Cyber Survivor

A hospital can survive a lot, but it cannot treat patients when core clinical systems go dark. We sit down with Dr. Mark Yoffe, a physician who also thinks like a cybersecurity leader, to unpack what healthcare cyber risk really looks like from the bedside. As electronic health records replaced paper charts, care got faster and more coordinated, but the blast radius of outages, ransomware, and credential theft grew right along with it. The result is a modern truth most communities now feel: cybersecurity is not just about data, it is about keeping care available.We use the confidentiality, integrity, and availability triad as a practical lens for clinicians and IT teams. Why do physicians often prioritize availability in the ED and ICU? How do security controls like multifactor authentication support uptime, not just privacy? And what does real downtime readiness look like when a team is busy, short-staffed, and under pressure? Dr. Yoffe shares concrete steps that help: clearer downtime alerts, knowing exactly what systems are affected, paper forms staged throughout the hospital, and a plan for post-downtime reconciliation so the record stays accurate.We also dig into what actually wins physician buy-in. Instead of leading with restrictions, start by solving access and workflow pain points and show how security enables reliable clinical operations. From safer device habits and avoiding insecure SMS texting to case-based training that mirrors how clinicians learn, we outline education that sticks. Finally, we explore AI in healthcare documentation: where it can cut charting time, where privacy and cloud processing raise red flags, and why keeping a human in the loop protects record integrity.If you care about patient safety, healthcare cybersecurity, EHR downtime planning, and the future of AI in clinical workflow, hit subscribe, share this with a colleague, and leave a review with your biggest question about cyber readiness.

The scariest part of a healthcare cyberattack isn’t the headline. It’s the quiet moment a clinician realizes they can’t register a patient, scan a medication, verify a dose, or send a lab order and the waiting room is still filling up. We sit down with an anonymous frontline nurse we call Jane Doe and walk through what “normal” looks like in a busy pediatric clinic: constant triage, newborn and well visits, vaccines, sick kids, and nonstop coordination. Then the systems go dark. No EHR, no barcode scanning, no electronic medication checks, no easy way to move information. Care doesn’t stop, but it slows and every workaround carries risk. Jane explains what paper charting feels like today, why newer doctors and residents can be thrown off by manual processes, and how stress shifts from “can we do this?” to “can we do this safely and on time?” We also zoom out to the bigger healthcare cybersecurity story: why downtime planning matters, how hospitals redeploy staff to keep labs and floors running, and why “cybersecurity is a dollar away from the bedside” is a real budget fight with real patient safety consequences. Jane shares how the experience changed her view of how fragile health systems can be and reflects on how nursing has evolved from family-centered care to a faster throughput model that can make cyber disruption hit even harder. If you care about patient safety, hospital resilience, ransomware risk, and practical incident response in healthcare, listen now. Subscribe to Cyber Survivor, share this story with a colleague, and leave a review so more people hear what cyber events really do to care.

In this episode of Cyber Survivor, host Dan Dotson speaks with Dr. Richard Hartnett, co-director of the Ohio Cyber Range Institute, about shifting cybersecurity from a compliance checkbox to a proactive, organization-wide business practice.They discuss the theory of persistent engagement, tailored training for different hospital roles, the growing threat from financially motivated ransomware groups, and how AI and algorithmic agents will change both offense and defense.Listeners will learn practical approaches to prioritizing critical systems, building hunt teams, and embedding cybersecurity into everyday healthcare operations to better protect patients and maintain care continuity.

