This Week Health

Don't forget to subscribe!

April 17: In this Interview in Action, Bill Russell talks with Mick Coady, CTO from Armis, to discuss the innovative solutions and strategies Armis employs to tackle the complex challenges of healthcare cybersecurity. How does Armis prioritize and address the myriad of threats facing healthcare institutions today? What makes their approach to asset discovery and vulnerability management stand out in a crowded field of cybersecurity solutions? Furthermore, we explore how Armis recent acquisition of CTCI is set to revolutionize the way healthcare organizations prompt and respond to cyber threats. This conversation not only sheds light on the technical prowess of Armis but also offers a glimpse into the future of healthcare cybersecurity, where predictive models and actionable threat intelligence could significantly alter the landscape of digital health security.

Categories: Cybersecurity/Privacy

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Welcome to This Week Health. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare, one connection at a time. Today , we have an interview in action from the 2024 conferences, the spring conferences, VIVE in LA, HIMSS in Orlando.

Special thanks to our sponsors, Quantum Health, Gordian, Dr. First, CDW, Gozeo Health, Artisite, and scaler. You can check them out on our website, thisweekhealth. com. Now, onto our interview

Here we are at HIMSS 2024 and we are on the floor talking with Mick Coady with Armis. Healthcare specialist is what it says on your badge. Let's talk about Armis a little bit. I mean, you've been in a lot of different roles. You've been in health systems. Yeah. You've been in a lot of different things.

What's the problem Armis is trying to solve?

When I came over here last May, I had previously known their technology from other OT requirements and works I'd done in prior lives, but one of the things that I think they're trying to solve for, slightly differently from even people who do med device only and asset tracking, asset hunting, is kind of establishing the how do you prioritize, what do you got to go do next?

Right? So one of the things that we do, I think that's, What we're trying to cover, we do cover very well now, is prioritizing what you can do when you find the problems, right? So when FDA recalls come up, when critical vulnerabilities are coming up, we find a way to basically address how you prioritize what goes first, right?

One of the things I think happens all the time is this amount of low fatigue, right? You have hundreds of thousands, if not millions of events running through the system every day, and people are just playing whack a mole. They have no idea how to do it. It's one thing that we do the asset discovery, we find the assets, we fingerprint them.

We get all of that data wiled up and ready to go, both on the med device side and for us, we do IT and OT, IOMT so we're slightly different in the way we approach that. Even if you've got an imaging system that's misconfigured over here, and it could be that it's sending out the wrong signals or it's behaving wrong, I can also tell you that the four printers over here are also misconfigured and they're also sending out the wrong signal.

So it's kind of a holistic picture.

Medicalcal devices are very interesting to me because not only do you have the OS, but you have the FDA, you have recalls, you have all those kinds of things.

And so it's not just a matter of seeing, oh, I have this old operating system on this medical device. Right, right. It's also tracking all those recalls, all those things that are coming across. Is that what you mean by identifying the next thing that we have?

Yeah, yeah, we have a Viper module, we call it Viper, but it's one thing to find it, but then what do you do with it, right? We give you explicit details on how to go fix it, and oh, by the way, here is the recall. Here's what they say about it. Here's the vulnerability that maps to it. And oh, by the way, yeah, it's behaving badly, right?

So let's get ahead of that one. That one probably takes more priority over the other 10, 000 low vulnerabilities that you have going on in the other section of that one. So yeah, when you look at the bigger holistic picture, they are unique, right? We also now have iPads talking to imaging systems.

Those iPads are technically an IT device, but they're sitting in the radiology department. But if that IT device that's mapped to that imaging system walks away, or leaves the radiology floor, we've got a behavioral problem, right? ,

I think what a lot of CISOs and CIOs want to hear is, are we starting to automate some of that mediating, and work that needs to be done?

Yeah, I would say our automation right now is linked mostly into how we integrate with ServiceNow, with Jira, whatever. Kicking off and automating the ticket workflow, which we handle the workflow now for asset remediation. Right now we're there. As regards hitting the punch the button and don't. You didn't have it done?

