Cyber Survivor

The scariest part of a healthcare cyberattack isn’t the headline. It’s the quiet moment a clinician realizes they can’t register a patient, scan a medication, verify a dose, or send a lab order and the waiting room is still filling up. We sit down with an anonymous frontline nurse we call Jane Doe and walk through what “normal” looks like in a busy pediatric clinic: constant triage, newborn and well visits, vaccines, sick kids, and nonstop coordination. Then the systems go dark. No EHR, no barcode scanning, no electronic medication checks, no easy way to move information. Care doesn’t stop, but it slows and every workaround carries risk. Jane explains what paper charting feels like today, why newer doctors and residents can be thrown off by manual processes, and how stress shifts from “can we do this?” to “can we do this safely and on time?” We also zoom out to the bigger healthcare cybersecurity story: why downtime planning matters, how hospitals redeploy staff to keep labs and floors running, and why “cybersecurity is a dollar away from the bedside” is a real budget fight with real patient safety consequences. Jane shares how the experience changed her view of how fragile health systems can be and reflects on how nursing has evolved from family-centered care to a faster throughput model that can make cyber disruption hit even harder. If you care about patient safety, hospital resilience, ransomware risk, and practical incident response in healthcare, listen now. Subscribe to Cyber Survivor, share this story with a colleague, and leave a review so more people hear what cyber events really do to care.

In this episode of Cyber Survivor, host Dan Dotson speaks with Dr. Richard Hartnett, co-director of the Ohio Cyber Range Institute, about shifting cybersecurity from a compliance checkbox to a proactive, organization-wide business practice. They discuss the theory of persistent engagement, tailored training for different hospital roles, the growing threat from financially motivated ransomware groups, and how AI and algorithmic agents will change both offense and defense. Listeners will learn practical approaches to prioritizing critical systems, building hunt teams, and embedding cybersecurity into everyday healthcare operations to better protect patients and maintain care continuity.

What happens when a hospital’s voice system fails during a cyber event? Not just dropped calls—entire care workflows unravel. In this conversation with Eric Enos, CTO at LifePoint, we pull back the curtain on how modern care really runs and why resilience, not raw uptime, is the metric that matters. From EHR dependence to nurse call routing and location awareness, the hidden mesh of systems that power bedside care can become a single point of failure if teams design for availability instead of continuity. We start with the shift that put IT at the bedside: EMRs, decision support, ambient listening, and the promise of higher quality, faster coordination, and fewer errors. Then we confront the tradeoffs—expanded attack surfaces from SaaS, networks, and rapid consolidation. Eric explains why M&A without rigorous standardization balloons technical debt, complicates patching and incident response, and leaves organizations defending multiple aging platforms. The fix isn’t fancy: map real clinical workflows first, then align infrastructure, identity, and communications under them. Resilience means controlled degradation. If malware isolates a facility, SD‑WAN failover won’t matter; local downtime tools, voice redundancy, and independent communications paths will. We unpack practical steps: cross-functional tabletop exercises led by operators, end-to-end dependency mapping, and governance that keeps security and infrastructure rowing together. Then we get into AI. Treat LLMs like the smartest new employee—useful, fast, and fallible. Keep a human in the loop, establish clear guardrails, and confront open questions around liability and trust before letting AI drive patient-critical actions. If you care about healthcare cybersecurity, clinical operations, and the future of AI in hospitals, this episode delivers grounded strategies you can use now: protect workflows, reduce technical debt, and design systems that bend without breaking. Subscribe, share with a colleague on your clinical or security team, and leave a review with one change you’ll make to strengthen resilience this quarter.

Imagine the LED lights are on, clinicians are ready, and every screen goes dark. That’s the moment when governance—not gadgets—keeps care moving. We sit down with healthcare IT leader and board veteran Richard Helppie to chart a practical path for hospital boards to own cybersecurity as a top strategic risk, not a backend tech chore. We start by separating governance from operations and translating cyber into the risk language directors already use. Rich shares how to make cybersecurity a standing board item, recruit at least one cyber-comfortable director, and ask the questions that matter: what are our biggest threats, how are we mitigating them, how will we know when we’re breached, and how fast can we recover? Dan adds a simple framing that works: present cyber with the same dashboards and cadence as finance and patient safety so leaders can weigh tradeoffs with clarity. Then we get real about downtime. Many clinicians have never practiced on paper, and backups are now a prime target. We cover ransomware pressures, insurance posture, recovery objectives, and third-party risk—from supply chains to physician groups and patient portals. Human factors dominate the breach path, with phishing and help desk vishing exploiting speed-focused KPIs. The fix is cultural and operational: slow down where it counts, verify identities, harden processes, and measure cyber like hospital-acquired infections. AI threads through the conversation as both opportunity and attack surface. Waiting to “see what happens” is not a strategy. We outline the early governance questions boards should ask about data leakage, model access, and monitoring, and how to pair innovation with guardrails. To win investment and attention, Rich offers a three-point board briefing—why cyber matters, what program is in place, and what’s needed to close gaps—and explains why tabletop exercises with executives, vendors, and select directors consistently shift mindsets from denial to readiness. If you care about resilient care delivery, boardroom clarity, and practical defenses that work when systems fail, you’ll find a usable playbook here. Subscribe, share with a colleague who presents to boards, and leave a review with the one question you want every hospital board to ask about cybersecurity.

Cyber Survivor host Dan Dodson interviews Axel Wirth, chief security strategist at MedCrypt, about the rising cyber risks facing medical devices and what that means for patient care. Wirth explains that he began as a hardware electrical engineer in the medical device and health IT world before moving into cybersecurity in 2008, eventually focusing exclusively on medical device security and helping manufacturers both improve their products and meet evolving global regulatory expectations. Over the last decade, he has seen clear maturation: regulators like the FDA and international counterparts now explicitly require cybersecurity as part of market approval, and some devices are even being rejected solely for cybersecurity shortcomings, prompting manufacturers to strengthen designs and documentation. Dodson and Wirth then dig into the massive challenge of legacy devices: millions of clinically functional but aging devices—CT and MRI scanners, infusion pumps, and more—remain deployed in hospitals, often with serious vulnerabilities and enormous replacement costs. They note that healthcare operates on tight or negative margins, making large-scale replacement difficult, and that any change introduces disruption, retraining needs, and operational risk. Wirth points to industry efforts, such as detailed guidance on legacy devices, but questions whether the sector can move fast enough given the growing sophistication of attackers and the broad attack surface created by all these connected systems. They explore the threat landscape, emphasizing that risk has increased significantly. Attackers have not yet commonly launched deliberate, patient‑harming attacks on medical devices themselves; instead, devices often become collateral damage when they run unpatched commercial operating systems targeted by generic malware, as illustrated by the WannaCry incident that crippled the UK’s NHS and disrupted care. Wirth also cites evidence of criminal groups that intentionally use medical devices as entry points into hospital networks, as well as the economic incentives behind ransomware campaigns that seek to disrupt care, raising pressure on hospitals to pay ransoms to restore operations quickly. Looking ahead, they discuss how AI and geopolitics will accelerate and intensify threats. Wirth notes that AI already enables cheaper, highly targeted attacks, with some campaigns now largely executed by automated tools, and he expects that trend to grow. At the same time, more nation‑state and hacktivist actors are likely to see healthcare as a strategic target. While there has been real progress—better tooling for manufacturers and hospitals, improved device architectures, stronger inventory visibility, network segmentation, and clearer regulatory pressure—Wirth is skeptical that defenders are improving faster than attackers. He worries that a large, catalytic event, similar to WannaCry but perhaps even more severe in healthcare, may be what finally forces the scale of investment and coordination needed. The conversation also highlights operational friction between hospitals and manufacturers. Dodson raises the frustration many CISOs feel: patch cycles are slow and complex, responsibility is fragmented across IT, biomed/clinical engineering, third‑party servicers, and cybersecurity teams, and hospitals often end up “holding the bag” after an incident. Wirth agrees that patching is inherently complex—vulnerabilities must be verified, patches developed and tested, then deployed without compromising clinical operations—and that delays occur on both sides. However, he stresses that both manufacturers and providers are getting better: post‑market security responsibilities are more widely accepted, tooling is improving for patch development and deployment, and hospitals are investing in visibility and governance over who owns medical device security decisions. Despite his concerns, Wirth ends on a cautiously optimistic not

Greg Surla, CISO at FinThrive and former U.S. Army signal intelligence leader, discusses third‑party risk, vendor tabletop drills, and how revenue cycle platforms tie to patient care. He covers ransomware readiness, preapproved workarounds like VDI and hardened devices, automation for vulnerability triage, and making security a business enabler through culture and board alignment.

