Cyber Survivor

Dan Dodson

Welcome to ”Cyber Survivor,” where host Dan Dodson uncovers the stories of resilience and innovation in healthcare cybersecurity. Explore real-world insights from doctors, administrators, and IT professionals on safeguarding data and privacy amid modern digital challenges. Join us for essential strategies and tales of triumph in the fight against cyber threats.

  1. FEB 5

    Episode 26- When Medical Devices Meet Malware: Axel Wirth on Cyber Risk in Care

    Cyber Survivor host Dan Dodson interviews Axel Wirth, chief security strategist at MedCrypt, about the rising cyber risks facing medical devices and what that means for patient care. Wirth explains that he began as a hardware electrical engineer in the medical device and health IT world before moving into cybersecurity in 2008, eventually focusing exclusively on medical device security and helping manufacturers both improve their products and meet evolving global regulatory expectations. Over the last decade, he has seen clear maturation: regulators like the FDA and international counterparts now explicitly require cybersecurity as part of market approval, and some devices are even being rejected solely for cybersecurity shortcomings, prompting manufacturers to strengthen designs and documentation. Dodson and Wirth then dig into the massive challenge of legacy devices: millions of clinically functional but aging devices—CT and MRI scanners, infusion pumps, and more—remain deployed in hospitals, often with serious vulnerabilities and enormous replacement costs. They note that healthcare operates on tight or negative margins, making large-scale replacement difficult, and that any change introduces disruption, retraining needs, and operational risk. Wirth points to industry efforts, such as detailed guidance on legacy devices, but questions whether the sector can move fast enough given the growing sophistication of attackers and the broad attack surface created by all these connected systems. They explore the threat landscape, emphasizing that risk has increased significantly. Attackers have not yet commonly launched deliberate, patient‑harming attacks on medical devices themselves; instead, devices often become collateral damage when they run unpatched commercial operating systems targeted by generic malware, as illustrated by the WannaCry incident that crippled the UK’s NHS and disrupted care. Wirth also cites evidence of criminal groups that intentionally use medical devices as entry points into hospital networks, as well as the economic incentives behind ransomware campaigns that seek to disrupt care, raising pressure on hospitals to pay ransoms to restore operations quickly. Looking ahead, they discuss how AI and geopolitics will accelerate and intensify threats. Wirth notes that AI already enables cheaper, highly targeted attacks, with some campaigns now largely executed by automated tools, and he expects that trend to grow. At the same time, more nation‑state and hacktivist actors are likely to see healthcare as a strategic target. While there has been real progress—better tooling for manufacturers and hospitals, improved device architectures, stronger inventory visibility, network segmentation, and clearer regulatory pressure—Wirth is skeptical that defenders are improving faster than attackers. He worries that a large, catalytic event, similar to WannaCry but perhaps even more severe in healthcare, may be what finally forces the scale of investment and coordination needed. The conversation also highlights operational friction between hospitals and manufacturers. Dodson raises the frustration many CISOs feel: patch cycles are slow and complex, responsibility is fragmented across IT, biomed/clinical engineering, third‑party servicers, and cybersecurity teams, and hospitals often end up “holding the bag” after an incident. Wirth agrees that patching is inherently complex—vulnerabilities must be verified, patches developed and tested, then deployed without compromising clinical operations—and that delays occur on both sides. However, he stresses that both manufacturers and providers are getting better: post‑market security responsibilities are more widely accepted, tooling is improving for patch development and deployment, and hospitals are investing in visibility and governance over who owns medical device security decisions. Despite his concerns, Wirth ends on a cautiously optimistic note. He contrasts today’s collaborative climate with the adversarial posture he saw around 2008, when early medical‑device hack research was met with legal threats and blame‑shifting rather than constructive dialogue. Now, regulators, manufacturers, service providers, and healthcare organizations are far more willing to acknowledge problems and work together on solutions. Dodson closes by underscoring that this kind of collaboration among “the good guys” will be essential if defenders are to keep pace with rapidly evolving adversaries and protect what ultimately matters most: safe, reliable care for patients.

