This Week Health
UnHack (the News): Reported Cyber Breach Death and the Interconnected World with Mick Coady

Subscribe to This Week Health

Share this episode

July 7, 2025: Mick Coady, CTO at Armis, joins Drex for the news. This episode examines a sobering milestone: the first confirmed patient death directly attributed to a ransomware attack on London's blood distribution system. The conversation explores how a single cyber incident creates cascading effects across entire healthcare networks, flooding neighboring hospitals with redirected patients and overwhelming emergency departments. With 28 healthcare security incidents reported in June alone—many involving third-party vendors—the discussion questions whether the industry fully understands how interconnected systems create compounding vulnerabilities. From agricultural equipment with satellite connectivity to medical devices running outdated firmware, every connected endpoint represents a potential entry point for attackers.

Key Points:

  • 01:43 Ransomware Attack Leads to Patient Death
  • 06:10 Rural Healthcare During Cyber Attacks
  • 09:11 Third-Party Risks in Cybersecurity
  • 10:29 Cybersecurity in Agriculture and Implications

News Articles: 

X: This Week Health

LinkedIn: This Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  📍 📍 📍 📍 📍 📍 📍 episode is sponsored by ARMIS. Are your medical devices truly secure? ARMIS allows you to see, protect, and manage every device and asset in your environment, from the most common to the most complex across your health system, medical, IoT, or operational. Reduce risk, ensure compliance, and safeguard patient care with a trusted partner in cybersecurity.

Don't leave your devices and your patients exposed. Visit thisweekhealth. com ARMIS today to learn more.

 Today on Unhack the News.

(Intro)  It's not from a lack of regulatory oversight or any of the other pieces and parts.

This is just the brutality of where we see some of these attacks are going at this stage. And what we're seeing and seeing a loss of life associated with it is just alarming for anybody.

  📍   📍

Hi, I'm Drex DeFord, a recovering healthcare CIO and long time cyber advisor and strategist for some of the world's most innovative cybersecurity companies. Now I'm president of this week Health's 229 Cyber and Risk Community, and this is Unhack the News, a mostly plain English, mostly non technical show covering the latest and most important security news stories.

. And now, this episode of Unhack the News. (Main)   📍 Hey everyone, I'm Drex and welcome to unh Hack the News.

We're gonna talk about a bunch of stuff today a couple of things today, and then we'll probably riff, which is what we do. Mick Coady's with me from Armis . For those of you who have heard us talk before, we have a tendency to go down rabbit holes and talk about other really important things, maybe other than the thing we started talking about.

Mick, welcome to the show. I'm glad you're here.

Thank you for having me, Drex. Appreciate it as always.

Let's start with this story. This is from the record, but I've seen it reported in other places too. A ransomware attack contributed to a patient's death according to Britain's NHS. This has to do with the cenovus attack that happened last year, the blood distribution system, which then took down tons of hospitals.

Across London and in the NENHS and the spokesperson here says that as a result of the attack, hospitals were unable to perform blood tests at normal speed. A number of contributing factors led to the patient's death during the incident. And then they say one patient died unexpectedly during the cyber attack.

And they took detailed kind of notes and investigations to try to figure out really what happened and what was going on. But they directly attribute a cyber attack to the patient's. Right. Death. We have a lot of these things that happen in the US too. From a cyber perspective you've probably heard some stories like this too.

I have I don't know if we have got one all the way to that end state yet. We've had close calls, right? As we know, maybe a couple of years ago one particular system got targeted specifically on the EMR where there were redirects, actual ambulatory redirects away from certain hospitals that could not take inbound patient, right?

So. It's highly unfortunate. I mean, I don't know, we're still waiting kind of the expectations, the details of what happened with that. But yeah when you've a loss of life you probably know as much as I do, coming from where we both have come from, that, nation state functions or what they've done in the utility grids, what they've done in specific other platforms.

You look at the energy sector and oil and gas, they have been, specific incidents where flow valves, other things have been overloaded, not overloaded, and loss of life. Can or could occur in those particular verticals? No different than we have in healthcare. But I mean, when you're not performing you can't get specific types of, and maybe it's disease orientated that we're just delayed and you can't get those results back in time where you can provide

triage to that function, it's a horrible thing to even talk about.

It is. we were talking earlier about a particular attack. I know there was one in Southern California where the health system was basically taken offline for an extended period of time.

The challenge around that then really turned out to be based on a study that was released later. Not just that health system not being able to see patients, but because patients overflowed into other health systems, it impacted all the patients who were being seen in that health system. Like that big attack, that big challenge was was something the whole community felt just that one organization.

Right? And that's why we brushed up against it, what was it, in 23 of Thanksgiving, just the day before Thanksgiving, when that occurred. A good friend. In a specific state that basically his wife was a nurse and basically the redirects were coming to that particular situation. The problem was there were nine or 10 redirects that system.

May or may not have been ready at their emergency, if their emergency room, I mean, they

just don't have capacity. Right. They wind up now that emergency department is overwhelmed and delayed.

