This Week Health

Don't forget to subscribe!

January 6, 2025: Mick Coady, CTO of Armis, explores the risks of connected devices in healthcare systems to the unforeseen consequences of encrypted messaging apps, this conversation dives into the delicate balance between innovation and risk. How does Walmart's acquisition of Vizio paint a picture of the bigger intersection of consumer tech and privacy? And as global privacy laws evolve, are companies truly prepared to protect sensitive data, or are they playing catch-up? 

Key Points:

  • 04:27 Messaging Apps and Security
  • 08:54 Walmart and Vizio
  • 11:58 Genetic Testing Data
  • 18:18 Accents and Conclusion

News articles:

Subscribe: This Week Health

Twitter: This Week Health

LinkedIn: Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[:

Don't leave your devices and your patients exposed. Visit thisweekhealth. com ARMIS today to learn more.

Today on Unhack the News.

(Intro) By no due fault of their own, there is a supply chain of what happens in the patient care continuum. And any one particular piece gets broken, yeah, have something compromised. But the question is, what level of exposure were you willing to give in that clinical setting?

panies. Now I'm president of [:

. And now, this episode of Unhack the News. Hey everyone, I'm Drex. This is Unhack the News, and I'm really happy that you're here today.

I've got Mick from Armis, and it's the first time you've been on the show, Mick. I can hardly believe it, actually.

I've done a couple of things with Bill, but some of them where we did it at HIMSS and I don't think the recording, the background noise and everything else that went on, I think it was last year.

But no, mostly everything else I've done with you guys tends to be more on the intimate side of, the round table or the dinners or whatever else. But yes, it's the first time you and I have known each other well enough, long enough, but yeah, I look forward to having a good conversation today.

excited about it. Let me start here since it's the first time Armis has been on the show. First time you've been on the show. Tell me a little bit about the company. Tell me a little bit about you.

time. Formerly when I was at [:

We were building out our OT lab a while back and got to know Armis from that perspective. Got to introduce them based upon what they did in that space. Obviously then, the entire platform for Armis basically covers the IT, OT, IOMT, MedDevice, obviously side of it. We've added a couple of different tuck in acquisitions in the past 12 months.

That'll allow us to do a couple of things that are slightly different around remediation, and also then what we call early warning or advanced threat. The overall platform operates in that space. It's highly evolved into what we do for seeing assets. In any shape or form identifying them and then prioritizing what needs to happen with them based upon vulnerability, based upon actions, class one FDA recall, something like that, basically that links to how they work.

It's been a very interesting ride since I've been here. It's 18 months as of this month.

18 months. Tell me a little bit about your background prior to coming to Armis.

er some different pieces and [:

Prior to that, I was almost 10 years at PricewaterhouseCoopers. I was involved, they brought me on initially to help run the healthcare vertical Later on, I worked heavily also in the oil and gas space, but if anyone goes into my LinkedIn, they'll quickly see that I've done stint with three of the four, big four.

Hopefully no one holds that against me, but I've had a pretty good and great consultative career. I had a quick stop with a group called Stockwell Consulting, two brothers who basically allowed me to build out a kind of a forensics based business that focused a lot on healthcare. Their entire market was as a healthcare centered an EMR.

That worked back in the day on Windows 95.

o much stuff so quickly that [:

Look, the thing is that it's different from a perspective of as much as I'd clean up and, suit, shirt and tie I happen to be a wrench turner, right? So I grew up on the technical side of it. They always said I was the nerd in sheep's clothing based upon how I present myself.

So that was just the way it was. But. It's good to have a balance. I had some great experiences while I've been in those situations. I've played the acting CISO temp role in a couple of hospital sittings while I was working in those things, which was very interesting in itself, but they called upon my expertise through breaches or through identity management or forensics response, or a whole litany of different things.

So yes, you get very much exposed to a bunch of different things, but culturally then you get exposed. to how different either hospitals or payers or providers in general will operate and every culture can be different when it comes to that depending on whether you're mid size, large, specialty, pediatrics, maybe cancer centers, it's all very different.

stories. There's a story in [:

I'm sure you all are involved in this and have a take on it. what are your thoughts about that story?

I have varying degrees of thoughts on this. There's a lot of different parts and pieces of lots of organizations DREX work here, right? So there's the aspects of being open form.

Everyone uses traditional messaging, whether it's through the Google function of what you do on your phone, iMessage, or then you've got the WhatsApps of the world or all the other things. As somebody who happens to be living in America with a ton of relations and friends at home in the European isles, I have to have other apps to communicate with my friends and relations.

the original I'd say back in:

I would say one of the earlier adopters of how you had handled messaging and encrypting messaging. looked at what that article was talking about and where they're thinking all of this should go. Obviously you can go through the adoption of what you would want to do with maybe moving that application into your form.