What happens when a hospital’s voice system fails during a cyber event? Not just dropped calls—entire care workflows unravel. In this conversation with Eric Enos, CTO at LifePoint, we pull back the curtain on how modern care really runs and why resilience, not raw uptime, is the metric that matters. From EHR dependence to nurse call routing and location awareness, the hidden mesh of systems that power bedside care can become a single point of failure if teams design for availability instead of continuity. We start with the shift that put IT at the bedside: EMRs, decision support, ambient listening, and the promise of higher quality, faster coordination, and fewer errors. Then we confront the tradeoffs—expanded attack surfaces from SaaS, networks, and rapid consolidation. Eric explains why M&A without rigorous standardization balloons technical debt, complicates patching and incident response, and leaves organizations defending multiple aging platforms. The fix isn’t fancy: map real clinical workflows first, then align infrastructure, identity, and communications under them. Resilience means controlled degradation. If malware isolates a facility, SD‑WAN failover won’t matter; local downtime tools, voice redundancy, and independent communications paths will. We unpack practical steps: cross-functional tabletop exercises led by operators, end-to-end dependency mapping, and governance that keeps security and infrastructure rowing together. Then we get into AI. Treat LLMs like the smartest new employee—useful, fast, and fallible. Keep a human in the loop, establish clear guardrails, and confront open questions around liability and trust before letting AI drive patient-critical actions. If you care about healthcare cybersecurity, clinical operations, and the future of AI in hospitals, this episode delivers grounded strategies you can use now: protect workflows, reduce technical debt, and design systems that bend without breaking. Subscribe, share with a colleague on your clinical or security team, and leave a review with one change you’ll make to strengthen resilience this quarter.

Imagine the LED lights are on, clinicians are ready, and every screen goes dark. That’s the moment when governance—not gadgets—keeps care moving. We sit down with healthcare IT leader and board veteran Richard Helppie to chart a practical path for hospital boards to own cybersecurity as a top strategic risk, not a backend tech chore. We start by separating governance from operations and translating cyber into the risk language directors already use. Rich shares how to make cybersecurity a standing board item, recruit at least one cyber-comfortable director, and ask the questions that matter: what are our biggest threats, how are we mitigating them, how will we know when we’re breached, and how fast can we recover? Dan adds a simple framing that works: present cyber with the same dashboards and cadence as finance and patient safety so leaders can weigh tradeoffs with clarity. Then we get real about downtime. Many clinicians have never practiced on paper, and backups are now a prime target. We cover ransomware pressures, insurance posture, recovery objectives, and third-party risk—from supply chains to physician groups and patient portals. Human factors dominate the breach path, with phishing and help desk vishing exploiting speed-focused KPIs. The fix is cultural and operational: slow down where it counts, verify identities, harden processes, and measure cyber like hospital-acquired infections. AI threads through the conversation as both opportunity and attack surface. Waiting to “see what happens” is not a strategy. We outline the early governance questions boards should ask about data leakage, model access, and monitoring, and how to pair innovation with guardrails. To win investment and attention, Rich offers a three-point board briefing—why cyber matters, what program is in place, and what’s needed to close gaps—and explains why tabletop exercises with executives, vendors, and select directors consistently shift mindsets from denial to readiness. If you care about resilient care delivery, boardroom clarity, and practical defenses that work when systems fail, you’ll find a usable playbook here. Subscribe, share with a colleague who presents to boards, and leave a review with the one question you want every hospital board to ask about cybersecurity.

