HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

Welcome to the ⁠Data Security Decoded⁠ podcast, brought to you by ⁠Rubrik Zero Labs⁠. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience. In this episode, our host, ⁠Caleb Tolin⁠, is joined by ⁠Errol Weiss⁠, Chief Security Officer at ⁠Health-ISAC⁠ and former cybersecurity leader at ⁠Citi⁠ and ⁠Bank of America⁠. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience. Errol Weiss has been a driving force in advancing cybersecurity resilience across critical sectors, beginning with his early work at the National Security Agency and later leading security programs at Citi and Bank of America. As Chief Security Officer at Health-ISAC, he built a threat operations center from the ground up, delivering original threat intelligence to healthcare organizations that often lack the resources to do it alone. With deep experience across consulting, finance, and healthcare, Errol has become a leading voice in shifting the conversation from protection to recovery, promoting a resilience-first mindset, collaborative intelligence sharing, and a human-centric security culture. Join Caleb and Errol as they explore what makes healthcare cybersecurity unique, how to embed security into clinical culture, and why building a “human firewall” is just as critical as any technical control in today’s evolving threat landscape. Episode Highlights: 00:00 - Intro 01:33 - Moving from consulting and finance to healthcare cybersecurity 02:12 - What ISACs are and how Health-ISAC supports threat sharing 04:39 - Building a threat operations center from scratch 06:38 - Collaboration differences between finance and healthcare ISACs 07:24 - Shifting from disaster recovery to cyber recovery and resilience 09:12 - Why HIPAA 2.0 is unlikely to advance and what’s happening instead 11:58 - How policy mandates collide with healthcare’s talent and budget challenges 13:01 - Biking, mental clarity, and leadership outside of work 14:26 - Embedding security into healthcare culture and creating a human firewall 16:43 - The rise of the minimum viable hospital concept 18:20 - Why Errol remains optimistic about AI and the future of cybersecurity Episode Resources: Health-ISAC Official Site National Council of ISACs website Rubrik Zero Labs website Caleb Tolin on LinkedIn Errol Weiss on LinkedIn