The conversation explores how healthcare’s rapid digitization has improved patient outcomes while dramatically increasing cyber risk, making hospitals lucrative, constantly targeted entities. Dr. C.S. Kruse traces his path from Army Medical Service Corps IT specialist to academic leader and prolific researcher in health IT and cybersecurity, emphasizing both technology’s clinical benefits and its “dark side.”He and host Dan Dodson discuss AI as a dual-use tool, underinvestment and budget tensions, ransomware-driven clinical disruptions, basic but often-missed security practices, EU-style cyber resiliency standards, and the need for stronger policy, mandatory reporting, and resilient clinical workflows when systems fail.

Alarms don’t always sound when hospitals are under attack. Sometimes the first signal is a locked EHR, diverted ambulances, and a clinical team scrambling to deliver care without the tools they trained on. We sit down with Butzel attorney Claudia Rast—leader of cybersecurity and AI practices and former co-chair of the ABA’s presidential cybersecurity task force—to unpack how threat actors use agentic AI, why ransom demands can look rational in a crisis, and what real resilience looks like when patient safety is on the line.

Claudia traces the evolution from broken-English phish to sophisticated campaigns backed by help desks, localization, and AI that scouts vulnerabilities without human prompting. We explore the uncomfortable math of ransom vs. rebuild, how cyber insurance shapes early decisions, and the practical controls that shorten downtime: endpoint detection and response, network segmentation, immutable backups, and tested recovery plans. The conversation gets candid about healthcare’s unique weaknesses—legacy systems, aging devices, and hundreds of tightly coupled apps that can turn one misconfiguration into a cascading failure.

On the legal front, we break down the surge in class action lawsuits after breach notifications, California’s privacy framework and its limits, and the rise of claims under old wiretap laws aimed at website tracking. We also dig into AI risk beyond cyber: how feeding code or confidential prompts into public models can burn trade secrets, why blocking public AI tools often beats long unread policies, and how to contract for third-party AI use, data stewardship, and derivative works. We close with the human layer: deepfake-enabled fraud, out-of-band verification, and a culture that practices the plan before the worst day arrives.

Subscribe, share with a colleague who handles cyber or compliance, and leave a review with your top takeaway. Your feedback helps more healthcare teams find the playbook that keeps care online when it matters most.

The alarms aren’t just in the data center anymore. When ransomware shutters clinics and pushes oncology schedules into chaos, the question isn’t “What did they exfiltrate?” It’s “Who didn’t get care?” We sit down with Jen Ellis, founder of NextGen Security and co-chair of the Ransomware Task Force, to unpack how cybersecurity in healthcare became a patient safety issue—and what it will take to keep care running when attackers hit.

Jen takes us inside the pandemic spike in hospital attacks and the wrenching ransom debate, including a parent of a child with cancer willing to remortgage their home to restart treatment. From there we trace the policy ripple effects: international disruption efforts, sanctions, tighter crypto oversight, and the Counter Ransomware Initiative. None of it is a silver bullet, especially as AI lowers the barrier for criminals, but coordinated action is raising attacker costs and forcing them to work harder.

We go beyond headlines to the budget math inside hospitals running on razor-thin margins, where a “CISO” might be a stretched administrator with no real authority. Frameworks like NIST CSF are solid, but adoption stalls without clear sequencing, funding, and maturity paths tailored to small teams who can’t take systems down to patch. Jen makes the case for secure-by-design to shift burden upstream to vendors and highlights FDA’s connected medical device program as a model: collaborative, iterative, and capable of real enforcement. We also tackle the rise of class action lawsuits after breaches and how they can discourage disclosure and distort incentives, even as we protect pathways for those who can show genuine harm.

If you care about keeping ICUs open, protecting critical workflows, and helping clinicians deliver safe care under pressure, this conversation is for you. Follow, share with a colleague who works in healthcare, and leave a review with your take: What’s the one change—policy, funding, or vendor accountability—that would most improve patient safety against cyber threats?