Phil Englert, VP of Medical Device Security at Health ISAC and longtime clinical engineer, discusses how millions of networked devices reshape care and risk. He covers the Patch Act and SBOMs, strategies for segmenting and monitoring legacy kit, resilience tactics for rapid recovery, Health ISAC’s collaborative control-building, and the security challenges of AI and hospital-at-home care.

The conversation explores how healthcare’s rapid digitization has improved patient outcomes while dramatically increasing cyber risk, making hospitals lucrative, constantly targeted entities. Dr. C.S. Kruse traces his path from Army Medical Service Corps IT specialist to academic leader and prolific researcher in health IT and cybersecurity, emphasizing both technology’s clinical benefits and its “dark side.”He and host Dan Dodson discuss AI as a dual-use tool, underinvestment and budget tensions, ransomware-driven clinical disruptions, basic but often-missed security practices, EU-style cyber resiliency standards, and the need for stronger policy, mandatory reporting, and resilient clinical workflows when systems fail.

Alarms don’t always sound when hospitals are under attack. Sometimes the first signal is a locked EHR, diverted ambulances, and a clinical team scrambling to deliver care without the tools they trained on. We sit down with Butzel attorney Claudia Rast—leader of cybersecurity and AI practices and former co-chair of the ABA’s presidential cybersecurity task force—to unpack how threat actors use agentic AI, why ransom demands can look rational in a crisis, and what real resilience looks like when patient safety is on the line. Claudia traces the evolution from broken-English phish to sophisticated campaigns backed by help desks, localization, and AI that scouts vulnerabilities without human prompting. We explore the uncomfortable math of ransom vs. rebuild, how cyber insurance shapes early decisions, and the practical controls that shorten downtime: endpoint detection and response, network segmentation, immutable backups, and tested recovery plans. The conversation gets candid about healthcare’s unique weaknesses—legacy systems, aging devices, and hundreds of tightly coupled apps that can turn one misconfiguration into a cascading failure. On the legal front, we break down the surge in class action lawsuits after breach notifications, California’s privacy framework and its limits, and the rise of claims under old wiretap laws aimed at website tracking. We also dig into AI risk beyond cyber: how feeding code or confidential prompts into public models can burn trade secrets, why blocking public AI tools often beats long unread policies, and how to contract for third-party AI use, data stewardship, and derivative works. We close with the human layer: deepfake-enabled fraud, out-of-band verification, and a culture that practices the plan before the worst day arrives. Subscribe, share with a colleague who handles cyber or compliance, and leave a review with your top takeaway. Your feedback helps more healthcare teams find the playbook that keeps care online when it matters most.

The alarms aren’t just in the data center anymore. When ransomware shutters clinics and pushes oncology schedules into chaos, the question isn’t “What did they exfiltrate?” It’s “Who didn’t get care?” We sit down with Jen Ellis, founder of NextGen Security and co-chair of the Ransomware Task Force, to unpack how cybersecurity in healthcare became a patient safety issue—and what it will take to keep care running when attackers hit. Jen takes us inside the pandemic spike in hospital attacks and the wrenching ransom debate, including a parent of a child with cancer willing to remortgage their home to restart treatment. From there we trace the policy ripple effects: international disruption efforts, sanctions, tighter crypto oversight, and the Counter Ransomware Initiative. None of it is a silver bullet, especially as AI lowers the barrier for criminals, but coordinated action is raising attacker costs and forcing them to work harder. We go beyond headlines to the budget math inside hospitals running on razor-thin margins, where a “CISO” might be a stretched administrator with no real authority. Frameworks like NIST CSF are solid, but adoption stalls without clear sequencing, funding, and maturity paths tailored to small teams who can’t take systems down to patch. Jen makes the case for secure-by-design to shift burden upstream to vendors and highlights FDA’s connected medical device program as a model: collaborative, iterative, and capable of real enforcement. We also tackle the rise of class action lawsuits after breaches and how they can discourage disclosure and distort incentives, even as we protect pathways for those who can show genuine harm. If you care about keeping ICUs open, protecting critical workflows, and helping clinicians deliver safe care under pressure, this conversation is for you. Follow, share with a colleague who works in healthcare, and leave a review with your take: What’s the one change—policy, funding, or vendor accountability—that would most improve patient safety against cyber threats?