Errol Weiss spent fourteen years in banking and finance before joining Health-ISAC, where he serves as Chief Security Officer. His career has tracked a quiet but profound shift in how critical sectors think about cyber defense, away from prevention at all costs, toward resilience and rapid recovery. In a conversation with Joe Pettit, Weiss explains why treating attacks as inevitable changes everything, why hospitals need to think like emergency rooms during a ransomware event, and what the pace of AI means for defenders already stretched thin. How has the mindset of healthcare shifted toward preparing for inevitable attacks, and what challenges still remain? I saw this shift…
Errol Weiss
Errol Weiss
Errol Weiss, Health-ISAC Chief Security Officer, has over 25 years of experience in Information Security beginning his career with the National Security Agency. He created and ran Citigroup’s Cyber Intelligence Center and was a Senior Vice President Executive with Bank of America’s Global Information Security team.
Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the cornerstone of patient privacy. The act established standards for how healthcare organizations handle and share patient data, creating a framework for ensuring confidentiality. But the healthcare landscape has transformed dramatically, and with it, the risks have multiplied. Emerging cyber threats and complex vulnerabilities have exposed critical gaps in HIPAA’s protections. In response, lawmakers are advancing new legislation aimed at fortifying healthcare organizations against the escalating tide of cyberattacks. Last year, lawmakers introduced two bills – the Healthcare Cybersecurity Act of 2024 and the Health Infrastructure Security and…
The global healthcare system has become increasingly integrated with third-party medical suppliers in recent years. These suppliers are vital in providing essential services, medical equipment, pharmaceuticals, and digital tools that healthcare organizations depend on to operate efficiently. However, while these integrations have undeniably enhanced efficiency across the medical supply chain, they have also created new vulnerabilities – vulnerabilities that cybercriminals are exploiting. In the past few months, three critical medical suppliers – OneBlood, Synnovis, and Octapharma – have fallen victim to sophisticated cyberattacks by Russian ransomware groups. These breaches led to widespread disruptions in healthcare services, from delays in blood…