August 5, 2024: Wes Wright, Chief Healthcare Officer at Ordr, and Mac McMillan, Founder, CEO, Board Member, and Advisor, join Drex for the news. The discussion highlights the persistent disparity in healthcare access between rural and urban areas, questioning whether technology alone can bridge this gap. The conversation also explores the ARPA-H initiative, pondering if new technology development is necessary when existing tools might suffice. The trio reflects on the creation of a dedicated Cyber Force, drawing parallels with military coordination to enhance cybersecurity. Should the government play a more significant role in supporting private sector defenses? They further discuss the indictment of a North Korean cybercriminal, debating the implications of such actions and the broader geopolitical context.
Key Points:
News articles:
Alexβs Lemonade Stand: Foundation for Childhood Cancer Donate
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Thanks to our show sponsor, Ordr, the Connected Asset Visibility and Security Company. If you want to see every asset and protect against threats, Ordr is a great way to find and eliminate blind spots. They also integrate with more than 180 other security, network, infrastructure, and clinical solutions.
Find out more at Ordr. net slash healthcare. That's O R D R Ordr. net slash healthcare βToday on Unhack the News. (Intro) β
if you can identify if the individual or the organization that's doing the work is part of their government or part of their military take them off the air. why Are we just standing here taking the punch?
β π β π
Hi, I'm Drex DeFord, a recovering healthcare CIO and long time cyber advisor and strategist for some of the world's most innovative cybersecurity companies. Now I'm president of this week Health's 229 Cyber and Risk Community, and this is Unhack the News, a mostly plain English, mostly non technical show covering the latest and most important security news stories. And now, this episode of Unhack the News.
(Main) β Everyone, welcome Unhack the News. I'm Drex, and I have Mac McMillan with me. Say hi, Mac.
Hi there, guys. And Wes Wright from Ordr. And this actually was Wes's idea. We started having a conversation about a bunch of different things, and Mac wound up in the text string, and we said we should invite Mac to do Unhack the News with us. That'll teach me, right? That's right, man. The older statesman of the cybersecurity healthcare, we thought would be a great addition to the show.
One of the things we were going to talk about today was just, a lot of the conversation and activity around rural health. And there's been initiatives to give things away for free to rural health. There's been the ARPA-H initiative, Wes, which I'd like you to talk about.
All of those are stories that we've published on thisweekhealth. com slash news. But Mac, why don't you start by talking about rural healthcare and you have a long history kind of sorting this out. What's the message?
Thank you. for years tried to find a solution for this problem.
And part of it's because I actually live on a ranch down in southeast Texas, which is actually in rural America. . My closest hospital is 40 minutes away in any direction. And that's actually close. We have places, towns where the closest hospital is two hours away. And they're lucky if they have one or two doctors, let alone any specialists.
many of these critical access and small hospitals don't have all the services that the big hospitals have. It's the disparity between healthcare and rural America. in urban America is actually a lot greater than most people realize. And even though we've made a lot of progress probably in the last decade with things like telehealth and other things that have allowed us to push some of that, out there the fringe it still isn't where you would expect it to be.
And so. In my kind of semi retirement, I've made it my cause to try to work on this problem. And so I look for companies that are actually developing technology that will help get healthcare, quality healthcare, out to rural America. And I look for models that will do that.
when I was working through this problem, one of the things that I realized was that this is not a technology problem, right? Even if we could give all the technology in the world to these small hospitals, these rural places, that's not going to solve the problem. Primarily because, number one, it's a socioeconomic problem.
They don't have the resources. To acquire and to manage these tools. And even if they have the resources, they don't have the people to do it. And so a lot of this is pretty technical stuff is pretty technical challenging software or hardware. And in a lot of these places, Wes and I both grew up as farm kids to being able to find somebody who has the level of skill and the level of experience with those tools.
It's just hard to come by. And they're doing lots of other stuff too. The person who has the CISO title hung on them is probably also maybe like the supply chain guy. And they help out in the cafeteria when they need help down there. They spread people really thin in these small places.
It's not just rural either my parents live outside of Albuquerque in Corrales, New Mexico, and I'm just flummoxed at how difficult it is for them to find specialty care in the most populous city in New Mexico.
