HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare
July 15, 2025
Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.
In this episode, our host, Caleb Tolin, is joined by Errol Weiss, Chief Security Officer at Health-ISAC and former cybersecurity leader at Citi and Bank of America. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience.
Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.
In this episode, our host, Caleb Tolin, is joined by Errol Weiss, Chief Security Officer at Health-ISAC and former cybersecurity leader at Citi and Bank of America. Errol shares his journey from the NSA to building one of the most collaborative threat intelligence networks in healthcare, discussing cyber recovery, the minimum viable hospital model, and why culture and community matter in achieving true resilience.
Errol Weiss has been a driving force in advancing cybersecurity resilience across critical sectors, beginning with his early work at the National Security Agency and later leading security programs at Citi and Bank of America. As Chief Security Officer at Health-ISAC, he built a threat operations center from the ground up, delivering original threat intelligence to healthcare organizations that often lack the resources to do it alone. With deep experience across consulting, finance, and healthcare, Errol has become a leading voice in shifting the conversation from protection to recovery, promoting a resilience-first mindset, collaborative intelligence sharing, and a human-centric security culture.
Join Caleb and Errol as they explore what makes healthcare cybersecurity unique, how to embed security into clinical culture, and why building a “human firewall” is just as critical as any technical control in today’s evolving threat landscape.
Episode Highlights
- 00:00 - Intro
- 01:33 - Moving from consulting and finance to healthcare cybersecurity
- 02:12 - What ISACs are and how Health-ISAC supports threat sharing
- 04:39 - Building a threat operations center from scratch
- 06:38 - Collaboration differences between finance and healthcare ISACs
- 07:24 - Shifting from disaster recovery to cyber recovery and resilience
- 09:12 - Why HIPAA 2.0 is unlikely to advance and what’s happening instead
- 11:58 - How policy mandates collide with healthcare’s talent and budget challenges
- 13:01 - Biking, mental clarity, and leadership outside of work
- 14:26 - Embedding security into healthcare culture and creating a human firewall
- 16:43 - The rise of the minimum viable hospital concept
- 18:20 - Why Errol remains optimistic about AI and the future of cybersecurity
Episode Resources
- Health-ISAC Official Site
- National Council of ISACs website
- Rubrik Zero Labs website
- Caleb Tolin on LinkedIn
- Errol Weiss on LinkedIn
Data Security Decoded is handcrafted by our friends over at: fame.so