I think there's going to be a balance in the United States of how we're going to manage making sure certain specific types of data gets encrypted or messaging goes associated with that. I think we've got plenty of regulatory oversight that talks about whether you're pushing PII. Healthcare information, banking information, everything else that ties into us taking a little bit more time and care on how we move information around from, one phone to another.

I'm not saying that we all may or may not have children who are always asking, dad, can I have a credit card, please? Can you send it to me? Or can you send me a snapshot? And what do we do? We fall prey to that thing when it's a quick, instant thing. My windshield's broken, AAA hasn't arrived, pick your du jour.

? I think this is giving the [:

And, the regulatory laws may change some of that. There's elements of GDPR that can be brought into this, right? You've got the elements of European privacy law that we'll have along to. South Africa now has its own privacy laws. There are a lot of different ways you can go with this.

Lots of states now,

too. Lots of states are implementing their own privacy rules.

Texas has, I can't remember the exact numbers off the top of my head, but Massachusetts, California,

each one has doubled down on their own versions of what they want to do around the privacy law.

So would say there's more to come, but if you're going to consider it, then there's ramifications to availability, right? Obviously, is it viable for all levels of risk? Are you going to hone it into specific types of information or conversations? Maybe it's board level, but this goes back to data protection, data classification.

t kind of organized properly [:

I think to the there's seems to be a challenge of just if I decide I'm going to use Signal, then all of my people that I'm going to text with also need to be on Signal or WhatsApp or whatever the case may be.

And then, one of the articles goes on to talk about the sort of strange situation of the FBI and CISA saying use encrypted apps. But out of the other side of their mouth, they talk about how encrypted apps keep. Them from being able to solve crimes.

That's correct. And so there's a little tug of war there, don't you think?

Exactly. And and I can speak on this from the forensics world specifically, that is that it almost seems like they're, and I'm not saying they're doing it intentionally. But it is counterculture to say, I won't do this, and this until, a corporation per se has done something nefarious it may go all the way to the CEO and lo and behold, we can't unencrypt what was going on with the messaging for any of that.

here are pockets of good and [:

When it comes to it, it'll be very interesting to see how you start pushing clinicians into a space of using this stuff. They, some may go with it and some may push back, right? And that's the kind of the world we live in healthcare.

Speaking of privacy, there's another story that I thought was weird and interesting.

And that is that Walmart The big box store Walmart bought a TV manufacturer called Vizio for 2. 3 billion month ago, or a few weeks ago. And as it turns out, when you really dig into it, the reason that they bought Vizio wasn't the logic would be like, we're going to sell Vizio TVs. And so we're just going to be able to build them and, make even more money.

tary operating system called [:

The unintended consequences of the things that we do that gives up privacy? you think about that?

would say, look, Vizio, okay, the entire TV market in general an anomaly. Like, We've all been switching out over slow periods of time. I would have said, Drex, we would have had TVs that would have been non smart.

Let's go with that version first. The more and more we switch into, the more and more we connect into our own direct homes via Wi Fi, via hard line connectivity. These Samsung, Sony, Piccard, Dijour, all sit out there and they've got their own platform. That then allows you to pull up applications, right?

erything that's fed to me is [:

On to the platform that sits on that TV. So there is a consistency of replica around the house of how those applications are consistently presented to you. There's good and bad for that. This is the consumer battle of what we fight with the privacy side of this, right?

We want to subscribe and we want to have ease of use. But you have to give to get and there are plenty of situations and it just happened, I think, right after Thanksgiving here in the U. S. That an alert came up on the TV. Our terms and conditions have changed. Something.

Most people go click okay. Yep, that's it.

do to improve their platform.[:

But

that kind of leans into, if you've got 19 million subscribers, on any given day that's quite a chunk of change in the U S or across the globe , on what they're doing. I think you're brushing up against what we fight with the telco companies, right? When it comes to what that anonymized data, quote unquote, that ends up being Data protected information on how we consume, we do our phones.

You've just literally taken what we've been doing on the phones and fighting with the telcos for over the past five years, you just shifted it to the TV.

it feels like it keeps shifting too. One of the big stories from a month ago was 23andMe and the stuff that's been happening with all the genetic testing data.

And as these companies start to struggle a little bit, what happens with that data? It seemed really not a big deal when we spit in the tube and sent it off. 10 years ago, and we found out that we were Irish. it just seems like there's a chronic condition now that's

Yeah and they're not the only ones, right?

he day, I have three younger [:

So at the end of the day, but I understand the the ideas of always searching and looking for what that is and everything else in the historic parts of what makes up what your bloodline is. That's all well and good, but you did give over Basic DNA and informational things that tie into what happens.

gs that were going on between:mic or DNA based information [:

Yeah, there's going to be an impact to your personal information. Sure, I'll take that. But what is the long term effects of what you're going to do when you have basic sets of DNA that can be exposed there based upon blood type? Based upon history, based upon an awful lot of different things that make up you.

Not just you, but many people like you.