Kind of New Mexico is all rural to begin with, but still it's just we've certainly created a geographically, a group of have and have nots, I think. And I think that's the big, biggest part of it. And frankly, I think that's the part that's causing a lot of the discontent that we have in this country today is that.
There is a lot of disparity between the haves and the have nots, and healthcare is just one example, but it's a huge example because it's so very personal, right? And so when I saw the announcement with respect to those companies that wanted to give free technology to the small hospitals, I thought, on one hand, This is really good.
This is nice. This is a great gesture, right? I'm not trying to play that down at all. other part of me said, Number one, it was only for a year. How are they going to pay for it in year number two? Will the infrastructure they have even support these tools? And some of them won't.
And is anybody going to fix that so they can have these things? And even if they get this stuff, who's going to run it? Who's going to implement it? Who's going to administer it? Who's going to manage it? Who's going to monitor it? And I just found myself going, once again, We're solving the wrong problem, we're trying to make technology the solution.
Technology is clearly part of the solution, there's no doubt about it. But it's actually going to be something much broader than that. And we have to understand that you're not just going to throw a widget at this and it's going to get better.
Yeah, there's definitely got to be some kind of a package solution that includes services and the capability.
And like you said, there's also the other problem of just tech debt at these smaller places that who knows if those endpoints that they have in that organization are even able to use that technology that's being given to them. There's a lot of challenges and issues. It's not an easy fix.
That's for sure. Yeah. One of the things that lots of us are talking about right now is the ARPA-H deal and the grant that's coming with ARPA-H and I think you guys are going to be part of that, right?
it's a ironic slash funny thing about that is I wrote a blog right when the ARPA-H stuff came out and said, hey, why are we spending 50 million to develop something when we haven't really done anything?
Delved into the tools that we have right now. I think there's probably a lot of stuff out there that can do what ARPA-H wants to do. And funny enough, we got invited to participate in one of the ARPA-H submissions using Ordr as the foundational product for that submission. Now, it drastically changed to MaxPoint, drastically changed UE user interface that You know, it is, hit this button to see your vulnerabilities, hit this button to patch your vulnerabilities, kind of thing.
But, that underlying technology is there. We're going for it to see what'll happen here. But this part of ARPA is they are moving fast, too. expecting to get that money out and start being spent by the turn of, not the fiscal year, but the calendar year.
So, this thing is moving pretty quick, and I'm excited to be a part of it. Because, as you mentioned, we're both farm kids and we know they shouldn't have to make a decision between an MRI and a security tool. So pretty excited to be involved in that.
is even a bigger, big issue for the three of us because we're all retired from the military.
It doesn't matter that we have great healthcare because of our years we've spent in the military. If you live in a place where it doesn't exist. Yep. And that's one of the issues that the VA has with this, and hopefully they're involved because I know Major General Elder who used to run TRICARE is really big into this, and one of his biggest things is, we got veterans all over the map.
And some, even though they have all this coverage, they live in places where there's nobody that can take care of them.
Yeah, my dad's a retired Air Force guy too, and he's sitting there and not able to take advantage of that.
Yeah, not everybody lives in San Antonio or Washington, D. C., right? Yeah, that's right.
Retired, but not everybody wants to
live in San Antonio.
it's interesting to draw the parallel between these two stories too, of, the rural healthcare gifting. effort is really centered around this idea that you can, that technology will solve the problem. And we know it's way more complicated that.
And the ARPA-H wanting to invent new technology to do a thing where existing technology maybe already exists. And a lot of that is just, again, the issue of like, what's the process and the people that you need to put these things together to make them actually work the way that, that you would hope for.
So.
that's what's got me pretty enthused about it. We're teaming up with Google on this and they're building the interface. And again, from my conversations with them, it's, here's a Google device, a Chromebook or something like that. Here's a network tap that you plug in.
And it's like, I got T Mobile, 5G internet at my house. They just shipped me a box and said, plug it in here. That's how easy it's got to be for rural health care.
