The conversation explores how healthcare’s rapid digitization has improved patient outcomes while dramatically increasing cyber risk, making hospitals lucrative, constantly targeted entities. Dr. C.S. Kruse traces his path from Army Medical Service Corps IT specialist to academic leader and prolific researcher in health IT and cybersecurity, emphasizing both technology’s clinical benefits and its “dark side.”He and host Dan Dodson discuss AI as a dual-use tool, underinvestment and budget tensions, ransomware-driven clinical disruptions, basic but often-missed security practices, EU-style cyber resiliency standards, and the need for stronger policy, mandatory reporting, and resilient clinical workflows when systems fail.

Alarms don’t always sound when hospitals are under attack. Sometimes the first signal is a locked EHR, diverted ambulances, and a clinical team scrambling to deliver care without the tools they trained on. We sit down with Butzel attorney Claudia Rast—leader of cybersecurity and AI practices and former co-chair of the ABA’s presidential cybersecurity task force—to unpack how threat actors use agentic AI, why ransom demands can look rational in a crisis, and what real resilience looks like when patient safety is on the line.

Claudia traces the evolution from broken-English phish to sophisticated campaigns backed by help desks, localization, and AI that scouts vulnerabilities without human prompting. We explore the uncomfortable math of ransom vs. rebuild, how cyber insurance shapes early decisions, and the practical controls that shorten downtime: endpoint detection and response, network segmentation, immutable backups, and tested recovery plans. The conversation gets candid about healthcare’s unique weaknesses—legacy systems, aging devices, and hundreds of tightly coupled apps that can turn one misconfiguration into a cascading failure.

On the legal front, we break down the surge in class action lawsuits after breach notifications, California’s privacy framework and its limits, and the rise of claims under old wiretap laws aimed at website tracking. We also dig into AI risk beyond cyber: how feeding code or confidential prompts into public models can burn trade secrets, why blocking public AI tools often beats long unread policies, and how to contract for third-party AI use, data stewardship, and derivative works. We close with the human layer: deepfake-enabled fraud, out-of-band verification, and a culture that practices the plan before the worst day arrives.

Subscribe, share with a colleague who handles cyber or compliance, and leave a review with your top takeaway. Your feedback helps more healthcare teams find the playbook that keeps care online when it matters most.

The alarms aren’t just in the data center anymore. When ransomware shutters clinics and pushes oncology schedules into chaos, the question isn’t “What did they exfiltrate?” It’s “Who didn’t get care?” We sit down with Jen Ellis, founder of NextGen Security and co-chair of the Ransomware Task Force, to unpack how cybersecurity in healthcare became a patient safety issue—and what it will take to keep care running when attackers hit.

Jen takes us inside the pandemic spike in hospital attacks and the wrenching ransom debate, including a parent of a child with cancer willing to remortgage their home to restart treatment. From there we trace the policy ripple effects: international disruption efforts, sanctions, tighter crypto oversight, and the Counter Ransomware Initiative. None of it is a silver bullet, especially as AI lowers the barrier for criminals, but coordinated action is raising attacker costs and forcing them to work harder.

We go beyond headlines to the budget math inside hospitals running on razor-thin margins, where a “CISO” might be a stretched administrator with no real authority. Frameworks like NIST CSF are solid, but adoption stalls without clear sequencing, funding, and maturity paths tailored to small teams who can’t take systems down to patch. Jen makes the case for secure-by-design to shift burden upstream to vendors and highlights FDA’s connected medical device program as a model: collaborative, iterative, and capable of real enforcement. We also tackle the rise of class action lawsuits after breaches and how they can discourage disclosure and distort incentives, even as we protect pathways for those who can show genuine harm.

If you care about keeping ICUs open, protecting critical workflows, and helping clinicians deliver safe care under pressure, this conversation is for you. Follow, share with a colleague who works in healthcare, and leave a review with your take: What’s the one change—policy, funding, or vendor accountability—that would most improve patient safety against cyber threats?

Cyber threats don’t just steal data—they halt care, cancel clinics, and shake trust. I sat down with Brent Yax, founder and CEO of Aweccom Technologies to unpack the hard truth: today’s attackers are profit-driven, organized, and focused on disrupting operations until we pay. We trace how the threat landscape shifted from amateur mischief to a mature cyber economy, why small and mid-market healthcare organizations are now prime targets, and what actually works to protect patients and keep the lights on.

Brent shares a frontline view of resilience that blends technology, process, and culture. We get practical about where to start—multi-factor authentication, EDR/MDR, verified payment workflows, and realistic incident response plans that restore services fast. We also talk about the messy side of cyber insurance: why policies push the market forward, how ambiguous questionnaires can void coverage, and why IT, risk, and finance must stay aligned as environments change. The throughline is clear: tools are essential, but people and process failures still drive most breaches.

