Aug 24, 2021: Data is the problem. We seem to have created this problem through efficiency – processing, transmitting, and storing data. Using the continuity of knowing the absolute of what data is processed, transmitted, or stored within any environment – specifically the highly-regulated healthcare industry – is the highest priority of any critical clinical environment. This discussion explores the approaches that have yielded a highly protected calculus for the critical safety of patient information. Are we using the lessons-learned to date effectively? Will this transform technology fast enough to protect our overall responsibility to the care of the patient?
Join our webinar “Coming Through a Ransomware Event – Best Practices and Lessons Learned” on Thursday, October 7th at 11:00 AM eastern time. We are going to take a unique look at the Sky Lakes Medical Center ransomware event with guests:
S1: Data Isolation & Protection with Sirius and Rubrik
Transcript – Aug 24, 2021
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[00:00:00] Bill Russell: Thanks for joining us on This Week in Health IT influence. My name is Bill Russell, former healthcare CIO for 16 hospital system and creator of This Week in Health IT, a channel dedicated to keeping health IT staff current and engaged.
[00:00:17] Our topic for today is data isolation and protection. Our sponsor for today’s segment is Rubrik, and let’s just get to it. Data isolation and protection. Matt, frame up the problem that we are trying to address [00:00:30] with data isolation and protection.
[00:00:31] Matt Sickles: Yeah, thanks Bill. As we’re digging in now to a lot of the causative factors, we get to a site, we get to an organization. The real disclosure now is when your data has been lost we want to protect our clients, our patients.
[00:00:45] We want to make sure that everything is protected. So everything relates back to those data elements. Based on experience. We also see that if you know what data you have, if you know where that data is, it’s a lot better to untangle that Gordian knot [00:01:00] when something goes wrong. So our data protection strategies that we’re seeing in the industry right now are based on a lot of things that we’ve been doing in technology in business for the last 30 to 50 years, we have to start changing that dynamic and really starting to adapt with what the problems are more specifically, how we can prevent systems from either a going bankrupt or be disrupting their normal operation cycle.
[00:01:26] Bill Russell: Yeah. You’ve had some broad experience in the industry. Over 30 [00:01:30] years. We had WannaCry and that felt like we were going to have a tipping point. And now we have these recent attacks, which have been pretty significant based on your experience. Are we finally reaching a tipping point here?
[00:01:42] Matt Sickles: I think we are. If we even go back before WannaCry, I think that one of the compelling events in state local government hospital education everywhere was Conficker back in 2008, we started seeing some of the telltale signs that the attackers were going to be much more [00:02:00] sophisticated.
[00:02:00] They were going to start driving into the organization. So now that we have organized crime running a lot of these events, I think that tipping point is now. It’s very profitable and we’re seeing a lot of these industry leaders like Dark Side, and we also see Reveal who get their money and they disappear.
[00:02:20] So I think that’s where the biggest changes right now from the risk perspective, that tipping point, is the frequency is so high we don’t have real capabilities to figure [00:02:30] out when we’re going to be hitting that tipping top point. But I think that we’re on the downward curve. And the challenge is right now that every holiday cycle we go through, we have yet another big event.
[00:02:42] Bill Russell: Wow the magnitude of these events seems to be growing the last couple of health systems that we’ve talked about on This Week in Health IT, the outage was upwards of 30 plus days on paper and not really able to function a lot of their core systems [00:03:00] offline. So with that kind of magnitude, how can we transform the problem into something that is more manageable, that where we’re sharing our lessons learned that we can reduce the impact of these events?.
[00:03:11] Matt Sickles: Yeah, and I wish there was a silver bullet. I wish there was an easy button that everyone could hit. But you’re right. These are becoming much more protracted in the depth of how they’re attacking the organization. We’re also seeing that instead of weeks and months in the organization, the attackers are there for nearly half a [00:03:30] year and they’re gathering intelligence.
[00:03:32] They’re taking intellectual property. They’re finding out the business operation model and then they’re writing the code to be specific to that organization. So that’s what we’re really drifting into now is concierge and very customized ransomware attack ware so when you have your data elements and we’re starting to see all of the information come in, we start to graft and build those back together.
[00:03:55] Yes. Unequivocally, we have to come up with a simple plan. We need to make sure [00:04:00] that it is bespoke for each organization. Most importantly, if we don’t talk about it and share some of our lessons learned. I think that there’s been some awesome information sharing with the most recent breaches in the last 30, 60, 90 days.
[00:04:13] Bill Russell: This is really becoming a patient care issue, isn’t it?
[00:04:17] Matt Sickles: Yeah. The continuity of care is getting impacted. Think about it. If you go to paper and you have to start jutting down your triage. So in the ERs, you have to start curtailing who you can admit. When you want to [00:04:30] do patient backgrounds, you can’t, this is a real problem going to paper charts.
[00:04:35] Everybody was forced to move onto a digital system. Now they’re having to revert to paper. These don’t work very well together. I would love to see those incident response plans updated to be much more modern.
[00:04:48] Bill Russell: We’ll get back to our discussion in just a minute. We want to invite you to a special event that we have coming up Thursday, October 7th at 11:00 AM eastern time. We are going to take =a unique look [00:05:00]at a healthcare ransomware event, an actual event that occurred. We have the CIO for Sky Lakes Medical Center, John Gaede joining us. That is a health system that was ransomed.
