HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.

In this episode, our host, Caleb Tolin, is joined by Errol Weiss, Chief Security Officer at Health-ISAC and former cybersecurity leader at Citi and Bank of America. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience.

Errol Weiss has been a driving force in advancing cybersecurity resilience across critical sectors, beginning with his early work at the National Security Agency and later leading security programs at Citi and Bank of America. As Chief Security Officer at Health-ISAC, he built a threat operations center from the ground up, delivering original threat intelligence to healthcare organizations that often lack the resources to do it alone. With deep experience across consulting, finance, and healthcare, Errol has become a leading voice in shifting the conversation from protection to recovery, promoting a resilience-first mindset, collaborative intelligence sharing, and a human-centric security culture.

Join Caleb and Errol as they explore what makes healthcare cybersecurity unique, how to embed security into clinical culture, and why building a “human firewall” is just as critical as any technical control in today’s evolving threat landscape.

👉 Subscribe here: https://rbrk.co/4cVWzno

Chapters:

0:00 Intro

1:33 Moving from consulting and finance to healthcare cybersecurity

2:12 What ISACs are and how Health-ISAC supports threat sharing

4:39 Building a threat operations center from scratch

6:38 Collaboration differences between finance and healthcare ISACs

7:24 Shifting from disaster recovery to cyber recovery and resilience

9:12 Why HIPAA 2.0 is unlikely to advance and what’s happening instead

11:58 How policy mandates collide with healthcare’s talent and budget challenges

13:01 Biking, mental clarity, and leadership outside of work

14:26 Embedding security into healthcare culture and creating a human firewall

16:43 The rise of the minimum viable hospital concept

18:20 Why Errol remains optimistic about AI and the future of cybersecurity

Episode Resources:
Health-ISAC Official Site: https://health-isac.org
National Council of ISACs website: https://www.nationalisacs.org
Rubrik Zero Labs website: https://zerolabs.rubrik.com
Caleb Tolin on LinkedIn: https://www.linkedin.com/in/calebtolin
Errol Weiss on LinkedIn: https://www.linkedin.com/in/errolweiss