β π π π π
th,:Join us for dynamic sessions, interactive workshops, and keynotes from trailblazing women in the industry. This event offers actionable strategies and fosters genuine connections. Whether you're a health system employee or a vendor partner, SOAR provides unique networking and growth opportunities.
at bluebirdleaders. org slash:. Let me jump to another story. Again, because all three of us are retired military, there's a really interesting conversation going on right now about creating cyber force, like the Air Force and the Army and the Navy and the Coast Guard and the Marines.
And don't forget
SpaceForce.
SpaceForce, don't forget SpaceForce. I remember when SpaceForce came out, I remember saying to myself, and maybe you and I even had this conversation Wes, about like, SpaceForce, shouldn't we have CyberForce first? It feels like we've got more of a cyber problem than I've got a space problem right now, but.
Yeah. And a free plug the Steve Carroll SpaceForce. Series, if you haven't seen it, it's friggin hilarious.
It is pretty good.
Back to cyber force. Yeah.
Mac, π what do you think about cyber force? You spent your military career, a lot of that was really in Intel and in cyber.
And so, I'd like to see what you think about this.
I would have liked to have had some of those warriors back then when I was doing that. I think this is great because I think the military, I've always thought the military is a great training place for everybody else.
And the experience and the immersion that typically they get. In the military is far superior to what they get elsewhere.
And the responsibility.
And the responsibility. Yeah, that's the thing. I, that's what I've always used to say is that guys come out of the military they know how to make their bed.
They know how to get dressed. They know, they, they know how to be on time. They're responsible because they wouldn't have made it through there even a brief tour if they hadn't learned those lessons. And so you're not having to spend any time training them how to be a good worker.
And the experience that they get from a training perspective and like I said, the immersion is oftentimes is much greater. They hit the ground running. It was an interesting article and in every one of the services has their own cyber force today.
And of course, then you've got cyber command. And I think that's just great. I think it's going to be great for this. For the private sector, as those folks start matriculating out to get those, that experience and those expertise. So yeah, I support it 100%. And let's face it we know the government needs it.
And we certainly know the military needs it. So, yeah,
the government needs it. And I think just from a civilian perspective we have to do better than just saying to every healthcare system, you're on your own fighting Russia and North Korea and China and cyber criminals.
And, it's a lot to ask for individual companies to just take on that battle on their own.
And the crazy thing about this, One of the things I did in the government before I retired, I was part of the critical infrastructure protection board that had all of the directors of security and intel on there, and they were looking at the various threats to all of our critical infrastructures, and healthcare is absolutely one of our critical infrastructures, and so to me, think the government should do more than what they're doing for the private sector.
Because let's face it God forbid we ever did have an issue here in the United States. But I don't know how ready we would be. And that's a big concern when you start thinking about it and we should be, I think one of the things we should do a much better job of is sharing information.
The government between the private sector. they're both dealing with the same threats.
It's one of those things that I think as I look at this I think back to 9 11 and the individual Intel agencies and different organizations and that lack of coordination that sort of happened that certainly was attributable to some degree to what happened on September 11th, the idea of something like that to creating CyberForce, to bring together those cyber specialists and all the individual services to work more in a coordinated way.
fashion and function to hopefully provide better security for the government and for the rest of the country just makes sense to me.
Yeah, it does. I, the, I read the article, of course, because you told me to, Drex and, it was very army centric. The Air Force does it a different way, but neither here nor there.
Could see a cyber force but, we've already, we're at war. Frankly, we're at cyber war with other countries, and we've already identified nation state cyber actors. So, let's go on offense. Let's get a group of folks that, I don't know maybe they're doing it now, but let's get a group of folks that go to war with these other nation state actors and, Teddy Roosevelt, this thing,
I like your analogy and it leads us to the next story. And it'll probably be the last story that we talk about today. It's about the US indicting a North Korean who's a member of the North Korean government's reconnaissance general bureau, which is the the cyber criminal arm, of the North Korean and that person being indicted.
Now, unless they come, they wind up showing up in a country where we can actually arrest them and extradite them. We may never see them, but this idea that we continue to figure out who are some of the key players in all of this, even in countries like North Korea, and indict them, continues to put those countries on notice that.
