Dan Dodson hosts Drex DeFord, a leader in healthcare cybersecurity, to discuss the evolution and current state of cybersecurity in healthcare. Drex shares his career journey from a hospital administrator in the Air Force to leading roles in various healthcare organizations and consulting for tech companies. He describes how the rapid digitization of healthcare, particularly through electronic health record (EHR) adoption and the lack of simultaneous investment in cybersecurity, led to an expanded risk landscape and new threats like ransomware.

The conversation covers the unintended consequences of digitization, including physician burnout, and weighs whether these changes were “worth it”—both agree that overall care has improved. They discuss the rise of artificial intelligence in healthcare, its promise for improving clinical care, and the double-edged sword it presents from a security perspective. Drex emphasizes the importance of organizational awareness, responsible AI adoption, and ongoing education.

Another major topic is the creation of strong professional communities (such as the 229 project) where cybersecurity leaders and partners can candidly share challenges and solutions, fostering both personal relationships and collective resilience. Current pressing issues include AI, third-party vendor risk management, and maintaining continuity of care when electronic systems fail. They highlight the challenges of prioritizing essential systems (“minimum viable hospital”) and the political difficulties in governance.

Progress is noted in industry awareness, stronger data sharing, and board-level engagement in cybersecurity, but resource constraints and increasing complexity remain challenges. Drex concludes by advocating for ongoing collaboration, fundamentals in security practice, and leveraging technology and communities for better patient outcomes. Listeners are encouraged to connect via the 229 project and related platforms.

Dan Dodson interviews Dr. Bradley Fowler, author of “Cybersecurity Leadership for Healthcare Organizations and Institutions of Higher Education,” discussing the pressing cybersecurity workforce shortages and the role of education and leadership in addressing risks. Dr. Fowler shares insights from his research, emphasizing human error as a major cause of breaches and the critical need for robust policy compliance and updated training in healthcare. He introduces frameworks that support risk management and highlights collaboration, ongoing education, and the integration of industrial-organizational psychology as central to effective cybersecurity. His book is intended for IT professionals, managers, and anyone leveraging technology in modern workplaces .

This episode distills memorable insights from six months of interviews with healthcare cybersecurity leaders and clinicians. The five lessons: focus on fundamentals over flashy tech (Phil Alexander), ensure leadership at all levels (Chrissi Maguire), rely on preparation and people during outages (Katrina Brown), recognize every cyber event as a patient safety issue (Dr. Jeffery Tully), and cultivate strong governance and organizational culture (Stephen Ramirez). These frontline stories emphasize that effective cybersecurity in healthcare is built on resilience, teamwork, and a relentless commitment to patient safety and organizational culture.