Right.

Right. They have to delay surgeries because they're taking patients from the health system

and you would think blood testing.

Because of the length of time it takes to do specific things. Right. You would've had it. But the question, in what condition was the patient in the first place, right? What were the proceeding elements of comorbidities that got him to that point? That the test needed to come back within an hour? Yeah.

Not eight to 10, to 12 to 14 hours, which, led to him our her passing. So it's very interesting kind of a situation. I hate to say when it happens, I don't know the NHS has done a very good job in general and everything else. It's not from a lack of regulatory oversight or any of the other pieces and parts.

This is just the brutality of where we see some of these attacks are going at this stage. And what we're seeing and seeing a loss of life associated with it is just alarming for anybody. Right? And it's not for any particular reason, but we have got to start talking about this stuff, particularly at all levels.

And I mean, globally. If that was that serious, where are our weaknesses? I mean, who would've ever thought, just running blood tests would've led to loss of life? I think what happened in the United States in 23 would've been much more closely aligned because you people inside in, in ambulances and being redirected somewhere else.

30 minutes extra before they get to triage in an EMR could absolutely lead to a loss of life.

Yeah. That's what happens in a lot of the rural health cases where there's a cyber prevent or rural hospital, and that's the only emergency room around for a hundred miles now. I mean, literally.

Having grown up on a farm, I can tell you that. The difference between my local emergency department and the one that was, 75 miles away Yep. When somebody was, hurt or injured on a piece of farm equipment, probably meant the difference between life and death. I wonder how well we actually.

Like, keep track of this and report it. Because the system isn't really built necessarily to report the death being attributable to a cyber event. Right. There's some other thing that it's attributable to, right.

In conjunction with Right.

In conjunction with, yeah.

Right. But you remember we used to talk about population health, right?

And the pop health kind of environments. As you look at how you would stage where you would do this, like the, you also now see the doc in the box type clinical type of things that have arrived. We've also now seen those evolve where they're built for 24/7 operation.

So instead of a traditional nine to five main hospital, right. You can, and I live out in the, I won't call it rural, but I'm definitely on the edges of outside of Houston where I live. And there's definitely more options there. But I would say if it's deemed they will redirect you or send you to something more substantial.

Yeah. But I would tell you growing up also in a very quote unquote rural environment in sections of Ireland, are my cousins also living in rural environments and all farmers themselves. In the old days, a GP happened to live across the street. That was great, right?

But it wasn't too long. I had my appendix out, the gp basically I was put in an ambulance and I was sent straight into the city. Right. That was not a short drive in those days. Yeah.

More and more of these very robust clinics that are opened up, but even they

reach their limits. At some point. Sure. Those patients have to go to an inpatient, hospital inpatient.

Well, they've improved though. They've got imaging available, which they've never had before. They've got a rudimentary set of infusion pumps that can deliver some basic levels of hydration or whatever else they need to do.

But most times that's just, you're getting pitched before you're getting into an ambulance somewhere else, so, yeah.

I was looking at the HHS Wall of Shame. We're just talking about the HHS breach portal. That's what I actually should call it.

'cause I think that's actually what it's called.

, I wouldn't call it a shame, I think it's just a shame that. We can't do enough that people don't end up there. I don't think it's for a lack of trying, that's for sure.

I don't think so either. I mean, you and I both know the cyber pros everyone that I've ever worked with are some of the hardest working people in the world.

And it's not because they're not trying, they're doing everything possible. They're just kind of, in a lot of cases they're just outmanned and outgunned and they just can't keep up. But I was looking at the breach portal because it's always interesting to just, I go out there and sort of tiptoe through the tulips every once in a while and see what's going on.

There were 28 reported breaches, now reported breaches. That doesn't mean these happened in June, it just means they were reported in June. 28 reported breaches in June, and here we are on the 30th. So practically one a day was reported to the breach portal. And as I start to flip through and open these up business associate present is a pretty significant number.

It looks like maybe more than half as I go through them.

So we're going down the third party problem, right?

Sure.

Yeah. And it's kind of interesting. Looking at it from those perspectives of what we do to manage externally our partners, whether they're conducting of how they come in, to do basic maintenance.

We talk about the vendors who support the infusion pumps whether you rent, lease, buy, however, or any medical device for that matter, right? I mean, there's a huge market for that, but they also need to have access. But we've seen, issues occur when they're just simply doing maintenance, right?

And you're allowing yourself, but the third party risk thing, even back in the day when I was still serving in a big four situation you're trying to amalgamate a workflow that makes sense. Some people started outsourcing that because it was such an overwhelming thing. So what is that business associate, gonna do now?

Post breach you get into the finger pointing game, right. And I would like to think that all parties would come together and find a meaningful way to resolve this. But if there's SLAs associated with it, it could get very ugly. Right.

Yeah. Very ugly, very quick. Well, anyway, thanks for going down that

no, that's fine.

was just looking at this the:

And you just, I mean, we're at that point, everything's a computer. You guys must do a lot of the same kind of stuff in your labs, looking at stuff that you, people would roll their eyes and say, oh my gosh, I can't believe that's a computer.

Yeah, but you gotta think about like, so I'm going back to the early two thousands, I think it was BMW Mercedes, there was a myriad of the German auto manufacturers, including the American ones, who are starting to think about putting, versions of what they would do at IBM ca.

Different things of how they were taking. Inflow of identity sources via satellite to make update firmware back in those days. Now we're way past that, right? The cars are so much more advanced. Think about tractors, automation on what you're trying to do. The two of us now talking about agriculture, which is hilarious.

But anyway, at the end of the day I used to pick punits and pick tomatoes and strawberries in a small rural town north of Dolan, and I know exactly what they were doing to kind of, but then you look at the sprayers, you look at everything else. Those are all run on electronic. I remember. When I lived in Omaha for five years, there was a particular farmer who had almost 60,000 acres and he could do everything via his phone.

He was monitoring based upon what he was doing for the watering and everything else, and it was all done via SAT and everything else that ties into it. It's astonishing, right? So you can imagine if you can compromise a tractor or a combine harvester, what we, what are we doing inside the hospital systems when it comes to imaging fusion?

All of the stuff that we have to deal. Even building

systems too, right? I mean, cameras and everything else.

Man. Do I beat the hammer on that one quite a bit. And again, it goes back to the, some of the conversations we've had in the past, which is around operational risk.

How do we determine, I when we talk to our business partners chief Medical Information Officer Surgery Centers, going up and down is not an acceptable thing. One, loss of revenue, but then also talked about patient safety, right? If those things are recurring, there's an air conditioning system required that runs all of those functions while you are sitting on the table.

Right. If any of that gets impacted, what happens? We both know from a bacterial perspective what can happen very quickly, nevermind in rural situations let's keep the agricultural rural thing. It's not uncommon in rural hospital situations or rural hospitals feeding into a bigger city that you have tuberculosis involvement, right?

So the ventilation has specific HEPA requirements. You've got a whole litany of things. If that stuff fails. And you have a patient who's a TB patient in those rooms, what do you do with them? Right. Where are you gonna go with that person? That's massive, chronic, and very high level degree of impact to a patient and relative to death.

So, I find it interesting, I think you and I both would from understanding at a rudimentary layer that people think about agriculture as something that could be impacted. Well, yeah. We just talked about patient safety at a different level. What would happen? When you start breaking down the aspects of part of our food chain supply chain breaking down basis.

Yeah,

absolutely. The equipment in the kitchen, the, just right on down the line. It is amazing how many things to now have satellite star link or something, embedded in them. And you may not. Even realize it when you buy it and install it and you, you may have to go back and do some correction, especially if it's a third party.

That's right. That's maintaining it or running it, so.

Right. But I mean, too, like some of the recalls that are happening when it comes to fda, a cited devices, I mean, no different. You'd have to go out to a farm yard for a section of whatever they're looking at. You'd have to go visit the device manually.

You'll have to go do those updates. Fine. I mean, we take the car in. Right. Some of these updates are happening. I mean, the first thing they do now we've got the plugin plug in. It tells you everywhere, the car, we don't look inside the engine anymore. We're plugging something in that'll tell us what's happening in the computer will feed back and say, Nope, you got an issue with this views, you got an issue with this, you got an issue with this.

Oh, by the way, your radio entertainment system needs a full firmware upgrade the next time you come in. Right. It's completely dynamically changed on how we used to stick our hands inside the engine and go after what we'd ever want to fix. Whether it was, plugs or whatever we were doing.

O-rings. It's very different but at the end of the day, that's fine. I like the advancement. I think our quality of life has improved because of it. But then we also invite apertures of risk, right?

Yeah, for sure. Hey, thanks for doing this. I always appreciate, it's always a good time to have the chat and wander around as we do.

Yes, we do. Yeah. I always learn something every time from you.

I appreciate that. Yeah, likewise. And I, if we can have the agricultural conversation we have next time we're at a dinner somewhere, we have to up the game on what we were talking about. 'cause I've been around different versions of farming, which we can talk about some other time.

But thanks for taking and having me on. Really appreciate it. Cheers.

Of course, Mick Coady from Armas. Thanks for being here and I'll see you on the road sometime soon.

Absolutely, you will. Cheers. Thanks so much.    📍 📍

Thanks for tuning in to Unhack the News. And while this show keeps you updated on the biggest stories, we also try to provide some context and even opinions on the latest developments. And now there's another way for you to stay ahead. Subscribe to our Daily Insights email. What you'll get is expertly curated health IT news straight to your inbox, ensuring you never miss a beat.

Sign up at thisweekhealth. com slash news. I'm your host, Rex DeFord. Thanks for spending some time with me today. And that's it for Unhack the News.

As always, stay a little paranoid, and I'll see you around campus.

Contributors

Thank You to Our Show Partners

Our Shows

Related Content

1 2 3 320
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved