Episode 35- How Healthcare CISOs Earn Trust And Funding. With Dr. Dennis Leber

Episode 35- How Healthcare CISOs Earn Trust And Funding. With Dr. Dennis Leber

A hospital can survive bad press. It might even survive a tough quarter. What it can’t survive is a cyber event that shuts down care. That’s why we sit down with Dr. Dennis Leber, a longtime healthcare cybersecurity leader with a background in law enforcement and military service, to talk about what “cybersecurity is patient safety” really means when systems fail and clinicians still have to treat people. We unpack how the cyber threat landscape has evolved from on-prem data centers and manual processes to cloud-first environments where identity is the main target. Dr. Leber explains why adversaries are shifting toward directory takeovers and why CISOs have to stay ahead of fast-moving change, including AI-powered attacks and the longer-term pressure of quantum computing. We also get practical about incident readiness: tabletop exercises with executives, thinking in weeks of downtime instead of days, and focusing on detection, response, and remediation so operations can keep moving. The CISO role comes up again and again, not as “the Department of No,” but as a translator who connects controls to business goals, clinical risk, revenue protection, and resilience. Dr. Leber  shares ways to build trust across the organization, make a clear ROI case for investment, and push governance forward with better board-level questions and accountability. Then we go deep on AI in healthcare: shadow AI, HIPAA data leakage, treating AI like a non-human identity, and setting guardrails so teams can use AI as a partner without losing control of data or cost. If you care about healthcare cybersecurity, hospital operations, patient safety, or responsible AI, this one is for you. Subscribe, share with a colleague, and leave a review with the one question you want CISOs and boards to be asking right now.

Episode 34- Robots, Paper Charts, And One Very Long Day.

A cyber event doesn’t feel “digital” when you’re the one on the gurney. We’re joined by Jack, who shares his story anonymously after being impacted as a patient during a hospital cyber incident while being treated for prostate cancer. He takes us from pre-surgery nerves to the uncomfortable reality of not fully knowing what’s happening once you’re under anesthesia and relying on a care team, technology, and processes you can’t see.  We talk about robotic-assisted surgery and why connected medical devices can raise new questions in the patient’s mind, even when the clinical goal is the safest, most effective approach. Jack describes waking up to an unexpected timeline, hearing bits and pieces about “something” going wrong, and then dealing with a major post-op life change: learning to live with a temporary colostomy bag. It’s an unfiltered reminder that ransomware in healthcare, EHR downtime, and operational disruption can ripple into real patient outcomes, comfort, and trust.  We also dig into what he noticed on the hospital floor when systems went down, including the shift to paper charting and how staff handled conversation around the disruption. Along the way, we wrestle with a tough question for healthcare leaders, administrators, and cybersecurity teams: how transparent should hospitals be with patients during and after a cyberattack, and what does “enough information” look like when care must continue?  If you care about patient safety, healthcare cybersecurity, and the human side of incident response, listen and share this story with someone who needs to hear it. Subscribe to Cyber Survivor, leave a review, and tell us your take: what would you want your hospital to communicate if systems failed?

Episode 33- What Happens To Patients When Clinics Get Hacked

A handwritten note on a doctor’s office door doesn’t sound like the start of a cybersecurity story until you realize the clinic can’t even tell you why they’re closed. I’m Dan Dotson, and I sit down with our second John Doe, who’s spent nearly two decades in healthcare cybersecurity, to unpack what it feels like when the crisis you usually defend against suddenly hits you as a patient. John walks us through the surreal details: an eerily empty parking lot, dark hallways, no call despite an appointment confirmed the day before, and a weekend of waiting with unanswered questions. When he finally reaches the office, he hears the words no patient wants to hear: “We got hacked.” From there, we dig into the real-world impact of a clinic cyberattack, including delayed care, postponed referrals and tests, and the mental load of wondering whether your protected health information is exposed. We also get specific about what healthcare leaders can do better: incident response plans that include patient communication, scripts and training for front-desk teams, escalation paths for tough calls, and a thoughtful approach that protects trust while facts are still emerging. If you care about healthcare cybersecurity, ransomware resilience, patient safety, or HIPAA-era communication, this story connects the technical and human sides in a way that sticks. Subscribe to Cyber Survivor, share this with someone who works in healthcare, and leave a review so more people hear how cybersecurity protects patients. What would you expect your clinic to say if their systems went down?

Episode 32- A Patient’s Story From Inside A Ransomware Attack

The scariest words in a hospital shouldn’t be “systems are down,” but that’s exactly what John hears while he’s lying in a bed with crushing pain, fever, and doctors worried an infection could be moving toward sepsis. He came in expecting fast answers and coordinated care. Instead, he watches a modern emergency workflow buckle under a ransomware incident, and he feels the emotional whiplash that comes when patient safety suddenly depends on clipboards, phone calls, and memory. We talk through what a healthcare cyberattack looks like from the patient’s side: staff scrambling to find orders they can’t see, “shortly” turning into long delays for antibiotics, lab results arriving slowly or needing retesting, and the constant uncertainty of not knowing what comes next. John describes how electronic health record downtime changes the tone of care, not because clinicians stop caring, but because systems that normally keep treatment organized and safe are no longer available. The result is a roller coaster of fear, especially when every minute feels like it matters. Then we follow the story past the hospital stay. John ends up admitted longer than expected, leaves with shaken confidence in the health system, and receives no post-discharge outreach or apology. That silence becomes part of the lasting impact, raising a hard question for healthcare cybersecurity leaders, IT teams, and administrators: how do we rebuild trust after ransomware, and how do we communicate in a way that supports patients without creating more confusion? If you care about ransomware defense, incident response, patient safety, and cyber resilience in healthcare, listen now, then subscribe, share the episode with someone in healthcare, and leave a review so more people hear what downtime really costs.

Episode 31- Healthcare Downtime Ready. With Dr. Mark Yoffe, MD

A hospital can survive a lot, but it cannot treat patients when core clinical systems go dark. We sit down with Dr. Mark Yoffe, a physician who also thinks like a cybersecurity leader, to unpack what healthcare cyber risk really looks like from the bedside. As electronic health records replaced paper charts, care got faster and more coordinated, but the blast radius of outages, ransomware, and credential theft grew right along with it. The result is a modern truth most communities now feel: cybersecurity is not just about data, it is about keeping care available. We use the confidentiality, integrity, and availability triad as a practical lens for clinicians and IT teams. Why do physicians often prioritize availability in the ED and ICU? How do security controls like multifactor authentication support uptime, not just privacy? And what does real downtime readiness look like when a team is busy, short-staffed, and under pressure? Dr. Yoffe shares concrete steps that help: clearer downtime alerts, knowing exactly what systems are affected, paper forms staged throughout the hospital, and a plan for post-downtime reconciliation so the record stays accurate. We also dig into what actually wins physician buy-in. Instead of leading with restrictions, start by solving access and workflow pain points and show how security enables reliable clinical operations. From safer device habits and avoiding insecure SMS texting to case-based training that mirrors how clinicians learn, we outline education that sticks. Finally, we explore AI in healthcare documentation: where it can cut charting time, where privacy and cloud processing raise red flags, and why keeping a human in the loop protects record integrity. If you care about patient safety, healthcare cybersecurity, EHR downtime planning, and the future of AI in clinical workflow, hit subscribe, share this with a colleague, and leave a review with your biggest question about cyber readiness.