GIANT Health Event’s Post

Transcript

Jeffrey MO, thank you very much for joining us. And would you like to tell us a bit about the collaboration and what you're doing in the world of security AI in NHS trusts? So one of our major things was understanding what our gaps were and what our profile devices were. And, and it's quite surprising when we collaborated with armies to understand the discovery side of things. We had something like 9000. Pieces of equipment attached to our network, anything from cars where people had suddenly got brand new electric vehicles, which were one running Wi-Fi to Playstations, to our medical devices. And it was understanding those gaps in the security on the medical devices in that a lot of the medical devices were running old technology. They were old legacy types, pieces of equipment, but they're very expensive. So for us to replace them was really difficult. But understanding where we had gaps such as we had a piece of equipment that was running Windows 3.1, we had a lot of equipment that was running in Windows XP, Linux, Unix, etcetera. And being able to update those as much as we possibly can or mitigate that risk as much as we probably possibly could is why we bought in Armis. But in terms of artificial intelligence, which I guess is what a lot of your readers will want to to understand more and we're starting to use that now for. We're writing our standard operating procedures and there probably are thousands of socks across the whole of the trust IT alone. I think we've got about 320. So there are masses and these things can take us hours and hours to actually write. Then they have to go through a number of policy groups to be ratified and agreed. And it's really important that as we start to use AI, we look at the internal AI because the moment we step outside our AI and start. Having data to external AI, that's when we have a problem. And again, Armis is really good at keeping us on track with where our data is what our low. Risk type of data is we which we can give out and where our high risk data is, which we absolutely have to keep in house. And and there's so many innovative ways we can use AI, but there's also so many dangers and risks of using AI, especially with medical data that we have to avoid. Thank you. And Moe, can you tell me a bit about where Armis fits into this picture, what you guys do and what you're doing to support? Princess Alexander in their work. Yeah, absolutely. So I'm the global CTO of Healthcare for our miss. We are a cyber exposure management platform, so we help organizations see, protect and manage their entire attack surface. So the way we've built an AI into our platform is being able to very quickly profile what a device is, not only telling you what it is from a make, model, perspective and software, but also analyzing. Is it behaving how it should be, right. And I think that is that context awareness in a healthcare environment, which is probably one of the most complex and diverse ecosystems of devices you can have the ability to analyze, are these devices behaving how they should is paramount when it comes to cybersecurity. And what's important here is cybersecurity isn't just critical or technical vulnerabilities, right? It's how does that behavior also impact clinical side of the house. So is this device being used to its full capacity? Is it being used in the hours that it's supposed to be being used? Is it being used as much as it's supposed to be? Or are we seeing spikes of anomalous behaviors? So we have a whole number of AI models that are built in that are calculating 10s of thousands of different data points a second to be able to help identify not only what devices are, how it's behaving, technical risk, but also clinical risk and helping bolster the cyber and operational resilience of healthcare. Apartments, so it's not just cyber security then it's beyond to whole system level analytics and measurability is of course very important in healthcare and something that they don't actually have a lot of a lot of the time in in healthcare institutions. So that's very interesting. And what benefits have you seen from integrating this software into your why is it important to have cyber security? I mean, yeah, it makes sense. People think yeah, it's important to have cyber security, but why is it? Actually important and how does it benefit patients for example, So I think I mean we say cyber risk, but actually this is generally risk across the whole trust. So whenever anything goes down, it affects patient care. If their door systems don't work, people can't get into the right walls, effects patient care. If they are telephony goes down. We can't have people phoning in, we can't have alerts from GP's, we can't have, for example, East of England. Ambulance service phoning up to say they've got critical care patient coming in. We also look after Stansted Airport. We can't get those major incidents that they have often they have to, to come into us. So any type of risk is more than just the cyber risk is actually a patient, patient risk. And I'm sure you've probably heard of a, a, a German hospital that recently within the last year or so, they had a major cyber attack, which meant that they had to push a lot of their patients. Two different hospitals to have emergency procedures etcetera. One patient died on the way to another hospital. That's the first case of a patient death attributed to a cyber attack. And that is now starting to become more and more common. And it's not just ourselves that are being attacked, it's our suppliers. So of course their supplier and something innocuous such as a finance supplier being