recovery.

What makes this attack especially notable is not just the scale.

It is the signal.

Healthcare and medtech companies are increasingly being pulled into broader geopolitical cyber conflict, even when they do not see themselves as direct political targets. Once attackers gain privileged access, the damage can spread fast, from employee devices to core business systems.

The lesson here is simple: resilience matters just as much as prevention.

Because in this environment, cybersecurity is no longer just about protecting data.
It is about protecting operations when disruption becomes the objective.

When disruption is the goal, recovery becomes the strategy.
→ Read the full story here.

The Breach Was Fast. The Fallout Took a Year.

A cyberattack can be over in days. Figuring out exactly whose data was exposed can take a year.

Bell Ambulance has confirmed that a February 2025 cyberattack ultimately affected more than 237,000 patients, far more than initially understood when the incident was first disclosed. The ambulance provider detected unauthorized activity in its network in February 2025, but the full review of potentially compromised data was not completed until February 2026.

That gap is the story.

Healthcare breaches are not always defined by the moment attackers get in. They are often defined by how long it takes organizations to understand what was accessed, who was affected, and what data was exposed. In Bell Ambulance’s case, the compromised information included highly sensitive personal, financial, and medical data.

The same report also highlights new breach disclosures from Northwest Medical Homes in Oregon and New York plastic surgeon Alexes Hazen, MD, showing once again that no healthcare organization is too large, too small, or too specialized to avoid cyber risk.

In healthcare, the breach is only the beginning. The real challenge is everything that comes after: investigation, notification, recovery, and trust.

The hardest part of a breach is often learning how far it went.
→  Read the full breakdown here.

Big Growth. No Compliance Drama.

Healthcare companies do not need more cloud complexity.

They need infrastructure that can scale, protect PHI, and stay audit-ready without turning every growth plan into a security project.

That is the idea behind HIPAA Enterprise.

Built on Google Cloud and managed by HIPAA Vault, it gives healthcare organizations a compliance-ready foundation for serious growth, with fully managed hosting, Kubernetes support, identity and access management, vulnerability scanning, OS patch management, and 24/7/365 support. HIPAA Vault positions it as enterprise-grade, fully managed HIPAA-compliant hosting designed to secure PHI while giving teams the flexibility and scalability of the cloud.

What you get:

• Fully managed HIPAA-compliant hosting

• Google Cloud infrastructure built for healthcare

• IAM and Zero Trust-minded access controls

• Vulnerability scanning and proactive risk reduction

• Patch management that helps close gaps faster

• 24/7 support when uptime and compliance both matter

→  Scale faster without scaling compliance risk.
Get a quote for HIPAA Enterprise.