We dive into AI’s double edge. On defense, AI helps detect CEO fraud by learning language patterns, flags configuration drift across complex stacks, and surfaces risk right after routine changes. On offense, careless use of public AI can leak protected data in seconds. Frank breaks down smart adoption—enterprise controls, clear data policies, and training that meets people where they are. From there, we zoom out to zero trust: assume compromise, minimize privileges, and verify every identity, including AI agents. It’s a journey, but it shrinks the blast radius and boosts recovery when it matters most.

If you care about delivering reliable care in an unreliable world, this conversation gives you a playbook: align the C-suite, test your incident plan, raise your security baseline, and make training universal—especially for executives and help desks. Subscribe, share with a colleague who owns risk, and leave a review with the one control you’re prioritizing next. Your input helps more teams protect patients and stay ready for what’s coming.

Dan Dodson hosts Drex DeFord, a leader in healthcare cybersecurity, to discuss the evolution and current state of cybersecurity in healthcare. Drex shares his career journey from a hospital administrator in the Air Force to leading roles in various healthcare organizations and consulting for tech companies. He describes how the rapid digitization of healthcare, particularly through electronic health record (EHR) adoption and the lack of simultaneous investment in cybersecurity, led to an expanded risk landscape and new threats like ransomware.

The conversation covers the unintended consequences of digitization, including physician burnout, and weighs whether these changes were “worth it”—both agree that overall care has improved. They discuss the rise of artificial intelligence in healthcare, its promise for improving clinical care, and the double-edged sword it presents from a security perspective. Drex emphasizes the importance of organizational awareness, responsible AI adoption, and ongoing education.

Another major topic is the creation of strong professional communities (such as the 229 project) where cybersecurity leaders and partners can candidly share challenges and solutions, fostering both personal relationships and collective resilience. Current pressing issues include AI, third-party vendor risk management, and maintaining continuity of care when electronic systems fail. They highlight the challenges of prioritizing essential systems (“minimum viable hospital”) and the political difficulties in governance.

Progress is noted in industry awareness, stronger data sharing, and board-level engagement in cybersecurity, but resource constraints and increasing complexity remain challenges. Drex concludes by advocating for ongoing collaboration, fundamentals in security practice, and leveraging technology and communities for better patient outcomes. Listeners are encouraged to connect via the 229 project and related platforms.

Dan Dodson interviews Dr. Bradley Fowler, author of “Cybersecurity Leadership for Healthcare Organizations and Institutions of Higher Education,” discussing the pressing cybersecurity workforce shortages and the role of education and leadership in addressing risks. Dr. Fowler shares insights from his research, emphasizing human error as a major cause of breaches and the critical need for robust policy compliance and updated training in healthcare. He introduces frameworks that support risk management and highlights collaboration, ongoing education, and the integration of industrial-organizational psychology as central to effective cybersecurity. His book is intended for IT professionals, managers, and anyone leveraging technology in modern workplaces .

This episode distills memorable insights from six months of interviews with healthcare cybersecurity leaders and clinicians. The five lessons: focus on fundamentals over flashy tech (Phil Alexander), ensure leadership at all levels (Chrissi Maguire), rely on preparation and people during outages (Katrina Brown), recognize every cyber event as a patient safety issue (Dr. Jeffery Tully), and cultivate strong governance and organizational culture (Stephen Ramirez). These frontline stories emphasize that effective cybersecurity in healthcare is built on resilience, teamwork, and a relentless commitment to patient safety and organizational culture.

What happens when artificial intelligence starts making healthcare decisions faster than humans can review them? Dr. Ali Dehghantanha’s Professor and Canadian Research Chair in Cybersecurity and Threat Intelligence, takes us on a fascinating journey through the evolving landscape of healthcare cybersecurity where self-healing AI systems may soon become our frontline defenders.

The cybersecurity battlefield shifts constantly. From database security to cloud protection to today's AI systems, Dr. Dehghantanha explains why "the only thing constant in cybersecurity is change." This rapid evolution creates unique challenges for healthcare organizations trying to protect patient data while embracing transformative technologies. As healthcare increasingly relies on AI for clinical decision support, the cybersecurity stakes have never been higher.

Dr. Dehghantanha’s groundbreaking research focuses on self-healing AI systems that automatically detect and repair vulnerabilities without human intervention. This capability becomes critical in healthcare environments where AI analyzes clinical data and makes treatment recommendations at speeds beyond human oversight capabilities. The self-healing component provides essential guardrails against potentially harmful decisions that exceed the system's design parameters.

Cultural and socioeconomic factors significantly influence AI adoption in healthcare. Less-regulated regions and underserved communities often embrace AI healthcare solutions more readily when traditional medical resources are scarce. This accelerates adoption but raises critical questions about verification and potential exploitation by adversaries. As patients increasingly trust AI-generated medical advice, these systems become prime targets for sophisticated cyberattacks that could manipulate clinical recommendations.

Join us for this thought-provoking conversation about the delicate balance between AI innovation and security in healthcare. Dr. Ali challenges us to consider not just how we implement AI, but how we protect these systems when they become responsible for life-or-death decisions. The future of healthcare cybersecurity lies at this intersection of human expertise, artificial intelligence, and robust security frameworks.