hacked means that we can't pay for things we can't buy. Drugs, we can't get those things that we need to get in to support our patients. And that's probably the biggest thing and and the problem with cyber security and the artificial intelligence around it is that you only know it's good when nothing bad happens to you. So it's really difficult to quantify, but we did have a recent in a recent problem where one of our cyber analysts actually found that a particular machine was. Communicating with a third party Internet. Provider that was actually downloading viruses and and ransomware we were able to pick that up within minutes isolate the device and stop it going from anywhere else now that could have been a huge problem to the trust but it actually ended up with being just made one machine affected. So for us it's that cyber security is about how we stop things happening rather than how we notice that things have happened I mean it's really important as well and you you think. As the healthcare system becomes more digitized and this increasing reliance on digital systems, you imagine a world in 10 years time or even further ahead when we're so reliant on digital technology that uptime is key because if if you rely on it to provide all of these services, you need to be able to protect it. And that's, that's so important. So yeah. And Mel, wonder if you could touch a little bit more on the artificial intelligence aspect of it, because I know you were saying it helps you to gather information about the devices. Is there any other ways that it plays into your product and how it helps trust with their systems? Yeah, absolutely. So I think there's two fundamental problems or challenges related to cybersecurity in this day and age #1 is you turn on the lights and. How do I, how do I know what my risk is? How do IA quantify it, right? But then quantification when you have 10,000 and you only have three to five cyber analysts, how do we prioritize what's the most important? The number two question to that or number two challenge in the industry also is related to OK, now that I know what I have and I know what I need to focus on, how do I automate right? Because I need to help bolster my security teams and what we do is we leverage AI and. We look at, again, 10s of thousands of different data points to help augment cybersecurity teams, but also HTM teams to offer up two different realms of recommendations now #1 being here's the most critical risk to your services. And the way we do that is looking at what the device is, it's context, and we also intersect the clinical risk and the cyber risk. So what I mean by that is if a device has a recall, we know this device is actively touching a patient, right? It's connected to a patient. Something happens to that versus a device that's in a break room somewhere. 2 completely different operating profiles, 2 completely different clinical risks. So we take what's happening in the industry, what's happening in the threat landscape, what are attackers about to do? So we do a lot of predictive analysis. We listen to chatter amongst the actual human intelligence behind attackers. What type of techniques do they use? We layer that on to the context of the devices and we contextualize. Also on its clinical risk, So hey, server security teams, here's the 10,000 initially found this the traditional approach in the industry narrows it down to 3000, but because we added on all of our analysis on top of it. These are the 50 that you should have a look at because these are the most likely to get exploited in the next six months. So we kind of use that predictive side of the house. On the flip side, when we're looking at, again, I keep coming back to patient care delivery and availability, That's what it's all about. It's also being able to understand from a predictive model, right? Where the best use of your medical devices is gonna be. So understanding which devices are being used less than what they can support, but also what are being used to their capacity and aiding and projecting out which devices are gonna be end of life. How much is it gonna cost organizations? How many person hours is it gonna take to configure those devices? And where can you pull additional devices from to make the most usage of your medical device fleet? So from this angle, we're looking at again the operational resilience and leveraging AI to help ensure. Analyze it. You're making the most use of your medical device fleet, and you're able to optimize how you're delivering patient care ultimate. Fantastic. That is really digital transformation for you, isn't it? Really is. Well, thank you both very much. Taking time to have a bit of a chat with me and yeah, thank you very much. Yeah. Thank you, Jeffrey, very quickly. Yeah. Could you just give me your name and your role because I didn't start off with that. So if you just tell me. Yeah, just tell me. Yeah, tell me about what you do. Yes, I am Jeffrey Woods. I'm Deputy Director of ICT at Princess Alexandra Hospital. We're basically in Harlow, approximately 420 beds at sort of medium sized Community Hospital dealing with all aspects of medicine, including an acute hospital. And now I'll ask you to a quick introduction as well. Sure. Mohammed Wilkas, I'm the Global CTO of Healthcare at Armis. We are a cyber exposure management platform focused on securing healthcare organizations. And prior to that, similar to Jeff, I actually worked at a hospital in Canada for about 10 years building their information security and privacy program from the ground up. So I welcome any conversation as it relates to healthcare security. Great. Thank you both so much. Thank you.