Cyber Survivor host Dan Dodson interviews Axel Wirth, chief security strategist at MedCrypt, about the rising cyber risks facing medical devices and what that means for patient care. Wirth explains that he began as a hardware electrical engineer in the medical device and health IT world before moving into cybersecurity in 2008, eventually focusing exclusively on medical device security and helping manufacturers both improve their products and meet evolving global regulatory expectations. Over the last decade, he has seen clear maturation: regulators like the FDA and international counterparts now explicitly require cybersecurity as part of market approval, and some devices are even being rejected solely for cybersecurity shortcomings, prompting manufacturers to strengthen designs and documentation. Dodson and Wirth then dig into the massive challenge of legacy devices: millions of clinically functional but aging devices—CT and MRI scanners, infusion pumps, and more—remain deployed in hospitals, often with serious vulnerabilities and enormous replacement costs. They note that healthcare operates on tight or negative margins, making large-scale replacement difficult, and that any change introduces disruption, retraining needs, and operational risk. Wirth points to industry efforts, such as detailed guidance on legacy devices, but questions whether the sector can move fast enough given the growing sophistication of attackers and the broad attack surface created by all these connected systems. They explore the threat landscape, emphasizing that risk has increased significantly. Attackers have not yet commonly launched deliberate, patient‑harming attacks on medical devices themselves; instead, devices often become collateral damage when they run unpatched commercial operating systems targeted by generic malware, as illustrated by the WannaCry incident that crippled the UK’s NHS and disrupted care. Wirth also cites evidence of criminal groups that intentionally use medical devices as entry points into hospital networks, as well as the economic incentives behind ransomware campaigns that seek to disrupt care, raising pressure on hospitals to pay ransoms to restore operations quickly. Looking ahead, they discuss how AI and geopolitics will accelerate and intensify threats. Wirth notes that AI already enables cheaper, highly targeted attacks, with some campaigns now largely executed by automated tools, and he expects that trend to grow. At the same time, more nation‑state and hacktivist actors are likely to see healthcare as a strategic target. While there has been real progress—better tooling for manufacturers and hospitals, improved device architectures, stronger inventory visibility, network segmentation, and clearer regulatory pressure—Wirth is skeptical that defenders are improving faster than attackers. He worries that a large, catalytic event, similar to WannaCry but perhaps even more severe in healthcare, may be what finally forces the scale of investment and coordination needed. The conversation also highlights operational friction between hospitals and manufacturers. Dodson raises the frustration many CISOs feel: patch cycles are slow and complex, responsibility is fragmented across IT, biomed/clinical engineering, third‑party servicers, and cybersecurity teams, and hospitals often end up “holding the bag” after an incident. Wirth agrees that patching is inherently complex—vulnerabilities must be verified, patches developed and tested, then deployed without compromising clinical operations—and that delays occur on both sides. However, he stresses that both manufacturers and providers are getting better: post‑market security responsibilities are more widely accepted, tooling is improving for patch development and deployment, and hospitals are investing in visibility and governance over who owns medical device security decisions. Despite his concerns, Wirth ends on a cautiously optimistic not

A cyberattack on a vendor shouldn’t be the moment a hospital learns how interconnected its world really is. We sit down with Greg Surla, Chief Information Security Officer at FinThrive, to unpack how third‑party risk, revenue cycle platforms, and frontline care are woven together—and why resilience depends on planning with partners before the crisis hits. From joint tabletop exercises that include critical vendors to pre-approved workarounds like VDI access and hardened loaner devices, we map the moves that keep care running when networks go dark.   Greg shares blunt lessons from breaches and acquisitions: forgotten cloud servers, weak asset inventories, and the relentless toll of a three‑week ransomware fight. The takeaway isn’t fear; it’s preparation. We dig into ransomware‑specific drills, cyber insurance that funds expert responders, and the automation needed to triage the daily flood of vulnerabilities. We also explore culture as a control, showing how life‑first security education—holiday scams, tax fraud, device safety—builds habits that protect both home and hospital, and creates the groundswell that gets C‑suite support.   As AI supercharges attackers and budget pressures squeeze providers, cybersecurity has to be framed as a business enabler. Secure revenue cycle equals payroll, access to care, and community trust. Greg explains how to translate risk for boards, align controls to clinical and financial goals, and replace reflexive “no” with “yes, if” to stay part of the conversation that shapes strategy. The result is a practical, human playbook for healthcare security: automate the routine, practice the hard days with partners, invest in asset visibility, and collaborate across the industry. Subscribe, share with a colleague who handles vendor risk, and leave a review with your top resilience tactic—we’ll feature the best ideas in a future show.