    28 min

  2. JAN 22

    Episode 25–Tabletop Drills, Real‑World Outages. With Greg Surla

    A cyberattack on a vendor shouldn’t be the moment a hospital learns how interconnected its world really is. We sit down with Greg Surla, Chief Information Security Officer at FinThrive, to unpack how third‑party risk, revenue cycle platforms, and frontline care are woven together—and why resilience depends on planning with partners before the crisis hits. From joint tabletop exercises that include critical vendors to pre-approved workarounds like VDI access and hardened loaner devices, we map the moves that keep care running when networks go dark.   Greg shares blunt lessons from breaches and acquisitions: forgotten cloud servers, weak asset inventories, and the relentless toll of a three‑week ransomware fight. The takeaway isn’t fear; it’s preparation. We dig into ransomware‑specific drills, cyber insurance that funds expert responders, and the automation needed to triage the daily flood of vulnerabilities. We also explore culture as a control, showing how life‑first security education—holiday scams, tax fraud, device safety—builds habits that protect both home and hospital, and creates the groundswell that gets C‑suite support.   As AI supercharges attackers and budget pressures squeeze providers, cybersecurity has to be framed as a business enabler. Secure revenue cycle equals payroll, access to care, and community trust. Greg explains how to translate risk for boards, align controls to clinical and financial goals, and replace reflexive “no” with “yes, if” to stay part of the conversation that shapes strategy. The result is a practical, human playbook for healthcare security: automate the routine, practice the hard days with partners, invest in asset visibility, and collaborate across the industry. Subscribe, share with a colleague who handles vendor risk, and leave a review with your top resilience tactic—we’ll feature the best ideas in a future show.

    24 min

  3. JAN 8

    Episode 24- How Medical Device Security Protects Care At Scale. With Phil Englert

    A hospital room can hold 10 to 20 networked devices, each vital to care—and each a potential doorway for attackers. We sit down with Phil Englert, VP of Medical Device Security at Health ISAC, to explore how connected care improves outcomes while reshaping risk, and why building resilience and rapid recovery plans is now as critical as prevention. Phil traces the evolution from clinician-driven data sharing to an era where massive datasets attract criminal interest. We dig into the Patch Act’s new authority for the FDA, how SBOMs change accountability, and what secure-by-design looks like for both embedded systems and devices running full operating systems. The conversation gets practical: segment where you can, monitor where you must, and treat cyber as a failure mode. That mindset leads to faster restorations—ghosted drives ready to swap, configs backed up, and downtime measured in hours rather than weeks. We also pull back the curtain on Health ISAC’s member-led workstreams: aligning manufacturers and providers on a concise set of priority controls, creating shared security metrics that resonate from boardroom to engineering, and running joint tabletop exercises to close response gaps. Beyond the hospital, we examine AI-enabled diagnostics and the rise of hospital-at-home, where patient-owned tech can’t be trusted as a control point and multilingual, culturally aware resources become essential for scale. Throughout, we tackle tough questions—why attackers target data over device manipulation, whether paying ransom actually speeds recovery, and how to keep care moving when the EHR or network goes dark. If you care about medical device security, healthcare cybersecurity, ransomware resilience, or the future of connected care, this conversation offers clear takeaways and next steps. Listen, share with your team, and help raise the floor across healthcare. Subscribe, leave a review, and tell us: what control would you prioritize first?

    43 min

  4. 12/25/2025

    Episode 23- From the Battlefield to the Server Room: Dr. C.S. Kruse on Defending Healthcare

    The conversation explores how healthcare’s rapid digitization has improved patient outcomes while dramatically increasing cyber risk, making hospitals lucrative, constantly targeted entities. Dr. C.S. Kruse traces his path from Army Medical Service Corps IT specialist to academic leader and prolific researcher in health IT and cybersecurity, emphasizing both technology’s clinical benefits and its “dark side.”He and host Dan Dodson discuss AI as a dual-use tool, underinvestment and budget tensions, ransomware-driven clinical disruptions, basic but often-missed security practices, EU-style cyber resiliency standards, and the need for stronger policy, mandatory reporting, and resilient clinical workflows when systems fail.

    38 min

  5. 12/11/2025

    Episode 22- Ransom or Rebuild? Claudia Rast on the Hard Math of Hospital Cyberattacks

    Alarms don’t always sound when hospitals are under attack. Sometimes the first signal is a locked EHR, diverted ambulances, and a clinical team scrambling to deliver care without the tools they trained on. We sit down with Butzel attorney Claudia Rast—leader of cybersecurity and AI practices and former co-chair of the ABA’s presidential cybersecurity task force—to unpack how threat actors use agentic AI, why ransom demands can look rational in a crisis, and what real resilience looks like when patient safety is on the line. Claudia traces the evolution from broken-English phish to sophisticated campaigns backed by help desks, localization, and AI that scouts vulnerabilities without human prompting. We explore the uncomfortable math of ransom vs. rebuild, how cyber insurance shapes early decisions, and the practical controls that shorten downtime: endpoint detection and response, network segmentation, immutable backups, and tested recovery plans. The conversation gets candid about healthcare’s unique weaknesses—legacy systems, aging devices, and hundreds of tightly coupled apps that can turn one misconfiguration into a cascading failure. On the legal front, we break down the surge in class action lawsuits after breach notifications, California’s privacy framework and its limits, and the rise of claims under old wiretap laws aimed at website tracking. We also dig into AI risk beyond cyber: how feeding code or confidential prompts into public models can burn trade secrets, why blocking public AI tools often beats long unread policies, and how to contract for third-party AI use, data stewardship, and derivative works. We close with the human layer: deepfake-enabled fraud, out-of-band verification, and a culture that practices the plan before the worst day arrives. Subscribe, share with a colleague who handles cyber or compliance, and leave a review with your top takeaway. Your feedback helps more healthcare teams find the playbook that keeps care online when it matters most.

    31 min

  6. 11/27/2025

    Episode 21- How Healthcare Cybersecurity Became A Patient Safety Issue. With Jen Ellis

    The alarms aren’t just in the data center anymore. When ransomware shutters clinics and pushes oncology schedules into chaos, the question isn’t “What did they exfiltrate?” It’s “Who didn’t get care?” We sit down with Jen Ellis, founder of NextGen Security and co-chair of the Ransomware Task Force, to unpack how cybersecurity in healthcare became a patient safety issue—and what it will take to keep care running when attackers hit. Jen takes us inside the pandemic spike in hospital attacks and the wrenching ransom debate, including a parent of a child with cancer willing to remortgage their home to restart treatment. From there we trace the policy ripple effects: international disruption efforts, sanctions, tighter crypto oversight, and the Counter Ransomware Initiative. None of it is a silver bullet, especially as AI lowers the barrier for criminals, but coordinated action is raising attacker costs and forcing them to work harder. We go beyond headlines to the budget math inside hospitals running on razor-thin margins, where a “CISO” might be a stretched administrator with no real authority. Frameworks like NIST CSF are solid, but adoption stalls without clear sequencing, funding, and maturity paths tailored to small teams who can’t take systems down to patch. Jen makes the case for secure-by-design to shift burden upstream to vendors and highlights FDA’s connected medical device program as a model: collaborative, iterative, and capable of real enforcement. We also tackle the rise of class action lawsuits after breaches and how they can discourage disclosure and distort incentives, even as we protect pathways for those who can show genuine harm. If you care about keeping ICUs open, protecting critical workflows, and helping clinicians deliver safe care under pressure, this conversation is for you. Follow, share with a colleague who works in healthcare, and leave a review with your take: What’s the one change—policy, funding, or vendor accountability—that would most improve patient safety against cyber threats?

    54 min

  7. 11/13/2025

    Episode 20- From Patients to Products: Cybersecurity Across Sectors. With Brent Yax

    Cyber threats don’t just steal data—they halt care, cancel clinics, and shake trust. I sat down with Brent Yax, founder and CEO of Aweccom Technologies to unpack the hard truth: today’s attackers are profit-driven, organized, and focused on disrupting operations until we pay. We trace how the threat landscape shifted from amateur mischief to a mature cyber economy, why small and mid-market healthcare organizations are now prime targets, and what actually works to protect patients and keep the lights on. Brent shares a frontline view of resilience that blends technology, process, and culture. We get practical about where to start—multi-factor authentication, EDR/MDR, verified payment workflows, and realistic incident response plans that restore services fast. We also talk about the messy side of cyber insurance: why policies push the market forward, how ambiguous questionnaires can void coverage, and why IT, risk, and finance must stay aligned as environments change. The throughline is clear: tools are essential, but people and process failures still drive most breaches. We dive into AI’s double edge. On defense, AI helps detect CEO fraud by learning language patterns, flags configuration drift across complex stacks, and surfaces risk right after routine changes. On offense, careless use of public AI can leak protected data in seconds. Frank breaks down smart adoption—enterprise controls, clear data policies, and training that meets people where they are. From there, we zoom out to zero trust: assume compromise, minimize privileges, and verify every identity, including AI agents. It’s a journey, but it shrinks the blast radius and boosts recovery when it matters most. If you care about delivering reliable care in an unreliable world, this conversation gives you a playbook: align the C-suite, test your incident plan, raise your security baseline, and make training universal—especially for executives and help desks. Subscribe, share with a colleague who owns risk, and leave a review with the one control you’re prioritizing next. Your input helps more teams protect patients and stay ready for what’s coming.

  8. 10/30/2025

    Episode 19- Building Resilient Cyber Communities in Healthcare: A Conversation with Drex DeFord

    Dan Dodson hosts Drex DeFord, a leader in healthcare cybersecurity, to discuss the evolution and current state of cybersecurity in healthcare. Drex shares his career journey from a hospital administrator in the Air Force to leading roles in various healthcare organizations and consulting for tech companies. He describes how the rapid digitization of healthcare, particularly through electronic health record (EHR) adoption and the lack of simultaneous investment in cybersecurity, led to an expanded risk landscape and new threats like ransomware. The conversation covers the unintended consequences of digitization, including physician burnout, and weighs whether these changes were “worth it”—both agree that overall care has improved. They discuss the rise of artificial intelligence in healthcare, its promise for improving clinical care, and the double-edged sword it presents from a security perspective. Drex emphasizes the importance of organizational awareness, responsible AI adoption, and ongoing education. Another major topic is the creation of strong professional communities (such as the 229 project) where cybersecurity leaders and partners can candidly share challenges and solutions, fostering both personal relationships and collective resilience. Current pressing issues include AI, third-party vendor risk management, and maintaining continuity of care when electronic systems fail. They highlight the challenges of prioritizing essential systems (“minimum viable hospital”) and the political difficulties in governance. Progress is noted in industry awareness, stronger data sharing, and board-level engagement in cybersecurity, but resource constraints and increasing complexity remain challenges. Drex concludes by advocating for ongoing collaboration, fundamentals in security practice, and leveraging technology and communities for better patient outcomes. Listeners are encouraged to connect via the 229 project and related platforms.

    44 min
See All (26)

Ratings & Reviews

5
out of 5
8 Ratings

About

Welcome to ”Cyber Survivor,” where host Dan Dodson uncovers the stories of resilience and innovation in healthcare cybersecurity. Explore real-world insights from doctors, administrators, and IT professionals on safeguarding data and privacy amid modern digital challenges. Join us for essential strategies and tales of triumph in the fight against cyber threats.

Information

  • Creator
    Dan Dodson
  • Years Active
    2025 - 2026
  • Episodes
    26
  • Rating
    Clean
  • Copyright
    © 2025 Cyber Survivor
  • Show Website
    Cyber Survivor