This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Executive Interview: Securing Healthcare's Hidden Attack Surface with James Winebrenner

[00:00:00]

Speaker: I'm Drex Deford, president of Cyber and Risk here at this week, health and the 2 29 Project. Our mission is Healthcare Transformation powered by community. Welcome to this executive interview on the UnHack Channel. Real conversations about managing risk at the highest levels.

Let's dive in.

Drex DeFord: Hey

everyone, it's Drex and I'm here with James Wein, Brenner from Ity.

Uh, it's been a while since we've seen each other, but we spent a lot of time together, uh, last fall at Lake Oconee. Um, good to see you. How you doing?

James Winebrenner: Good to see you. Drex. It had, I can't believe it's been, uh, four or five months. The, the winter came and went and, uh. Uh, doing well and, and buckled up for, for RSA next week.

Drex DeFord: Oh, man. Cool. Uh, a lot going on there. So, start by telling me a little bit about yourself and your background, uh, and how you wound up at Elicit, and then yeah. Tell me a little bit about what you have planned for RSA.

James Winebrenner: So I've, uh, I've had the privilege of spending, uh, the entirety of my career, uh, the last 25, uh, ish years in, uh, in cybersecurity and infrastructure.

Uh, started at Checkpoint software way, way, way back in [00:01:00] the.com, uh, days. Uh, did a couple of tours with, uh, with Cisco systems and have had, uh, again, had the, have the privilege of working sort of this intersection of, of, uh, infrastructure, network infrastructure mainly, and, and security. And, uh, with Elicit, uh, it's, it's been, uh, a great, uh, opportunity to bring, uh, frankly, uh, a, a number of folks that I've had the privilege of working with before together, um, to really, uh, to, to kind of solve, uh, a set of challenges that, uh, that really live at that intersection.

Um, being able to. Uh, uh, identify and secure, uh, assets regardless of what they are uhhuh, uh, whether they're, uh, it, uh, ot, you know, FDA regulated, uh, uh, uh, clinical devices. Uh, but to be able to secure them in place, uh, without, uh, without requiring, uh, uh, a lot of replumbing of the network or, uh, uh, a lot of work.

So we're, uh, we're super excited. We started. The company five and a half years ago, uh, we had a design partnership very early on with GSK on, on the pharma manufacturing side. Mm-hmm. And we've been working in the clinical healthcare space now since, uh, since late 2021. So, uh, coming up on, uh, coming up on five years, uh, working with, uh, with clinical providers as well.

Drex DeFord: a lot of [00:02:00] folks, uh, talking about you at the HEMS Conference last week, um, and I know you had a lot of folks there. What was the buzz or what, what kind of feedback did you hear from, uh, from the conference and the, the work that was going on there?

James Winebrenner: we had a great, uh, a great event at at, at himss. We are always excited, um, to be able to participate and, and what we try and do in, in all those cases, drex, is look for opportunities to provide a platform for our customers to be able to talk about what they're, what they're doing, um, and for them to be able to share.

A little bit about how they're going, about some of the programs they're implementing, uh, whether that's directly with, uh, with Felicity or, or just some of the other things that are happening. And that was certainly, uh, on display last week. Uh, we had, uh, uh, Aaron Weissman from Mainline Health out in Philadelphia, uh, uh, up, uh, talking about, uh, some of the, the transformation that they've been able to drive, uh, in their, uh, cyber program as a result of our partnership, and then some of the other things that he's been able to, to, to drive around that.

We also had an opportunity for another hospital system, uh, out of the, the Illinois area, uh, to be able to talk. So we, we love, uh, being able to use [00:03:00] those, uh, those events as opportunities to, to give a voice to our customers and, uh, for them to really be able to kind share what they're up to and, and how they're able to drive success.

Drex DeFord: Aaron Aaron, uh, I'm a, I'm a big fan of his and all the work, um, that he's done up there. Uh, I don't wanna get too far into a use case, but can you talk more about what you've done with Aaron and, and the folks at Mainline? Because it's been very creative. I mean, he just is naturally that organization I think is naturally creative about how to solve complicated multi.

Process, multi-issue, um, concerns, and I think they've done a good job working with you guys and, and, and working through some of their challenges. So yeah, talk a little bit about that.

James Winebrenner: I mean, I think what mainline went through is very similar to the conversations we're having with, with a lot of folks in, in, in clinical, um, uh, healthcare settings, which is, you know, sort of phase one is trying to understand, , what in the world do I have running in my environment?

And, uh, and these hospital networks, as you know, we've got everything from the traditional [00:04:00] managed, you know, IT asset. We've got, um, doctors and, and, uh, practitioner, you know, bring your own device, bringing in laptops and iPads. We've got, , lots and lots and lots of, you know, what we would traditionally call IoT or, building automation systems, video cameras, badge readers.

Um, and then we have, uh. Regulated clinical devices that are running and all of this is running on the same network. And, uh, all of it is, you know, bringing some degree of, of, uh, of risk, but is also all, you know, critical for, for patient care. And so in the case of mainline, you know, I think they, uh, they started their project, uh, deploying, uh, arm iis.

Um, to understand kind of what was running in the environment and understand, you know, the relative risk factors associated with, uh, with some of those unmanaged, um, um, medical technology and and mm-hmm. And IoT devices. And then, you know, I think Aaron was, uh, caught in the very classic conundrum, which is, you know, you turn on amis and the next day you see, you know, 48,000 blinking red lights saying, Hey, I've got all this stuff that I didn't know I had.

Uh, now I understand what risk is associated with it, and, and the question [00:05:00] becomes, what do I do?

Drex DeFord: And

James Winebrenner: now what do

Drex DeFord: I do? Yeah.

James Winebrenner: Yeah. And the traditional, like, well, do we go. You know, start a patching program to try and find all these things and patch them. Or do we, uh, do we, you know, uh, segment them by, adding firewalls and creating A-V-L-A-N and trying to move, you know, manually move devices over?

Like, what are the, what are the ways for us to mitigate the risk associated with that footprint and what mainline, uh, experience working with us, which is what, what, you know, the, the whole reason we exist is. And we're able to take that arm data, drop it into our identity graph, and immediately be able to map a mitigating control policy, uh, back around those assets while they're running in situ without having to re-plumb the network.

Drex DeFord: Mm-hmm.

James Winebrenner: Without having to go through, a lot of change. And that's one of the things that Aaron, I think is the most proud of, is the speed with which his team was able to take and go from visibility to. Control and having that, that mitigating control policy in place. So,, we're always excited for, for, again, for customers be able to kind of tell their story.

But in Mainline's case, I think the piece that's resonated is just the [00:06:00] time to value. How quickly they were able to go from what do we do to this is our plan, to now we've executed and we're onto the next thing.

Drex DeFord: That's great. Um, I know that, uh, we, we had sort of talked very briefly, uh, before we started about the ambulance chasing problem in cybersecurity and in healthcare cybersecurity in particular.

And I know that you guys, uh, are not. On that path. Um, but it is interesting to see sometimes when the bad things happen, uh, you know, everyone tries to come outta the woodwork at a time when folks don't have time, um, to talk to a hundred, uh, different partners. It, it turns out that's really important why you do the pre-work so that you don't have to make a lot of those decisions in the heat of the moment and pay a premium because of it.

Right.

James Winebrenner: As we have been working now in, in the clinical healthcare space for the last, uh, almost five years, uh, one of the things that consistently impresses me is how, uh, how. Operationally rigorous, these environments are, and the teams that are supporting, uh, this infrastructure are doing [00:07:00] so much with, frankly, comparatively a lot fewer resources than certainly what we see in regulated financials or, even in, in pharma and in, in some other areas.

And so, you know, that that concept of sort of piling on after the, the incident gets announced is just, I mean, it's, it's disrespectful, frankly. Uh, and this is a big part of where again, we are trying very hard to amplify the success stories the customers are seeing, where they are proactively able to get out in front of, uh, getting some of these controls in place and, um, and really talk about the fact that it doesn't have to be as hard or as complicated as it used to be.

Uh, and, and, um, and, you know, show, hey, what this is the art of the possible, uh, with if we leverage the, the, the, the, the new technical approach that we've, uh, that we've brought to the table. And so that, uh, hopefully puts us in much more proactive than, than reactive. Mode. We're always happy to help, uh, when, uh, when folks are trying to recover from an incident, but would much prefer to be on the front end of that equation.

Drex DeFord: I, I think for me it was always, uh, when I was on the partner side, when a bad thing [00:08:00] happens somewhere, the best thing I could do was just send like a stack of pizzas and just say. Let me know if I can do anything to help, because you knew people were gonna be working, uh, you know, long nights and all weekend and for weeks on end to kind of get this stuff, um, uh, back in the game.

Yeah. Speaking of which you're watching the pit.

James Winebrenner: Yes,

Drex DeFord: yes. Everybody's new favorite, uh, hospital TV show, um, now in like its third season or second season. It's been going on for a while. Uh, there's a cybersecurity incident going on right now in the pit.

James Winebrenner: It's funny that you bring this up.

I think this has been, uh, an interesting opportunity for us to be able to kind of have this conversation with some folks that, you know, again, you hear about ransomware, you hear about, you know, you see the, headlines of such and such a system, you know, got shut down. Uh, but we don't really understand the implications of it.

And I think having, you know, uh, a couple episodes where you're watching. This emergency room have to actually go analog and what does that mean and, what are all of the different [00:09:00] processes that are impacted? And you see the reality of the, of the, um, the doctors and the nurses working so hard to continue to provide.

This patient care, uh, but literally, you know, doing so, uh, not even understanding kind of how these processes work. And so it's been interesting to have it in sort of an abstract Hollywood version, uh, to be able to, you know, have conversation about where we're, we're Again, we're not, uh, we're not kind of piled onto somebody that's going through it in real time, but unfortunately, I mean, the reason it's in the Hollywood vernacular is because we're seeing these headlines, you know, continue to see them, you know, time and time again.

Drex DeFord: How, how do you think they're doing, uh, with the, with the depiction of the event?

James Winebrenner: It's, it's very interesting to watch. I mean, clearly they've gone over the top on some things. I think the, you know, the, the, the 23-year-old that had never seen a fax machine and didn't understand what toner was, you know, and part, part of that's just, you know, me showing my age.

But, uh, but no, I mean, I, I think that they're, I think they're doing a great job. Um, I had a little bit of exposure to, uh, to er, uh, in my younger years I was a, uh, I was [00:10:00] a, uh, EMT. And, uh, you know, I think they've captured certainly the energy level of, uh. Of, you know, what's going on and just the sort of the, the controlled chaos in that environment, even on a good day.

And then what happens, you know, kind of when the, when the lights go out.

Drex DeFord: Yeah. There's a lot of, um, I don't know, I just, I've always, since I've been here, I just have clicked that this is the way we did it. This thing has happened and now I, I don't know how to, I don't know what actually is happening behind the scenes.

So, um, the struggle to kind. Stay on top of it. So if you haven't seen the Pit for, for folks who are listening, you haven't seen the Pit, we don't wanna spoil it for you. It's, but it's, it's a very interesting set of episodes, um, that are happening around this event. Last question that I should probably ask you about RSA and you're going to RSA, uh, what's happening there?

What are you expecting to get outta RSA? What's the exciting part of, um, I mean, it's giant. It's a huge conference. It's bigger than himss.

James Winebrenner: It's a, it's a huge conference and it seems to just continue to get bigger and bigger every, every year. Um, [00:11:00] so we have, we have a very specific set of goals at, at RSA.

Um, we try very hard to, uh. One, not get lost in the noise. Um, and, you know, my belief is, you know, our, our customers are not necessarily gonna be the folks that are, you know, walking the floor, you know, looking for, uh, tchotchkes and t-shirts and things. Um, we try and create opportunities for, uh, prospects, uh, folks that are interested in what we're doing.

To spend time with folks that are, uh, that are already, uh, on the platform and, and literally get the, the learnings of understanding, you know, how did you solve this problem? Why did you choose Felicity? What's the partnership been like? So we, we really work hard to foster those interaction opportunities.

And we've got a couple really interesting, kind of cool events going on a CISO event, uh, that we're doing. Uh, we, uh, we, we, we bought out the far gamo, uh, boutique. Uh, so kind of a fun place. For people to get away from the noise of the floor, uh, get to hang out and, uh, and, and chat with their peers. Um, and then we also always do a customer advisory board [00:12:00] meeting in conjunction with, uh, with RSA.

There's enough of our customers that are traveling for it anyway, and it just, uh, makes. Sense to get everybody together for, uh, for, you know, essentially a half day ahead of the event. We do it up in Napa, so it's beautiful and it's a great opportunity again for us to get feedback directly from our existing customers.

We have our product and engineering leadership there. We share what's, uh, you know, what's on the roadmap. A lot of the feedback, uh, the customers are, are, uh, giving to us on, uh, on where they want us to take the platform. And so it's a great, you know, way to kick off the week, uh, interacting with, with our customer advisory board.

Drex DeFord: Yeah. Love that. Um, man, I feel like there's a hundred other things I could ask you, but we probably should, uh, manage the time here. I really appreciate you being on. Always interesting to have the conversation, always in interesting to hear what you are thinking, where elicits going, and uh, I appreciate you being on program.

James Winebrenner: Thank you very much, Drex. Always great to see you.

Thanks for joining this executive interview on UnHack with me Drex Deford here this week. Health, we believe every healthcare leader needs a community to lean on and learn from. [00:13:00] Build your network at this week, health.com/subscribe and share this with a colleague because together we're stronger.