A hospital room can hold 10 to 20 networked devices, each vital to care—and each a potential doorway for attackers. We sit down with Phil Englert, VP of Medical Device Security at Health ISAC, to explore how connected care improves outcomes while reshaping risk, and why building resilience and rapid recovery plans is now as critical as prevention. Phil traces the evolution from clinician-driven data sharing to an era where massive datasets attract criminal interest. We dig into the Patch Act’s new authority for the FDA, how SBOMs change accountability, and what secure-by-design looks like for both embedded systems and devices running full operating systems. The conversation gets practical: segment where you can, monitor where you must, and treat cyber as a failure mode. That mindset leads to faster restorations—ghosted drives ready to swap, configs backed up, and downtime measured in hours rather than weeks. We also pull back the curtain on Health ISAC’s member-led workstreams: aligning manufacturers and providers on a concise set of priority controls, creating shared security metrics that resonate from boardroom to engineering, and running joint tabletop exercises to close response gaps. Beyond the hospital, we examine AI-enabled diagnostics and the rise of hospital-at-home, where patient-owned tech can’t be trusted as a control point and multilingual, culturally aware resources become essential for scale. Throughout, we tackle tough questions—why attackers target data over device manipulation, whether paying ransom actually speeds recovery, and how to keep care moving when the EHR or network goes dark. If you care about medical device security, healthcare cybersecurity, ransomware resilience, or the future of connected care, this conversation offers clear takeaways and next steps. Listen, share with your team, and help raise the floor across healthcare. Subscribe, leave a review, and tell us: what control would you prioritize first?

The conversation explores how healthcare’s rapid digitization has improved patient outcomes while dramatically increasing cyber risk, making hospitals lucrative, constantly targeted entities. Dr. C.S. Kruse traces his path from Army Medical Service Corps IT specialist to academic leader and prolific researcher in health IT and cybersecurity, emphasizing both technology’s clinical benefits and its “dark side.”He and host Dan Dodson discuss AI as a dual-use tool, underinvestment and budget tensions, ransomware-driven clinical disruptions, basic but often-missed security practices, EU-style cyber resiliency standards, and the need for stronger policy, mandatory reporting, and resilient clinical workflows when systems fail.

Alarms don’t always sound when hospitals are under attack. Sometimes the first signal is a locked EHR, diverted ambulances, and a clinical team scrambling to deliver care without the tools they trained on. We sit down with Butzel attorney Claudia Rast—leader of cybersecurity and AI practices and former co-chair of the ABA’s presidential cybersecurity task force—to unpack how threat actors use agentic AI, why ransom demands can look rational in a crisis, and what real resilience looks like when patient safety is on the line. Claudia traces the evolution from broken-English phish to sophisticated campaigns backed by help desks, localization, and AI that scouts vulnerabilities without human prompting. We explore the uncomfortable math of ransom vs. rebuild, how cyber insurance shapes early decisions, and the practical controls that shorten downtime: endpoint detection and response, network segmentation, immutable backups, and tested recovery plans. The conversation gets candid about healthcare’s unique weaknesses—legacy systems, aging devices, and hundreds of tightly coupled apps that can turn one misconfiguration into a cascading failure. On the legal front, we break down the surge in class action lawsuits after breach notifications, California’s privacy framework and its limits, and the rise of claims under old wiretap laws aimed at website tracking. We also dig into AI risk beyond cyber: how feeding code or confidential prompts into public models can burn trade secrets, why blocking public AI tools often beats long unread policies, and how to contract for third-party AI use, data stewardship, and derivative works. We close with the human layer: deepfake-enabled fraud, out-of-band verification, and a culture that practices the plan before the worst day arrives. Subscribe, share with a colleague who handles cyber or compliance, and leave a review with your top takeaway. Your feedback helps more healthcare teams find the playbook that keeps care online when it matters most.