We're not quite, quite there yet. I know there's a lot of asks for that. But the platform right now where we are, we just acquired a company three weeks ago and it's going to provide a different level of actionable threat intelligence that basically allows us to be in the dark web, honeypot a hospital, and then show you where and why they're attacking the hospital and what sequence and what vectors.

So we're going to map that then back into and provide a, I'll call it a more predictive model of what you need to be doing for the next six months in lieu of whatever else before CVE comes out. So the company we got was CTCI, we just acquired them. These guys have been operating, working with CISO at a different level.

Out ahead at a lot of these CVEs, and how they get produced, how they get, , presented. We're trying to get a step ahead for the CIOs and CISOs to kind of block it before it ever happens.

How do you plot your health system and identify the attacks and how they're coming in?

It's interesting because we do need to get ahead. Yeah. Right now we're very reactive. That's the problem with, when I say play whack a mole, I think that's how we're playing it. Like it, and like it. In my experience of playing and being in the belly of the beast at any particular given part of what it looks like, and sitting there and seeing this over and over and over again, and then they just keep coming from different directions, right?

I mean, we both know systems went down, , several companies in December, , changed, , there's a lot of different public situations right now where healthcare is just kind of getting hammered. I mean, I almost used to think that universities were getting, were the worst. We're getting picked on, but now healthcare is really getting hammered right now. , we've got to find a way to be more predictive of what we're going to do next and be actionable, give someone a task that goes and gets something completed. Yeah, , from a threat actor standpoint, it has the two things they want. They either want notoriety or they want money. Right, exactly.

And it's proven to be a place that you can get money. Right. We're not just talking about it for the puzzles. Right. I mean, , the attack surface , is far greater than that. Talk about some of the other areas that the attacks are .

Yeah., I think, I always look at it from , a day in a life of how a patient parks the car at, , the arm goes up, you pick a ticket out.

All of those systems and everything else are tied now back into a hospital level. Right.

Im Sorry, so that arm at the parking Yeah, so that has an IP address. You're telling me that somebody's gonna go into that, get into my network and be able to do things in there?

It's an option. I mean, so are the IP cameras on the outside?

So are the front door. So the HVACs systems. So the billing management systems in general. For us, yeah, we kind of look at everything. Yes, you're right. We don't just look at med device. We look at billing BMS, or billing management systems, or HVAC systems, or any of those outside controls that run a hospital on a daily basis.

For me, there are threads and vectors everywhere. And if you look at the industry right now, they're looking for new holes to come in the front door.

What,

I want to play

the, this is the

CIO that annoys me. What I was going to say. I don't have to worry about that problem. I mean, my biggest thing is phishing.

I don't really need to worry about that.

Yeah, I don't know if they've read the recent reports, but phishing is now number 5 or 6 it. It's the unknown device problem. It's the unknown device that's showing up in a network problem. And or, misconfigured or a failing device, which could be a building management system, like a HVAC system.

You and I both know there's a lot of hospitals across the U. S. right now that have their own power plants running subsections of their hospital system. That's a bigger realistic picture that we can provide at least some avenues of visibility. And then, yeah, what are you going to do to fix these things along the way?

The, , Johnson Controls, all the HVAC. , it's funny that you've got GE doing healthcare, but you've got GE running a lot of other systems that live and breathe inside a hospital that have nothing to do with healthcare at all.

This is an interesting problem. And it starts at the basics, right?

When I came into Seattle, I said, give me the inventory, and they gave me the inventory. I remember vividly, it was plus or minus 15 percent. That's what they said to me. I'm like, plus or minus 15 percent? I know that's gotten better. But I was sort of taken aback Right. tell me what's on our network?

Right. That should be basic block context. I assume that's gotten better since 2012.