We maybe have a little more insight, a little more inside baseball on who the bad guys are than they may think. And the North Koreans in this particular instance are accused of hacking into US hospitals in Florida and Kansas and Arkansas and Connecticut and Colorado, all of that stuff happening from the North Koreans.
lot going on there, but, for one, I'm happy to see it. I'm always happy when the indictments happen.
North Korea's got what, like five connections to the internet or something like that? Why don't we get our cyber force to just DDoS the hell out of that, and we won't have a North Korean problem anymore.
It's not
like we'd have to target a lot, wouldn't it? Not right! The other thing that's odd about this is that we're indicting a member of the North Korean military, who has conducted offensive operations against U. S. facilities. Both private and government.
That's
war, right?
Military operation. Yeah, that's
a
war. And when did we start indicting military guys who are following Ordrs from their government? You know that unless I'm missing something here, or I didn't read it, or they're not sharing the whole story you know this guy didn't do this independently or on his own.
And he certainly didn't do it without somebody over there knowing what he was doing, because they don't have independent operations in those countries. So this is not some guy who randomly hacked into hospitals or businesses, and then so that he could hack into the government. This is a concerted North Korean operation to penetrate US industry and US government.
So why are we calling it one guy that we indicted?
There's this history with North Korea too, either breaking into Bitcoin wallets that belong to individuals or companies and stealing Bitcoin. The country is so isolated from the rest of the world and the rest of the world's economy that these kind of criminal activities are the only way that they really have to get funds into the country to do all the other stuff that they need to do in North Korea, right?
Yeah, besides feed their people. And you've talked about this before in several speeches that I've heard to give, without Bitcoin, North Korea wouldn't be doing this because they have no way to get any money.
Period. So, not only is it, as Matt pointed out, not only is it this military organization with this one dude in it that is getting told to do this, they're getting told to do that simply to bring in cash for the whole country. So, I broke in a couple times and said, that's war.
I
don't know if it's war in this case. It's just, it just may be kind of survival for North Korea at this point.
Yeah, I think the devil's in the details, right? In the definition of war and you know where our government wants to go with that too, but it's it definitely feels like there's something else happening here that we don't want to say it out loud.
We don't want to discuss it in the way that maybe we should discuss it. But the North Koreans and the Russians and the Iranians, several Chinese, several of these countries are definitely deep inside the U. S. doing a lot of work, including healthcare. ready to make a lot of trouble should they decide to pull the trigger on something.
Yeah, but to Wes's point, if you can identify if the individual or the organization that's doing the work is part of their government or part of their military I'm like you, release the hounds, right? Take them off the air. Are we just standing here taking the punch?
Wow, Mac, we might have to let that be the last word today.
Don't stand here and take the punch.
Don't take the punch. Yeah. Thanks to Mac McMillan. One of the most incredible folks I've ever worked with. We have spent a lot of time together at Synergistic and lots of other places.
Since I first met Mac, all of us have all three of us have at different times, and then Wes Wright from Ordr. It's good to have you on the show.
It's great to be here. And it's great to hang out with you guys, two of my favorite folks.
Thanks, man.
I think there needs to be a lot more dialogue and I'm glad you're doing a lot of the stuff you're doing because I think it's also helpful for people to know. I've been doing this for over four decades.
at old. I can go back to the:I think it's the world we live in. And in the spirit of everything's connected to everything else, it just gets more and more complicated over time.
it is great to be living in these interesting times, man.
It's true, it is. Hey, thanks for being on the show, guys.
I appreciate it. That's Unhack the News, and we will catch up with you soon.
You betcha. Take care.
ββ π
π π Thanks for tuning in to Unhack the News. And while this show keeps you updated on the biggest stories, we also try to provide some context and even opinions on the latest developments. And now there's another way for you to stay ahead. Subscribe to our Daily Insights email. What you'll get is expertly curated health IT news straight to your inbox, ensuring you never miss a beat.
Sign up at thisweekhealth. com slash news. I'm your host, Drex DeFord. Thanks for spending some time with me today. And that's it for Unhack the News.
As always, stay a little paranoid, and I'll see you around campus.