New Book Stop the Cyber Bleeding Provides Healthcare Board Members and Executives With Practical Guidance for Overseeing an Enterprise Cyber Risk Management Program

As Cyberattacks Accelerate and Threaten Patient Safety, Industry Veteran Bob Chaput Shares Playbook to Help Healthcare Providers Combat Growing Problem

NASHVILLE, TN (November 12, 2020) – Clearwater is proud to announce the publication of a new book by company Founder and Executive Chairman Bob Chaput focused on helping healthcare organizations combat the growing cybersecurity problem that continues to plague the industry. Available today via Amazon to consumers and IngramSpark to retailers for readers around the world, Stop the Cyber Bleeding delivers practical guidance drawn from Chaput’s nearly 40-year career in healthcare information technology and security designed to more deeply engage and empower senior leaders and board members at hospitals and health systems in the effort to make cyber risk management an enterprise-level priority.

“’Cybersecurity’ is the kryptonite of too many healthcare company board meetings,” says Ralph W. Davis, serial healthcare board member/adviser and Operating Partner, The Vistria Group.

“Otherwise intelligent and accomplished people can be intellectually paralyzed by the mere

mention of the term. Yet, failure to appreciate cybersecurity risk and ensure appropriate resource allocation too often leads to an even more painful experience: the post-breach emergency meeting. In Stop the Cyber Bleeding, Bob Chaput clearly and concisely arms executives and board members with what they need to know and the questions they need to ask to exercise effective oversight in this critical area.”

The book begins by delving into the healthcare cyber risk problem and the unique challenges facing healthcare organizations when it comes to managing that risk enterprisewide. From there, Chaput turns his attention to actions and outcomes, with guidance on essential terms that C-suite executives and board members must learn, six steps to establish or improve an Enterprise Cyber Risk Management (ECRM) program, and how to experience the ideal ECRM board meeting. Each chapter concludes with a series of discussion questions focused on advancing and elevating the conversation about how to reduce cyber risk.

As Gartner Distinguished VP Analyst Paul Proctor wrote in the July 2020 research brief “Cybersecurity Must Be Treated as a Business Decision[1]”: “Organizations are focused on the wrong questions about cybersecurity.”

“Talking about ECRM may seem technical and complex. And yes, it can be both,” Chaput writes in Stop the Cyber Bleeding. “But it is important to remember that the role of executive leadership and the board is to provide informed direction and oversight for the organization’s ECRM approach, activities, and strategy. It is not the board’s role to micromanage cybersecurity efforts in the field, but to provide leadership, guidance, and oversight that optimizes the organization’s cybersecurity efforts.”

An educator at heart, Chaput has served on HealthCare’s Most Wired™ Survey Governance Board, and he was a contributing co-author to an American Society of Healthcare Risk Management academic textbook on the fundamentals of risk management released in October 2017. More recently, Chaput authored a chapter in the 2019 Wolter Kluwers’ Health Care Law Update entitled “Compliance Risk Management and Cyber Risk Management,” and in collaboration with Michael Whitman, Ph.D., CISM, CISSP, of Kennesaw State University, he co-authored the paper “Experiential Activities for Risk Management Education” which was published in the Fall 2020 issue of Journal of The Colloquium for Information System Security Education.

Stop the Cyber Bleeding’s insights are based on what Chaput has learned throughout his distinguished career, which includes serving as a Chief Information Officer and Chief Information Security Officer in global healthcare organizations such as GE, Johnson & Johnson, and Healthways. He also has advised and supported hundreds of hospitals and health systems on cyber risk concerns.

“I know from first-hand experience that the concepts, principles, and actions presented in Stop the Cyber Bleeding work to engage and inspire top leaders and board members alike to seriously take up the matter of cyber risk management as an enterprise issue,” says Gregory J. Ehardt, JD, LL.M, Vice President, Compliance and Privacy, CHRISTUS Health. “It’s terrific to see Bob codify his practical risk management skills, knowledge, and experience into a book that’s easy to read and use. His insightful treatment of the transformation required as a behavior change matter is incredibly relevant for healthcare organizations. Given the increasing cyber liabilities facing healthcare organizations and their C-suite executives and board members alike, Stop the Cyber Bleeding is a must-read today.”

To learn more about the book and purchase a copy, visit

About Clearwater

Clearwater is the leading provider of Enterprise Cyber Risk Management and HIPAA compliance software and consulting services for the healthcare industry. Our solutions enable organizations to gain enterprise-wide visibility into cybersecurity risks and more effectively prioritize and manage them, ensuring compliance with industry regulations. Clearwater’s suite of IRM|Pro® software products and consulting services help healthcare organizations to avoid preventable breaches, protect patients and their data, and meet OCR’s expectations, while optimizing cybersecurity investments. More than 400 healthcare organizations, including 70 of the nation’s largest health systems and a large universe of business associates that serve the industry, trust Clearwater to meet their information security needs. For more information about Clearwater, please visit


Gartner, Cybersecurity Must Be Treated as a Business Decision, July 2020


Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us