I would say yes. , I don't think I've gotten into, I mean, I was only 60 days into the job and I was like, Helping a hospital system, kind of in a breach response mode. We drop the technology in and that's where I would say, look, it became evident that one, there was printers procurement had acquired, dropped on the floor, this is the IT use case.

They were misconfigured, falling back into a wrong IP address and behaving badly. That was one version of how they got in. And then they had two imaging systems also, almost in parallel, creating a problem. So The problem they had with the printers was their contract was done by procurement. Nobody in IT knew about it.

It was done through a business function. It was sitting on the floor of a hospital and it was misbehaving really bad. And that system was up and down for almost four weeks. No patient scheduling and email functions were, hit or miss. And , that was very impactful to that, for that system.

What's the market penetration of your space? If I went to most health systems, would they have a tool currently in place? Doing medical devices,

that's what happens. If our competitors do a very good job, I would never disparage our competitors in any shape or way.

What they do is very single threaded on what they do for medical devices. Yeah, we kind of do it, look at it from a more holistic point of view. But I say that with , their penetration, our penetration, in that one space only, I'd say it's probably less than 30%. Oh, really? Yeah. I'm saying that I've never I've been talking to a whole bunch of people this morning, but I know at least two of the three meetings I had this morning, they have nothing.

And these are well known systems. I wouldn't say well known. Let's say they're not small. No, they're not small. Yeah. And I find that things people call small in healthcare is like a billion and a half, two billion dollar companies. Yeah. Okay, it's pretty big. But, , it's usually a multi hospital system and what have you.

I wonder if they're still doing what I was doing in 2012. Right. To identify all the systems that are running, right? I will tell you, and it's kind of running on our booth, and it's not a joke. Our biggest competitor, and when I joined, I was kind of laughing a little bit when I was doing it, was our biggest competitor is Excel Spreadsheet.

That's our biggest competitor right now. We do obviously feel our competitors are good, they do MedDevice and everything else. We also look at everything a little bit differently because we have the IT, billing management, blah blah blah, all that other aspects that creates a more holistic picture, but at the end of the day, If they're already in there, fine, stay there.

We'll help you. Let us help you over here on the IT and the building management side that is equally at risk, particularly at a hospital level. Look, what happened when there was a hack in December, and I mean, that system itself, four different parts of it went down in four different states. I know one of our senior engineers was with us in San Antonio during that piece, and his wife is a nurse, and that ER section, when it went down, they were turning patients away.

That are arriving in ambulances. You talk about patient safety, you talking about patient care or having issues with the continuity of care right there. , that's a big problem. So what's your message to an organization that doesn't have anything in place? I think the first thing first is that the fear is that it's too big.

It's, it's almost, you can't do it. One of the things is that we found a way to simplify it and create kind of a time to value from getting it done quickly. We did it recently for another system. We had everything completed probably in 22 days. Six integrations going into SolarWinds, CrowdStrike Microsoft, a couple of others, we're getting additional data points.

All of that was done in 22 days. That CISO went to the board the following Sunday and , we had everything done and dusted in probably 45 days. They have six sites up and running as of Three months, four months now. They have six up and running. They got nine more to go. It can be done, but again, just having the visibility, getting that fingerprinting of what's going on in the network.

There are going to be some very fun, , we're almost too much like the 128 blade Swiss Army knife. Once you have a use case completed, then you're going to find another one. Which is a good thing, if we can find a way to concentrically, consistently provide that level of visibility. Right, that's the biggest thing is let's start with just finding this stuff first.

We'll worry about the we'll worry about the risks and all these things right after that. But you don't know what you don't know, and that's, I think that's the biggest problem that the fear is tied to. Absolutely, Bill. Appreciate it, man.

  📍 📍 Thanks

for listening to this Interview in Action episode. If you found value in this, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that, that would be great, and we want to give a big thanks to our partners who make this possible.

📍 Quantum Health, Gordian, Dr. First, CDW, Gozio Health, Artisite, and Zscaler. You can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That's all for now.

Contributors

Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 277
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved