Originally published in the 
Benoit Desjardins on Healing Healthcare’s Cyber Wounds
When Dr. Benoit Desjardins attended DEF CON with his teenage son in 2017, he didn’t expect a line of 500 people outside a small session on healthcare cybersecurity. The radiologist, professor, and AI researcher was stunned. “That’s when I realized,” he says, “the intersection of medicine and cybersecurity was about to explode, and very few people in healthcare had the skills to deal with it.”
Today, Desjardins, cardiovascular radiologist at the University of Montreal, former professor at the University of Pennsylvania, and Chief Medical Information Officer in his department, is among the rare experts fluent in three languages that seldom coexist: medicine, artificial intelligence, and cybersecurity. His career reads like the plot of a techno-thriller, early hacker turned doctor turned security evangelist, but his message is grounded and urgent: healthcare is now one of the most attractive targets in cyberspace, and the systems that sustain human life are dangerously exposed.
The Hacker Who Became a Healer
Before he ever held a stethoscope, Desjardins held a modem. “I was an ethical hacker 15 years before they coined the term,” he laughs. Long before cybersecurity was a profession, he spent nights exploring computer systems, fascinated by how things broke, and how they could be fixed. That curiosity never left.
Two decades later, after establishing himself as a world-class cardiovascular imaging specialist, he returned to the hacker’s world. The WannaCry and NotPetya ransomware outbreaks had paralyzed hospitals across Europe and the United States, encrypting patient files, halting surgeries, and endangering lives. “I saw the same vulnerability in medicine that I used to see in unpatched servers,” he recalls. “Hospitals had become digital organisms. We were protecting hearts and brains but leaving the nervous system, the data unsecured.”
Re-immersing himself in code, he refreshed his technical chops with certifications, conferences, and hands-on exercises. At Penn University, he trained the cybersecurity team with live hacking drills, even demonstrating how malicious code could hide inside medical image files. “I inserted PHP into a DICOM header,” he explains. “It executed remote code, proof that our imaging systems could be weaponized.”
Two Nations, Two Philosophies
Desjardins’ dual perspective, Canadian physician, U.S. researcher, gives him a rare vantage point on how different systems respond to cyberattacks. “The U.S. model,” he says bluntly, “is broken.”
In the United States, hospitals hit by ransomware are often treated as negligent culprits. Regulators fine them for HIPAA violations, lawyers file class-action suits, and insurance rarely covers the fallout. “A hospital can pay ten million dollars in ransom or a hundred million in penalties,” he says. “Guess which they choose? That’s how we end up funding cybercrime.”
Canada, in contrast, favors collaboration over condemnation. Provincial and federal agencies share tools, expertise, and rapid-response teams with healthcare networks. “In Quebec, if a hospital is hit, the government steps in,” he explains. “The goal is to restore care, not ruin the institution.”
That difference isn’t philosophical, it’s existential. In the U.S., two major hospital cyberattacks occur every day, leaking roughly 750,000 medical records daily, more than 600 million to date. Entire practices have collapsed under the costs. “You can’t ask a hospital to be more secure than the Pentagon,” Desjardins argues. “It’s irrational. Security has to be a shared public service, not an individual burden.”
He worries that Canada could drift toward the U.S. punitive model. A recent $480 million lawsuit against Ontario hospitals, he warns, “is a dangerous precedent. If we turn victims into villains, we’ll bankrupt the system.”
Securing the Digital Body
Desjardins’ research zeroes in on one of medicine’s most overlooked weak points: imaging. Every X-ray, CT scan, and MRI travels in DICOM format, a standard that predates modern security protocols. His “Blue Ribbon” team, composed of DICOM architects and hackers, mapped every vulnerability in the format and published the definitive analysis in radiology literature.
Their findings rippled across the industry, leading to webinars, interviews, and his appointment as cybersecurity lead for the Radiological Society of North America (RSNA), the world’s largest imaging conference. “We bring in top people from government and industry,” he says. “Our goal is to make cybersecurity part of radiology’s DNA, not an afterthought.”
At Santé Québec, he now helps implement a province-wide Picture Archiving and Communication System, essentially the brain of medical imaging, built with security from the ground up. “It’s not glamorous work,” he admits, “but it’s the digital circulatory system of healthcare. If it fails, the patient can’t be diagnosed.”
The Missing Career Path
Despite the urgency, there is still no formal pathway for clinicians who want to specialize in cybersecurity. “In radiology, we have fellowships in AI. In cybersecurity, nothing,” Desjardins notes. “Most of us came here by accident, doctors who code, hackers who care about patients.”
He advocates for new interdisciplinary programs linking medical schools with computer-science departments and security institutes. “We need cyber physicians,” he insists. “People who understand both the anatomy of the human body and the anatomy of a network.”
The Grand Challenge
For all his credentials, Desjardins is wary of stagnation. To avoid burnout, he sets himself a “Grand Challenge” every five years, a dive into an entirely new field. Past missions include earning a black belt in Aikido, leading Boy Scouts, mastering marksmanship, and training as a pilot (an endeavor he ended after his instructor’s fatal crash). His current challenge? Competitive drone racing.
“Every challenge resets my brain,” he says. “It reminds me how it feels to be a beginner, to fail fast, to learn again.” That humility, he believes, is vital in cybersecurity, where the landscape mutates faster than any human can keep up. He stays sharp by competing in hacking contests like the NSA Codebreaker Challenge, where he ranked in the top 2 percent of 5,000 participants. “You can’t just read about threats,” he says. “You have to touch them.”
The Human Firewall
For all his talk of exploits and systems, Desjardins returns again and again to the human side of cybersecurity. “In medicine, we talk about patient safety,” he says. “Cybersecurity is patient safety. When a hospital shuts down, it’s not about data, it’s about delayed diagnoses, canceled surgeries, lost lives.”
He tells the story of a radiology practice in North Carolina that closed forever after a ransomware attack. “Fifty years of work gone overnight,” he says quietly. “That’s not just an IT problem; that’s a human tragedy.”
Still, he remains hopeful. He believes Canada’s collaborative model, if preserved and strengthened, could become a template for the world. “We have an opportunity to lead with compassion and logic,” he says. “We can protect both data and dignity.” As he leaves his office for another day split between hospital wards and digital defenses, Dr. Benoit Desjardins embodies the future he envisions: a generation of physicians who heal not only bodies but also the systems that keep them alive.
You can connect with Benoit here.