Cybersecurity continues to be a top concern for many healthcare leaders. So, it was no surprise that during the annual ViVE conference in Los Angeles last week, the topic was discussed across multiple panels.

In a recent blog post, Mick Coady, the field CISO at cybersecurity company Elisity, shared his observations of some of those panel discussions. He agreed with one panelist that when it comes to intrusions, continuous visibility into exposure is valuable. However, Coady pointedly added, “But detection tools, by definition, fire after the intrusion starts.”

At ViVE, Healthcare Innovation sat down with Mick Coady, and one of Elisity’s customers, Taylor Calloni, who is a cybersecurity engineer III at Southern Illinois Healthcare, to discuss cybersecurity concerns within healthcare.

Could you provide us with a little background?

Taylor: We are a 400-bed hospital with 4500 users. We serve about 17 to 19 counties in the area.

Mick: Elisity is focused predominantly on micro-segmentation. Most healthcare companies today are struggling with doing it.

There's another system up in northern Pennsylvania that has 16 hospitals and 100 clinics. We did full segmentation and fully implemented it in 44 days. That's unheard of, right?

Taylor, working with Elisity, what challenges were you looking to address?

Taylor: Cost and time-to-value, and just the resources needed for segmentation. A lot of the suppliers out there, it's a solution where you need to bring two to three full-time employees just to operate the very complex system, and so Elisity solved a lot of those issues for us.

So, feedback has been pretty good.

Taylor: I hate to say I'm drinking the Kool Aid, but, you know, I can't say anything bad about it so far.

What were some of the challenges in this process, and how were they addressed?

Taylor: We were a part of early adoption. There were some growing pains. When we signed on, the integrations were there, but they were slim. I call it a partnership because we had certain tools in the environment. I said, "Can you integrate with that?" and they'd come back and say, “Yes." Then they built an integration.

What kind of future developments are you looking at?

Taylor: For us, future development is going to be wireless enforcement. We haven't done that yet. We've only done wired enforcement. We are looking to further integrate with more tool stacks that we bring on, whether that's new products that nobody has integrated with yet or pushing the boundaries there.

Mick: There’s now a whole set of different things that we integrate with. I think the custom connector function that they recently built has created a great stopgap. For context, when you're in the healthcare environment where everything is not homogeneous whatsoever, you can have systems that can be created from one place to another. I think as we continue to evolve, you're going to see us build out a huge swath of integrations.

Let’s talk about cybersecurity. Is the healthcare industry keeping up?

Taylor: Very outdated, very slow. A lot of medical devices are claimed to be FDA compliant, built in a very small ecosystem with a very small set of software or build numbers, which really limits patching in a very short timeframe. For these systems that do deliver patient care, it's very hard to protect them, especially from a cyber-defensive scenario. I wish I could just push them aside, take them off the network, but I can't do that. They need to talk. They need to send patient data. They need to help people. It's getting better with Elisity's Micro segmentation. Now, HIPAA's goal is to put micro segmentation as a regular regulatory requirement. It's getting better; cybersecurity as a whole. You're getting better visibility and the tools needed to build it faster or defend it faster and better. Micro segmentation is a big scary word to a lot of health organizations.

What were some cybersecurity-related challenges your organization faced?

Taylor: We're very limited. For 4500 users, we have six total cybersecurity individuals. A lot of responsibilities overlap. One minute I'm doing incident response or forensics on a laptop, the next minute I'm writing firewall rules, the next minute I'm talking to the network team who has some abnormal logs going on.

For our specific instance, we needed a single source to integrate with other tools. I can save time on doing investigations with network flow ability. I can see what it's talking to and what it should talk to, what it shouldn't talk to. I can see the assets that have fallen off. I can see them now, and I can start raising flags to the teams, either clinical or IT, and say, "Hey, what's this?" Then we can have the dialogue and learn.

Do you see anything happening with AI?

Taylor: AI is a scary word. Last October, I went to a conference about attacking AI, and I wanted to learn how to attack it before I learned to defend it. Since I've done that, I've worked on not running away from AI but embracing it. What can it do for us faster and better? Again, limited cybersecurity team, so whatever we can do to get either AI agents or AI insights. We're wondering when we're going to get hit, because we will.

Mick: The containment matters, right? I think one of the other things, too, where AI is to look at it on the patient care side, you're looking at what can we do from a diagnostics perspective. If you look at a set of imaging functions, what does a longitudinal record look like when you're doing specific types of research?

I think the balance of what we're doing within the healthcare world is that it can be done for good, but there are nefarious activities being used for bad. Where's the balance of where we can use it for cyber defense, in conjunction in the same environment where we're actually helping patients get better.

Do you utilize AI right now?

Mick: There are a lot of different tools and engines and different parts of what we do within the organization to drive getting some of the analytics in a timely fashion. I would say there's more to be done, and we're always exploring a lot more different styles of engines. If we're going to use it for good, it's got to help with getting to the answer faster. I'm not particularly in the same place where the CEO, I think of Microsoft, was saying that we're going to replace human beings rapidly, overnight.

What are some future developments you are looking at?

Taylor: I’m looking to save revenue by deploying AI agents to do level one alerting structures.

We’ve got an enterprise-level agreement for an AI service so that we're not running away from AI. We're trying to give people an avenue to utilize it in the clinical space. We are trying to eliminate shadow AI more than run away and block AI.

Mick: From us supporting them as having the platform, I think our biggest thing is to amalgamate the information as fast as we can. When things start to occur, and they go bang in the middle of the night, the issue is: how do we resolve to get that information more quickly, either to any form of communication, or to ensure its accuracy?

What is your advice for healthcare leaders?

Taylor: Micro segmentation is… very feasible. It’s something that is becoming a requirement because firewalls are no longer the perimeter anymore. You need segmentation in your environment.

Mick: The perimeter is pretty much gone. We have to move forward with a different level of thinking. I think what Elisity has done is demystify the idea that you can actually get this accomplished. You have to do it. If you don't, you're going to be left behind. There will be ramifications.

I think there are a lot more people in procurement, supply chain…who will eventually start to say: “Hey, you know what, this network segmentation thing? It's an actual thing.”

From a leadership perspective, as you go about doing it, welcome everyone to the table. I've seen identity management implementations go wrong because we don't have the right people in place.