[00:05:10] And we have Lee Milligan the CIO for Asante. Asante is the EHR host Sky Lakes. They’re the community connect partner for Sky Lakes and they’re going to recount the events and the effects that it had on the interconnected health systems. Some of the things that they did that they believed, worked pretty well and some of the things that they [00:05:30] think could have prepared them better for the event. We’re also happy to be joined by our guest today, Matt Sickles who has walked many health systems through the early stages of a cybersecurity event straight through to the end. And I believe with his insights and the CIO’s experience, this discussion is going to provide valuable insights into the best practices that are being adopted across the industry. And maybe that you can adopt. So we would love to have you join us. And if you want, you can provide us questions ahead of [00:06:00] time. It’s in the sign up form. And we will make sure we address as many of those as we possibly can. So there’s a webinar Thursday, October 7th at 11:00 AM eastern time, you can sign up on our website this weekhealthcom/register. Let’s get back to the discussion.
[00:06:16] So you talked about lessons learned. Are we effectively sharing our lessons learned? This is one of those things. When I was a CIO the auditors would come in to me and say, talk to no one about security. Especially in the press. Don’t share [00:06:30] anything because if you share it with the press, it’ll share it with everyone else who’s out there as well. Have we found ways to share that information across the entire healthcare landscape so that people can learn from you?
[00:06:42] Matt Sickles: Yeah, February 24th, I was involved in a breach response team for a healthcare on the east coast is we were digging into the problem. They started asking those questions right away. What should we communicate to the community? What should we communicate to our patients? And most importantly, what should we [00:07:00] provide all of our clinicians to have is a simple answer for what’s going on? They did it very clearly. It was articulate and it really got rid of a lot of noise. So that transparency, that uplift of communication, very good. It allowed for enablement. There was a lot of cross sharing. And when we take a look at the Solar Winds and Microsoft breaches that have happened over the last six months to a year, think about how that information share really changed the dynamic of risk and threat in the industry as well.
[00:07:29] Bill Russell: Are we seeing the [00:07:30] technology transform? Are we seeing enough of a transformation fast enough in order to really protect patient care and make progress in this area?
[00:07:40] Matt Sickles: No just absolutely no. So what do we do to fix that? We’ve got to start working with our partners, working with other health systems to having those working cadres. Sharing the lessons learned, getting through some of the worst case scenarios and sharing that incident response methodology.
[00:07:58] If we were to do that, [00:08:00] we’re going to start to bolster some of those technologies benefit how, but they are being propped up. I have seen a real dynamic over the last 18 to 24 months on focusing on market segments. Healthcare has gotten individual attention where it had not in the past six to eight years. So that is a turning methodology that we have to really get our partners on board with. We have to deliver that message to all of our clients and make sure that is very highly [00:08:30] socialized.
[00:08:30] Bill Russell: So we’ve had a bunch of discussions, especially lately on This Week in Health IT with health systems and with partners that are coming in and helping them. A lot of the conversation has come down to the zero trust framework. Can you talk a little bit about that and what that means for healthcare and where that is going?
[00:08:47] Matt Sickles: Sure. And if we think about it kind of like going to Starbucks. We connect to the network. We actually have our coffee shop that gives us public internet. As we get to hospitals now, the families of [00:09:00] the patients need to make sure that they have access all the time. It needs to be omnipresent. So we can’t trust the guests network.
[00:09:08] And we have done that for years. Why not take that a step further, move that into our partners, our interconnect, our business associate agreement elements, and take that further. So don’t trust any data, make sure you have effective controls wrapped around it. And most importantly, make sure that the policies that you have in the organization, a lot of the runbooks that are developed are [00:09:30] going to be very focused on making sure that if you have two devices on the network you trust neither of them. And then you use the permissions, the access models to your advantage.
[00:09:41] Bill Russell: So Matt, the subject for today is data isolation and protection. Talk about how isolation in data is really improving our posture in this world with so many threats around us.
[00:09:52] Matt Sickles: I go into a lot of organizations as we’re doing lessons learned, as we’re finding how Humpty fell off the wall. The main piece that [00:10:00] we look at is what data was affected.
[00:10:03] We want to know if it was either destroyed, if it was manipulated or if it was exfiltrated from the set of systems, they have effective controls around them. When we isolate data and we start to put monitors and meters on it, think about a future where that if you want to access a set of healthcare data, you would only get transposed, or you would actually get up the state of data that is not identifiable, it’s [00:10:30] protected at all times, whether you’re doing analytics, whether you’re using it for system work, it is near real time obfuscation, you get to close that off. So if we use our eyes to think about how we’re going to control those data patterns, we also have to start building system and process to do that on the backend as well. Limiting access, making sure that physical controls are consistent and then furthering that into a logical control methodology.
[00:10:56] Bill Russell: Fantastic. That’s the end of our first segment data isolation and protection. [00:11:00] Matt, thank you for your time. Really appreciate it.
[00:11:02] Matt Sickles: Thank you Bill.
[00:11:03] Bill Russell: What a great discussion. We want to thank our sponsors Sirius Healthcare and Rubrik, who are investing in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.