The alarms aren’t just in the data center anymore. When ransomware shutters clinics and pushes oncology schedules into chaos, the question isn’t “What did they exfiltrate?” It’s “Who didn’t get care?” We sit down with Jen Ellis, founder of NextGen Security and co-chair of the Ransomware Task Force, to unpack how cybersecurity in healthcare became a patient safety issue—and what it will take to keep care running when attackers hit. Jen takes us inside the pandemic spike in hospital attacks and the wrenching ransom debate, including a parent of a child with cancer willing to remortgage their home to restart treatment. From there we trace the policy ripple effects: international disruption efforts, sanctions, tighter crypto oversight, and the Counter Ransomware Initiative. None of it is a silver bullet, especially as AI lowers the barrier for criminals, but coordinated action is raising attacker costs and forcing them to work harder. We go beyond headlines to the budget math inside hospitals running on razor-thin margins, where a “CISO” might be a stretched administrator with no real authority. Frameworks like NIST CSF are solid, but adoption stalls without clear sequencing, funding, and maturity paths tailored to small teams who can’t take systems down to patch. Jen makes the case for secure-by-design to shift burden upstream to vendors and highlights FDA’s connected medical device program as a model: collaborative, iterative, and capable of real enforcement. We also tackle the rise of class action lawsuits after breaches and how they can discourage disclosure and distort incentives, even as we protect pathways for those who can show genuine harm. If you care about keeping ICUs open, protecting critical workflows, and helping clinicians deliver safe care under pressure, this conversation is for you. Follow, share with a colleague who works in healthcare, and leave a review with your take: What’s the one change—policy, funding, or vendor accountability—that would most improve patient safety against cyber threats?

Cyber threats don’t just steal data—they halt care, cancel clinics, and shake trust. I sat down with Brent Yax, founder and CEO of Aweccom Technologies to unpack the hard truth: today’s attackers are profit-driven, organized, and focused on disrupting operations until we pay. We trace how the threat landscape shifted from amateur mischief to a mature cyber economy, why small and mid-market healthcare organizations are now prime targets, and what actually works to protect patients and keep the lights on. Brent shares a frontline view of resilience that blends technology, process, and culture. We get practical about where to start—multi-factor authentication, EDR/MDR, verified payment workflows, and realistic incident response plans that restore services fast. We also talk about the messy side of cyber insurance: why policies push the market forward, how ambiguous questionnaires can void coverage, and why IT, risk, and finance must stay aligned as environments change. The throughline is clear: tools are essential, but people and process failures still drive most breaches. We dive into AI’s double edge. On defense, AI helps detect CEO fraud by learning language patterns, flags configuration drift across complex stacks, and surfaces risk right after routine changes. On offense, careless use of public AI can leak protected data in seconds. Frank breaks down smart adoption—enterprise controls, clear data policies, and training that meets people where they are. From there, we zoom out to zero trust: assume compromise, minimize privileges, and verify every identity, including AI agents. It’s a journey, but it shrinks the blast radius and boosts recovery when it matters most. If you care about delivering reliable care in an unreliable world, this conversation gives you a playbook: align the C-suite, test your incident plan, raise your security baseline, and make training universal—especially for executives and help desks. Subscribe, share with a colleague who owns risk, and leave a review with the one control you’re prioritizing next. Your input helps more teams protect patients and stay ready for what’s coming.

Dan Dodson hosts Drex DeFord, a leader in healthcare cybersecurity, to discuss the evolution and current state of cybersecurity in healthcare. Drex shares his career journey from a hospital administrator in the Air Force to leading roles in various healthcare organizations and consulting for tech companies. He describes how the rapid digitization of healthcare, particularly through electronic health record (EHR) adoption and the lack of simultaneous investment in cybersecurity, led to an expanded risk landscape and new threats like ransomware. The conversation covers the unintended consequences of digitization, including physician burnout, and weighs whether these changes were “worth it”—both agree that overall care has improved. They discuss the rise of artificial intelligence in healthcare, its promise for improving clinical care, and the double-edged sword it presents from a security perspective. Drex emphasizes the importance of organizational awareness, responsible AI adoption, and ongoing education. Another major topic is the creation of strong professional communities (such as the 229 project) where cybersecurity leaders and partners can candidly share challenges and solutions, fostering both personal relationships and collective resilience. Current pressing issues include AI, third-party vendor risk management, and maintaining continuity of care when electronic systems fail. They highlight the challenges of prioritizing essential systems (“minimum viable hospital”) and the political difficulties in governance. Progress is noted in industry awareness, stronger data sharing, and board-level engagement in cybersecurity, but resource constraints and increasing complexity remain challenges. Drex concludes by advocating for ongoing collaboration, fundamentals in security practice, and leveraging technology and communities for better patient outcomes. Listeners are encouraged to connect via the 229 project and related platforms.