Yeah, it's the lesson here ultimately in all of this is, Be really thoughtful about what put in when you sign up for things, because you think it's no big deal, or you may think at the time it's no big deal, but just look out over the curvature of the earth and think about how this data might be used by somebody you did not intend to give it to.

And that's the thing is that, again, I don't know if we're always looking at everything through the lens of everyone's doing something nefarious, everything could be a conspiracy theory, right? can't live your life that way either. There has to be give to get, and there are ramifications of that. We still go into hospital settings, we still go into clinic settings.

ve, our information could be [:

Or in a consumer based setting, such as what Vizio is doing? Or in any kind of setting when it happens to your iPhone or your Google phone?

I think about, so going back to the TVs, I think about these TVs also being in rooms and healthcare systems. Do you all what, how do you help with that?

What do you see? How do you help? Can you help with that kind of a situation? If nothing else, just letting people know what's there.

Yeah, first things first. think the world has changed quite a bit there is even impacts recently to Sarbanes Oxley, we'll call it 2. 0, that kind of got released last July, went into effect in December of last year, which is now leading to specific categories of different parts of the regulations as you're signing your annual code.

Your K's or Q's, [:

You could be held accountable if you're not inventorying things at a level. That at least shows non basic negligence, that I had an idea of what was going on. I think what happens in these settings with the unbelievable levels of intelligence, like a TV, that is dramatically changed is one, they're showing up in the network, and you don't realize need outbound or inbound connections for them to work, right?

First things first, I'd love to know that it's there. Two, it's connected to a network. Three, it needs access to the internet. There are ports of, now you've added RISC. Manageable risk, but still it's risk. But if I didn't know it wasn't there, how am I going to manage it at all?

You

rld, right? And that you can [:

Correct. Between myself and Mo, we're in front of customers, either weekly, daily, all the time, and I'm constantly listening and learning of what everyone's dealing with, and even from the ramifications of the medical devices.

that are also now linked to the TVs, right? So now you're walking into extremely intelligent hospitals. Some new, brand new hospitals have come up. I know one recently just got stood up. It was the 229 CIO round table over in Lake Oconee, and just going through an amazing journey of what Atlanta Children's Hospital looks like now.

And it's an amazing situation, what they've done. And creating speed to care for pediatrics. But yeah, there's a lot of technology involved and a lot of it is based on moving smart boards, smart TV, smart aperture things. And yeah, you've got to get your hands around it on how all that information is going to be used.

manage it. But yes, creating [:

So that can be categorized and normalize it, right? So if something starts to communicate to it that shouldn't or we haven't seen in the past, we alert on it, right? And, or quickly have an ACL built, immediately push it and send it over to your firewall, that basically allows it to be blocked for the next hour until we figured out why has that got a UDP port calling in from the 26, 000 and above level?

Maybe not the right thing, right? So that is how we would go you got to see it, manage it, and then ultimately protect it.

I hate to say this, I feel like we're out of time, but before I go, I probably should ask you one more question. Tell me about your accent.

Oh maybe we have the accent.

It all [:

I go up to Boston, it's a whole, cadre of different accents. And then across the Midwest, there's, the further Northern into Midwest into Dakotas, the Minnesotas, the Wisconsins, they also have their own version of it. I'm originally from a section, a small village North of Dublin called Swords, and I'm what we call a north sider

so that's basically where I'm from. And that's where the homogeneous version of my accent is. Although I've lived in America for a long time, it's not as wickedly bad when I'm particularly, one, I've got to be on video with you. And two, when I'm trying to slow down and not be so quick unless of course I have a wee bit too much coffee in me or.

Anyway, or something like what I have behind me, in me. But anyway, at the end of the day that's the origins or whatever I've as of this year, actually, it's been a great 30 plus years of living in America. And that's where I'm originally from.

Thanks, I appreciate that.

I'm looking forward to seeing you as we get into the spring and some of the conferences, and I'm sure we'll

cross

paths and [:

Yes. A little something else in it, possibly. We'll see. We'll wait till dinner or evening time for that, but for sure, yes. Yeah, and I look forward to seeing you.

We've got quite a cadre of things that hit us early in healthcare, in the springtime. Yeah, I look forward to catching up with you again.

Yeah, thanks for being on the show, Unhack the News. Always a pleasure. I'll talk to you soon.

Thanks, Drex. Appreciate it.

Thanks for tuning in to Unhack the News. And while this show keeps you updated on the biggest stories, we also try to provide some context and even opinions on the latest developments. And now there's another way for you to stay ahead. Subscribe to our Daily Insights email. What you'll get is expertly curated health IT news straight to your inbox, ensuring you never miss a beat.

Sign up at thisweekhealth. com slash news. I'm your host, Drex DeFord. Thanks for spending some time with me today. And that's it for Unhack the News.

I'll see you around campus. [:

Contributors

Thank You to Our Show Partners

Our Shows

Related Content

1 2 3 299
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved