A handwritten note on a doctor’s office door doesn’t sound like the start of a cybersecurity story until you realize the clinic can’t even tell you why they’re closed. I’m Dan Dotson, and I sit down with our second John Doe, who’s spent nearly two decades in healthcare cybersecurity, to unpack what it feels like when the crisis you usually defend against suddenly hits you as a patient.

John walks us through the surreal details: an eerily empty parking lot, dark hallways, no call despite an appointment confirmed the day before, and a weekend of waiting with unanswered questions. When he finally reaches the office, he hears the words no patient wants to hear: “We got hacked.” From there, we dig into the real-world impact of a clinic cyberattack, including delayed care, postponed referrals and tests, and the mental load of wondering whether your protected health information is exposed.

We also get specific about what healthcare leaders can do better: incident response plans that include patient communication, scripts and training for front-desk teams, escalation paths for tough calls, and a thoughtful approach that protects trust while facts are still emerging. If you care about healthcare cybersecurity, ransomware resilience, patient safety, or HIPAA-era communication, this story connects the technical and human sides in a way that sticks.

Subscribe to Cyber Survivor, share this with someone who works in healthcare, and leave a review so more people hear how cybersecurity protects patients. What would you expect your clinic to say if their systems went down?

The scariest words in a hospital shouldn’t be “systems are down,” but that’s exactly what John hears while he’s lying in a bed with crushing pain, fever, and doctors worried an infection could be moving toward sepsis. He came in expecting fast answers and coordinated care. Instead, he watches a modern emergency workflow buckle under a ransomware incident, and he feels the emotional whiplash that comes when patient safety suddenly depends on clipboards, phone calls, and memory.

We talk through what a healthcare cyberattack looks like from the patient’s side: staff scrambling to find orders they can’t see, “shortly” turning into long delays for antibiotics, lab results arriving slowly or needing retesting, and the constant uncertainty of not knowing what comes next. John describes how electronic health record downtime changes the tone of care, not because clinicians stop caring, but because systems that normally keep treatment organized and safe are no longer available. The result is a roller coaster of fear, especially when every minute feels like it matters.

Then we follow the story past the hospital stay. John ends up admitted longer than expected, leaves with shaken confidence in the health system, and receives no post-discharge outreach or apology. That silence becomes part of the lasting impact, raising a hard question for healthcare cybersecurity leaders, IT teams, and administrators: how do we rebuild trust after ransomware, and how do we communicate in a way that supports patients without creating more confusion?

If you care about ransomware defense, incident response, patient safety, and cyber resilience in healthcare, listen now, then subscribe, share the episode with someone in healthcare, and leave a review so more people hear what downtime really costs.

A hospital can survive a lot, but it cannot treat patients when core clinical systems go dark. We sit down with Dr. Mark Yoffe, a physician who also thinks like a cybersecurity leader, to unpack what healthcare cyber risk really looks like from the bedside. As electronic health records replaced paper charts, care got faster and more coordinated, but the blast radius of outages, ransomware, and credential theft grew right along with it. The result is a modern truth most communities now feel: cybersecurity is not just about data, it is about keeping care available.

We use the confidentiality, integrity, and availability triad as a practical lens for clinicians and IT teams. Why do physicians often prioritize availability in the ED and ICU? How do security controls like multifactor authentication support uptime, not just privacy? And what does real downtime readiness look like when a team is busy, short-staffed, and under pressure? Dr. Yoffe shares concrete steps that help: clearer downtime alerts, knowing exactly what systems are affected, paper forms staged throughout the hospital, and a plan for post-downtime reconciliation so the record stays accurate.

We also dig into what actually wins physician buy-in. Instead of leading with restrictions, start by solving access and workflow pain points and show how security enables reliable clinical operations. From safer device habits and avoiding insecure SMS texting to case-based training that mirrors how clinicians learn, we outline education that sticks. Finally, we explore AI in healthcare documentation: where it can cut charting time, where privacy and cloud processing raise red flags, and why keeping a human in the loop protects record integrity.

If you care about patient safety, healthcare cybersecurity, EHR downtime planning, and the future of AI in clinical workflow, hit subscribe, share this with a colleague, and leave a review with your biggest question about cyber readiness.