This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Thanks for joining us on this week in Health IT Influence. My name is Bill Russell, former Healthcare CIO for 16 Hospital system and creator of this week in Health. it a channel dedicated to keeping Health IT staff current and engaged. Our topic for today is data isolation and protection. Our sponsor for today's segment is Rubrik, but we're also happy to be joined by our guest today, Matt Sickles.

Who has walked many health systems through the early stages of a cybersecurity event straight through to the end, and let's just get to it, data isolation and protection. Matt, frame up the problem that we are trying to address with data isolation and protection. Yeah, thanks Bill. As we're digging in now to a lot of the causative factors, we get to a site, we get to an organization.

The real disclosure now is when your data has been lost. We want to protect our clients, our patients. We want to make sure that everything is protected, so everything relates back to those data elements based on experience. We also see that if you know what data you have, if you know where that data is, it's a lot better to untangle that Gordian knot when something goes wrong.

So are data protection strategies that we're seeing in the industry right now. Based on a lot of things that we've been doing in technology, in business for the last 30 to 50 years, we have to start changing that dynamic and really starting to adapt with what the problems are, more specifically, how we can prevent systems from either A, going bankrupt, or B, disrupting their normal operation cycle.

We started seeing some of the telltale signs that the attackers were going to be much more sophisticated. They were going to start driving into the organization. So now that we have . Organized crime running a lot of these events. I think that tipping point is now, it's very profitable and we're seeing a lot of these industry leaders like Dark Side and we also see Rebel who get their money and they disappear.

So I think that's where the biggest changes right now from the risk perspective, that tipping point is the frequency is so high, we don't have real capabilities to figure out when we're gonna be hitting that tipping. Top point, but I think that we're on the downward curve, and the challenge is right now that every holiday cycle we go through, we have yet another big event.

Wow. The, the magnitude of these events seems to be growing. The last couple of health systems that we've talked about on this weekend, health it. The outage was upwards of 30 plus days on paper and, and not really able to function, uh, a lot of their core systems offline. So with that kind of magnitude, how can we transform the problem into something that is more manageable, that where we're sharing our lessons learned that we can reduce the impact of these events.

Yeah, and I, I wish there was a silver bullet. I wish there was an easy button that everyone could hit. Uh, but you're right, these are becoming much more protracted in the depth of how they're attacking the organization. We're also seeing that instead of weeks and months in the organization, the attackers are there for nearly half a year.

And they're gathering intelligence. They're taking intellectual property, they're finding out the business operation model, and then they're writing the code to be specific to that organization. So that's what we're really drifting into now is concierge and very customized ransomware attack ware. So when you have your data elements and we're starting to see all of the information come in, we start to graft and build those back together.

Yes, unequivocally, we have to come up with a simple plan. We need to make sure that it is bespoke for each organization. Most importantly, if we don't talk about it and share some of our lessons learned, uh, I think that there's been some awesome information sharing with the most recent breaches in the last 30, 60, 90 days.

This is really becoming a patient care issue, isn't it? Yeah. The continuity of care is getting impacted. Think about it. If you go to paper and you have to start ting down your triage, so in the ERs you have to start curtailing who you can admit when you want to do patient backgrounds, you can't. This is a real problem.

We are gonna take a unique look. At a healthcare ransomware event, an actual event that occurred. We have the CIO for Sky Lakes Medical Center, John Getty joining us. That is a health system that was ransom. And we have Lee Milligan, the CIO for Asante. And Asante is the EHR host for Sky Lakes. They're the community connect partner for Sky Lakes, and they're gonna recount the events.

And the effects that it had on the interconnected health systems, some of the things that they did that they believed worked pretty well, and some of the things that they think could have prepared them better for the event. Uh, we're also happy to be joined by our guest today, Matt Sickles, who has walked many health systems through the early stages of a cybersecurity event straight through to the end, and I believe with his insights,

And the CIO's experience. This discussion is gonna provide valuable insights into the best practices that are being adopted across the industry and maybe that you can adopt. So we would love to have you join us, and if you want, you can provide us questions ahead of time. It's in the signup form, and we will make sure we address as many of those as we possibly can.

Uh, especially in the press. Don't share anything because if you share it with the press, it'll share it with everyone else who's out there as well. Have we found ways to share that information across the, the entire healthcare landscape so that people. Yeah. February 24th, I was involved in a breach response team for a healthcare on the East coast.

As we were digging into the problem, they started asking those questions right away. What should we communicate to the community? What should we communicate to our patients? And most importantly, what should we provide all of our clinicians to have is a simple . Answer for what's going on. They did it very clearly.

It was articulate and it really got rid of a lot of noise. So that transparency, that uplift of communication. Very good. It allowed for enablement. There was a lot of cross sharing, and when we take a look at the SolarWinds and Microsoft breaches that have happened over the last six months to a year, think about how that information share really changed the dynamic of risk and threat in the industry as well.

Are we seeing the technology transform? Are we seeing enough of a transformation fast enough in order to really protect patient care and, and make progress in this area? No, just absolutely no. So what do we do to fix that? We've got to start working with our partners, working with other health systems to having those working cadres, sharing the lessons learned, getting through some of the, uh, worst case scenarios, and sharing that incident response methodology.

If we were to do that, we're going to start to bolster some of those technologies. Benefit how that they are, uh, being propped up. I have seen a real dynamic over the last 18 to 24 months on focusing on market segments. Healthcare has gotten individual attention where it had not in the past six to eight years.

So that is a turning methodology that we have to really get our partners on board with. We have to deliver that message to all of our clients and make sure that it is very highly socialized. So we've had a bunch of discussions, especially lately on this week in health IT with health systems and with partners that are coming in and helping them.

A lot of the conversation has come down to this zero trust framework. Can you talk a little bit about that and what that means for healthcare and where that's going? Sure. And if we think about it, kinda like, uh, going to Starbucks, we connect to the network. We actually have our coffee shop that gives us public internet.

As we get to hospitals now, the families of the patients need to make sure that they have access all the time. It needs to be omnipresent. So we can't trust the guest network and we have done that for years. Why not take that a step further, move that into our partners, our interconnect, our business associate agreement elements, and take that further.

So don't trust any data. Make sure you have effective controls wrapped around it. And most importantly, make sure that the policies that you have in the organization, a lot of the runbooks that are developed, are going to be very focused on making sure that if you have two devices on the network, you trust neither of them, and then you use the permissions, the access models.

To your advantage. So Matt, the subject for today is data isolation and protection. Talk about how isolating the data is really improving our posture in this world with so many threats around us. I go into a lot of organizations as we're doing lessons learned, as we're finding how Humpty fell off the wall.

The main piece that we look at is what data was affected. Uh, we want to know if it was either destroyed, if it was manipulated, or if it was exfiltrated from the set of systems that have effective controls around them. When we isolate data and we start to put monitors and meters on it, think about a future where that if you want to access

A set of healthcare data, you would only get transposed or you would actually get obfuscated data That is not identifiable. It's protected at all times. Whether you're doing analytics, whether you're using it for system work, it is near real time obfuscation. You get to close that off. So if we use our eyes to think about how we're gonna control those data patterns, we also have to start building system and process to do that on the backend as well.

Limiting access, making sure the physical controls are consistent, and then furthering that into a logical control methodology. Fantastic. That's the end of our first segment, data Isolation and Protection. Matt, thank you for your time. Really appreciate it. Oh, thank you, bill. What a great discussion. We wanna thank our sponsors, Sirius Healthcare and Rubrik, who are investing in our mission to develop the next generation of health leaders.

Thanks for listening. That's all for now.