Featured on the AHLA Speaking of Health Law Podcast
Host: Dave Bailey, VP of Security Services, Clearwater
Guests: Kirk Nahra, Partner at WilmerHale, Co-Chair of the Cybersecurity and Privacy Practice, Paul Schmeltzer, Member at Clark Hill, Counsel to healthcare clients on cybersecurity incidents
Ransomware in Healthcare: The Threat is Operational, Not Just Digital
Healthcare organizations are under siege from increasingly sophisticated ransomware attacks. This isn’t just about protecting data, it’s about protecting lives.
In this episode, three experts break down the real-world operational fallout of ransomware, the regulatory pressure from OCR and state agencies, and what organizations must do to prepare before the crisis hits.
Key Topics Covered
Operational Impact Beyond Data
-
What happens when infusion pumps, smart beds, or EHRs are taken offline?
-
How one ransomware group crippled a provider’s phone system to force ransom negotiations.
Why Risk Analysis Can’t Wait
-
The biggest gap OCR flags? Missing or inadequate risk analysis.
-
Why smaller and mid-size organizations are especially vulnerable without annual, asset-based assessments.
AI & Attack Sophistication
-
Ransomware gangs are now using artificial intelligence to craft better phishing emails and map out weak points in healthcare networks.
-
Threat actors are learning fast—and so must we.
“You have to understand your adversary. Ransomware is real. And attackers are using AI to exploit the weakest links—often in the least-resourced organizations.”
— Dave Bailey, Clearwater
Regulatory Scrutiny is Rising
-
OCR, FTC, and State AGs are investigating ransomware incidents earlier in the response process.
-
Learn why early regulatory involvement can sometimes disrupt recovery, and how to manage that risk.
Is Your Incident Response Plan Just a Binder on a Shelf?
-
Why tested, living plans matter more than polished templates.
-
How tabletop exercises uncover blind spots and strengthen organizational readiness.
Related Event: Responsible AI in Healthcare
As threat actors use AI to their advantage, healthcare leaders must take the lead in governing AI responsibly.
Don’t miss Clearwater’s upcoming virtual event:
Responsible AI in Healthcare: Building Trustworthy Systems for the Future
🗓️ June 23–25, 2025 | 🕚 11:00–1:45 CT each day
Join healthcare, legal, and AI experts for a three-day forum on securing AI in clinical, operational, and compliance contexts.
Who Should Listen
This episode is a must-listen for:
-
Healthcare CISOs, CIOs, and security leaders
-
General counsel and legal teams supporting HIPAA compliance
-
Risk and compliance officers at health systems, critical access hospitals, and digital health startups
-
Anyone preparing for or recovering from a ransomware incident
Want to Strengthen Your Ransomware Readiness?
Clearwater helps healthcare organizations implement:
-
Comprehensive, OCR-aligned risk analysis and risk response
-
Purpose-built incident response plans and tabletop exercises
-
24/7 managed detection and response with IRM|Pro® analytics
Contact us to learn more.