Dan Dodson interviews Dr. Bradley Fowler, author of “Cybersecurity Leadership for Healthcare Organizations and Institutions of Higher Education,” discussing the pressing cybersecurity workforce shortages and the role of education and leadership in addressing risks. Dr. Fowler shares insights from his research, emphasizing human error as a major cause of breaches and the critical need for robust policy compliance and updated training in healthcare. He introduces frameworks that support risk management and highlights collaboration, ongoing education, and the integration of industrial-organizational psychology as central to effective cybersecurity. His book is intended for IT professionals, managers, and anyone leveraging technology in modern workplaces .

This episode distills memorable insights from six months of interviews with healthcare cybersecurity leaders and clinicians. The five lessons: focus on fundamentals over flashy tech (Phil Alexander), ensure leadership at all levels (Chrissi Maguire), rely on preparation and people during outages (Katrina Brown), recognize every cyber event as a patient safety issue (Dr. Jeffery Tully), and cultivate strong governance and organizational culture (Stephen Ramirez). These frontline stories emphasize that effective cybersecurity in healthcare is built on resilience, teamwork, and a relentless commitment to patient safety and organizational culture.

What happens when artificial intelligence starts making healthcare decisions faster than humans can review them? Dr. Ali Dehghantanha’s Professor and Canadian Research Chair in Cybersecurity and Threat Intelligence, takes us on a fascinating journey through the evolving landscape of healthcare cybersecurity where self-healing AI systems may soon become our frontline defenders. The cybersecurity battlefield shifts constantly. From database security to cloud protection to today's AI systems, Dr. Dehghantanha explains why "the only thing constant in cybersecurity is change." This rapid evolution creates unique challenges for healthcare organizations trying to protect patient data while embracing transformative technologies. As healthcare increasingly relies on AI for clinical decision support, the cybersecurity stakes have never been higher. Dr. Dehghantanha’s groundbreaking research focuses on self-healing AI systems that automatically detect and repair vulnerabilities without human intervention. This capability becomes critical in healthcare environments where AI analyzes clinical data and makes treatment recommendations at speeds beyond human oversight capabilities. The self-healing component provides essential guardrails against potentially harmful decisions that exceed the system's design parameters. Cultural and socioeconomic factors significantly influence AI adoption in healthcare. Less-regulated regions and underserved communities often embrace AI healthcare solutions more readily when traditional medical resources are scarce. This accelerates adoption but raises critical questions about verification and potential exploitation by adversaries. As patients increasingly trust AI-generated medical advice, these systems become prime targets for sophisticated cyberattacks that could manipulate clinical recommendations. Join us for this thought-provoking conversation about the delicate balance between AI innovation and security in healthcare. Dr. Ali challenges us to consider not just how we implement AI, but how we protect these systems when they become responsible for life-or-death decisions. The future of healthcare cybersecurity lies at this intersection of human expertise, artificial intelligence, and robust security frameworks.

Dan Dodson and cybersecurity expert T.J. Ramsey discussed the escalation of ransomware attacks in healthcare, emphasizing that ransomware is a form of extortion malware used primarily for financial gain, with attackers operating like organized crime syndicates. Ramsey traced his journey from military intelligence to cybersecurity, explained the operational and financial pressures making healthcare a vulnerable target, and described the typical sequence and negotiation process of a ransomware attack—from initial triage and threat actor communications to the challenges in paying ransoms. Throughout, both stressed patient safety, expectation management, and the emotional toll on executives during crises.

Dr. Jeff Tulley, a board-certified physician and co-director of the UCSD Center for Healthcare Cybersecurity, discusses the intersection of healthcare and cybersecurity. He highlights the benefits of digitization in healthcare, such as clinical decision support and interoperability, but also acknowledges the increased attack surface. Tulley's research focuses on the impact of technology failures on patient outcomes, particularly during ransomware attacks. He emphasizes the need for resilience in clinical settings and the importance of evidence-based cybersecurity practices. Tulley also discusses the challenges of phishing training effectiveness and the potential of AI in both clinical and cybersecurity contexts. Our center website:  https://cyberhealth.ucsd.edu/ Our October Academic Symposium registration page: https://cyberhealth.ucsd.edu/events/2025-academic-symposium/index.html 

Join us in this compelling episode of the Cyber Security Podcast as we sit down with Scott Augenbaum, a former FBI agent with a distinguished career in cybersecurity spanning back to 1988. Augenbaum takes us on a fascinating journey through the evolution of cybercrime, from its early days of thrill-seeking individuals to today's highly organized and sophisticated transnational threats. He reveals the stark reality of cybercrime's massive escalation, now a staggering $10 trillion global problem, and sheds light on the significant hurdles law enforcement faces in recovering stolen data. Discover why proactive measures are paramount in protecting yourself and your organization. Augenbaum stresses the critical importance of simple yet effective steps like freezing your credit and enabling two-factor authentication. He passionately advocates for better end-user education and the seamless integration of cybersecurity into organizational culture as fundamental defenses against relentless cyberattacks. We also explore the burgeoning role of Artificial Intelligence in amplifying cyber threats and the absolute necessity of robust personal cybersecurity measures in our increasingly digital world. Don't miss this insightful conversation that will empower you to better understand and defend against the ever-present dangers of the cyber landscape.

In this episode,  Chief Nursing Officer Katrina Brown recounts her experience managing a cyberattack at USA Health Providence Hospital. The attack severely impacted the hospital's Electronic Medical Records (EMR) and other critical systems, leading to a significant decrease in efficiency and a necessary reduction in patient census. Brown highlights the crucial role of strong leadership and well-practiced downtime procedures, noting the unexpected challenges like nurses' inability to read cursive doctor's orders and the use of cowbells as a call light system. Despite the month-long disruption, the hospital maintained patient safety with no serious incidents. The community's self-diversion to other hospitals was an unforeseen outcome, and patient trust was quickly regained post-recovery. Brown emphasizes that the benefits of digitized healthcare outweigh the cyber risks, advocating for robust preparation and frequent downtime drills for all healthcare organizations.

In this episode of Cyber Survivor host Dan Dodson interviews Steven Ramirez, Chief Information Security and Technology Officer at Renown Health. They discuss the evolution of healthcare cybersecurity over the past decade, emphasizing increased funding, improved identity management, and the importance of governance. Ramirez highlights the growing threat of social engineering and AI-fueled attacks, stressing proactive education and advanced safeguards. They explore third-party risk management, emphasizing partnership and resilience planning. Ramirez advocates for integrating security into organizational culture, expanding the CISO role, and focusing on fundamental practices like identity hygiene, access controls, and collaboration. The discussion underscores that cybersecurity is vital for safeguarding patient care and system availability.

In this episode, Chrissi Maguire, CEO of Mount Desert Island Hospital, shares insights on the evolution of healthcare cybersecurity, emphasizing the importance of investments in security infrastructure, staff training, and leadership engagement. She recounts a recent cyber incident, highlighting the swift response, collaboration, and system safeguards that minimized patient care disruption. Maguire underscores the necessity of ongoing awareness, board involvement, and proactive measures like cyber insurance and penetration testing, urging CEOs to prioritize cybersecurity as vital to healthcare delivery.

This episode of Cyber Survivor focuses on the action taken after a cyber security attack at a hospital in the Northeast.  Host Dan Dodson interviews IT experts James Edgell and Dan Colon, who share their experiences handling cybersecurity challenges during that episode. They discuss the aftermath of a cyber incident, improvements in security measures, and the importance of maintaining strong cybersecurity practices. The conversation highlights the need for ongoing investment, effective communication, and collaboration to protect healthcare systems from evolving cyber threats. Ultimately, the podcast emphasizes that cybersecurity is crucial for safeguarding both data and patients.

