Stop the Cyber Bleeding

What healthcare executives and board members must know about enterprise cyber risk management 

An educational book by Clearwater Founder, Bob Chaput

About the Book

Stop the Cyber Bleeding is based on what Bob Chaput has learned throughout his more than 35-year career, which includes serving as an executive in global healthcare organizations such as GE, Johnson & Johnson, and Healthways. Over time, he has discovered significant deficiencies in how healthcare organizations are approaching compliance and cyber risk management.

The single biggest deficiency Bob has observed is the failure of organizations to invest in cybersecurity based on their unique risks. He strongly believes that you must start with your unique vision, mission, strategy, values, and services, examine all your unique data, devices, and systems that support your unique business, and then identify all your unique cyber exposures across your entire enterprise. This failure to identify your unique risks usually leads to a one-size-fits-all, checklist-based approach to cybersecurity. The upshot is overspending to treat perceived risks and underspending on your real risks.  Identifying your unique risks is achieved by conducting a comprehensive, enterprise-wide OCR-Quality® Risk Analysis.

This book, therefore, is a business book about Enterprise Cyber Risk Management (ECRM), because ECRM is a business matter. Creating an ECRM program requires the leadership of the C-suite executives and the oversight of the board. ECRM is not an “IT problem”; furthermore, handled properly, it can become a business enabler.

To be successful at leveraging ECRM to be a business enabler, the C-suite and board must engage. Yet, many are uncertain how to do so. This book shares what Bob has learned and provides tangible, actionable guidance, and recommendations on how to establish, implement, and mature a formal ECRM program.

Get Your Copy

Available on audio, digital, or hard copy

What Readers are Saying

In his excellent, practical, and timely book, Bob Chaput addresses multiple aspects of Enterprise Cyber Risk Management (ECRM). He first describes the unique challenges of ECRM in today’s healthcare environment, given the current cyber risks and regulations. He then offers a well-rounded plan of action on how C-suite executive can provide leadership and oversight for their organization’s ECRM efforts. This plan of action is tailored on their specific cyber risks, based on the NIST framework, and includes how to establish an ECRM program and fund it. He finally provides several concrete examples of the benefits of establishing an ECRM program. This book is an extremely valuable guide and should be in the library of every healthcare institution C-suite executive, board member and IT leader.

Dr. Benoit Desjardins, MD, PhD, FAHA, FACR, CISSP

Associate Professor, Department of Radiology, Penn Medicine

Bob Chaput’s Stop the Cyber Bleeding is a needed call to action.  It is thoughtful explication of the risks inherent in our new digital world.  Unlike most such narratives, it also offers a practical approach to manage and mitigate those risks.

Mark Reynolds

President and CEO, Risk Management Foundation of the Harvard Medical Institutions Incorporated (CRICO)

I know from first-hand experience that the concepts, principles, and actions presented in Stop the Cyber Bleeding work to engage and inspire top leaders and board members alike to seriously take up the matter of cyber risk management as an enterprise issue.  It’s terrific to see Bob codify his practical risk management skills, knowledge, and experience into a book that’s easy to read and use.  His insightful treatment of the transformation required as a behavior change matter is incredibly relevant for healthcare organizations. Given the increasing cyber liabilities facing healthcare organizations and their C-suite executives and board members alike, Stop the Cyber Bleeding is a must-read today.

Gregory J. Ehardt, JD, LL.M.

Vice President, Compliance and Privacy, CHRISTUS Health

In this book, Bob Chaput provides an excellent summary of the major issues facing healthcare entities with regard to cyber risk management and related security compliance.  Bob includes helpful talking points to involve all members of a healthcare organization’s workforce in conversations about cybersecurity, including, importantly, the C-Suite and Board.

Iliana Peters, JD, LLM, CISSP

Shareholder, Polsinelli PC, Former Acting Deputy Director HHS Office for Civil Rights, Polsinelli PC

Check out the Stop the Cyber Bleeding YouTube Channel

Bob Chaput
MA, CISSP, HCISPP, CRISC, CIPP/US, C|EH, NACD CERT Cyber Risk Oversight Certificate
Founder and Executive Chairman, Clearwater

About the Author

Bob Chaput is the Founder and Executive Chairman of the Board of Clearwater, a top-ranked, award-winning provider of healthcare compliance and cyber risk management solutions.

As a leading authority on healthcare compliance and enterprise cyber risk management, Chaput has supported hundreds of hospitals and health systems, including Fortune 100 organizations and other federal government institutions, with compliance risk management and cyber risk management.

In addition to the NACD CERT Cyber Risk Oversight Certificate, Chaput’s professional certifications include the Certified Information Systems Security Professional (CISSP), Health Care Information Security and Privacy Practitioner (HCISPP), Certified in Risk Information Security Controls (CRISC), Certified Ethical Hacker (C|EH) and Certified Information Privacy Professional/US (CIPP/US).  He is or has been a member of numerous compliance and cyber risk management-focused professional associations including NACD, CHIME, AEHIS, HIMSS, HCCA, ISC2, HIMSS, ISACA, and ISSA.

Chaput also served on the HealthCare’s Most Wired™ Survey Governance Board and was a contributing co-author to an American Society of Healthcare Risk Management (ASHRM) academic textbook on the fundamentals of risk management released in October 2017.  Chaput most recently authored a chapter in the 2019 Walter Kluwers’ Health Care Law Update entitled “Compliance Risk Management and Cyber Risk Management”.

Under his leadership, Clearwater was designated 2018’s Best in KLAS for cybersecurity advisory services and ranked Top Compliance and Risk Management Solution by Black Book Market Research in 2017, 2018 and 2019. More information may be found on LinkedIn at: