· Michael Avdeev · Insights
How to Conduct Data Due Diligence for Healthcare M&A
PE firms are rolling up physician practices at record pace. Most have no idea what PHI is hiding in those legacy systems. Here is what to look for—and where.
The Blog and News
Relevant news and discussion about security matters
- · Michael Avdeev · Insights
77% of Employees Paste Company Data into AI Chatbots. Does Anyone Know What's in Your Training Set?
Most CISOs can't answer what's in their LLM training pipeline. 22% of pasted data is confidential. Scan training datasets for PII before your AI model memorizes customer records.
- · Michael Avdeev · Insights
Verizon Cut $350M from Yahoo. Scan Your M&A Target Before You Sign.
Deal fell apart over 2.3M customer records in a folder nobody knew existed. SOC 2 passed. Security questionnaire clean. Data discovery scan found $2M in remediation costs. Scan before you sign.
- · Michael Avdeev · Insights
DSPM Market Hits $22B by 2033. You Probably Don't Need It.
Six-figure DSPM platforms solve problems most organizations don't have yet. If you can't answer 'where is our PII?'—start with discovery, not a platform. Two days vs. three months.
- · Michael Avdeev · Insights
57 Million Healthcare Records Breached in 2025. Most Were in Places Nobody Knew to Look.
Most breached PHI was in places nobody inventoried—forgotten file servers, legacy backups, shadow IT. HIPAA-covered entities need to scan beyond clinical systems before OCR asks where patient data actually lived.
- · Michael Avdeev · Guides
PHI vs PII: What's the Difference and Why It Matters for Compliance
PHI and PII are not the same. PHI is health data protected by HIPAA. PII is any data that identifies a person. Here's what each covers, which laws apply, and how to stay compliant.