In this Cyber Survivor podcast episode, host Dan Dodson discusses with Thomas Ritter the evolving cybersecurity landscape, emphasizing ransomware and its increasing complexity. Ritter, a privacy and cybersecurity attorney, highlights the human impact of breaches, especially in healthcare, where technology's over-reliance raises patient safety concerns. The conversation explores preparedness, third-party risks, and the necessity of proactive strategies in mitigating cyber threats. They stress the importance of human involvement in cybersecurity, urging organizations to prioritize training, resilience, and comprehensive planning to protect patient care and safety effectively.

In this episode of "Cyber Survivor," host Dan Dotson converses with Donald Neal, a seasoned CRNA, about the significant impacts of cybersecurity breaches on healthcare. Donald recounts his journey from paper to electronic medical records and shares a personal ordeal with identity theft due to a security breach. He discusses how cyber incidents disrupt clinical operations, highlighting the challenges posed by technological reliance. Donald emphasizes the importance of cybersecurity training and awareness in safeguarding sensitive patient information and stresses collective vigilance in navigating the digital healthcare landscape.

In this episode of Cyber Survivor, host Dan Dodson speaks with Kathie Philippou, who has 40 years of experience in practice management. Kathie shares her journey from humble beginnings in healthcare administration to navigating the digital transformation of medical practices. She discusses the challenges of implementing electronic medical records and the increasing burden of cybersecurity and regulatory compliance. Kathie emphasizes the importance of continuous learning and collaboration with industry peers to manage these evolving challenges.

In this episode of "Cyber Survivors," host Dan Dodson and guest Louis Wright delve into healthcare cybersecurity challenges, particularly during acquisitions. Louis shares insights as the CISO of USA Health and describes how they navigated a cyber attack on a legacy system during a transition period. They emphasize the importance of comprehensive disaster recovery plans, third-party risk management, and continuous improvement. The episode sheds light on maintaining operational resilience and safeguarding patient care amidst complex cyber threats.

In this episode of "Cyber Survivor," host Dan Dodson and legal expert Thomas Ritter delve into the recent cyber incidents involving Oracle Health. They discuss Oracle's handling of potential data breaches linked to both Oracle Cloud and legacy servers from the Cerner acquisition. While Oracle has contacted some clients privately, it has not publicly confirmed the breaches. The conversation highlights the complexities of cybersecurity, legal strategies, and the impact of class action lawsuits in the healthcare sector. Thomas emphasizes the importance of preparedness and robust third-party risk management programs.

Dan Dodson hosts "Cyber Survivor" with guest Paul Connolly, a mentor and reputable figure in cybersecurity. They discuss Connolly’s unexpected journey from agriculture to becoming a pioneer in cybersecurity, emphasizing his role as the first CISO at the White House. They explore cybersecurity’s impact on healthcare, the importance of communication, especially with clinical staff, and the challenges faced by healthcare organizations in a cyber landscape. Connolly stresses education, relationship-building, and collaboration to strengthen cybersecurity defenses.

In a conversation between host Dan Dodson and cybersecurity expert Phil Alexander, they delved into the critical role of relationships and fundamentals in managing cyber events, especially within the healthcare industry. Phil, with 25 years of experience, emphasized the importance of building strong relationships with organizational leaders and external partners. He shared insights from his career, like launching a cybersecurity advisory firm and tackling cyber threats such as ransomware. The discussion covered the emotional and operational challenges during security breaches, stressing the need for proper incident response planning, transparent communication, and teamwork. Phil advocated for focusing on basic cybersecurity practices over chasing new technologies, highlighting the significance of effective management and collaboration in minimizing disruption and anxiety for both staff and patients.

Join host Dan Dodson on "Cyber Survivors," where we explore resilience and innovation in healthcare cybersecurity. Discover real-world insights from doctors, administrators, and IT professionals safeguarding patient data and securing networks. Uncover strategies to navigate cyber threats and triumph in the digital age's relentless pursuit of safety.