WEBVTT 1 00:00:07.080 --> 00:00:09.510 Anna Delaney: Hello, and welcome to the ISMG Editors' Panel. I'm 2 00:00:09.510 --> 00:00:12.030 Anna Delaney, and amongst our discussions this week, we're 3 00:00:12.030 --> 00:00:14.820 delving into the cyberattack sending shockwaves through the 4 00:00:14.820 --> 00:00:18.570 healthcare sector. And we'll be discussing Palo Alto strategic 5 00:00:18.570 --> 00:00:21.360 pivot and exploring its far reaching implications for the 6 00:00:21.360 --> 00:00:24.810 industry. The brilliant panelists today include Tom 7 00:00:24.810 --> 00:00:27.990 Field, senior vice president of editorial; Marianne Kolbasuk 8 00:00:27.990 --> 00:00:31.110 McGee, executive editor for HealthcareInfoSecurity, and 9 00:00:31.110 --> 00:00:34.890 Michael Novinson, managing editor for ISMG business. Very 10 00:00:34.890 --> 00:00:35.670 good to see you all. 11 00:00:36.300 --> 00:00:37.680 Tom Field: Thanks for having us all, as always. 12 00:00:38.280 --> 00:00:38.880 Michael Novinson: Good to see you. 13 00:00:39.330 --> 00:00:42.330 Anna Delaney: So we have to start with the platter of color. 14 00:00:42.330 --> 00:00:45.000 I love all of this. Marianne, where are you? 15 00:00:45.990 --> 00:00:51.150 Marianne McGee: This is actually a student mural at a local 16 00:00:51.150 --> 00:00:53.730 college where we take our dog for walks in the evening. 17 00:00:54.360 --> 00:00:57.540 There's like this underpass that connects one part of the campus 18 00:00:57.540 --> 00:01:01.800 to the other side. And every school year, there's new artists 19 00:01:01.830 --> 00:01:06.120 that, you know, paint the mural, and I wanted to take this 20 00:01:06.120 --> 00:01:09.870 picture before they whitewash it and get ready for the next one. 21 00:01:10.410 --> 00:01:11.130 I thought it was pretty. 22 00:01:11.790 --> 00:01:13.080 Tom Field: I'd have just guessed Woodstock. 23 00:01:13.620 --> 00:01:16.860 Marianne McGee: Yeah. Well, the thing is, it's dark in New 24 00:01:16.860 --> 00:01:19.500 England. Every day is the same grey weather. We needed 25 00:01:19.500 --> 00:01:21.120 something to cheer me up. 26 00:01:21.360 --> 00:01:24.600 Anna Delaney: Yeah, for sure. Spring is in the air. Michael, 27 00:01:24.720 --> 00:01:26.730 it's sort of complements your background, I think. 28 00:01:27.290 --> 00:01:29.360 Michael Novinson: Absolutely. I'm coming to you from downtown 29 00:01:29.360 --> 00:01:32.360 Providence, Rhode Island. This is the site of the Lumina 30 00:01:32.360 --> 00:01:35.390 festival essentially in the dead of winter, they bring brightly 31 00:01:35.390 --> 00:01:38.450 colored lights and pedestals - all these like spin, brought my 32 00:01:38.450 --> 00:01:41.090 three-year old daughter there, she had fun spinning every 33 00:01:41.090 --> 00:01:43.640 single pedestal for about 40 minutes until she realized she 34 00:01:43.640 --> 00:01:46.640 was cold and wanted to go back to the car. But nice way to 35 00:01:46.640 --> 00:01:48.770 bring a little cheer to a cold winter day. 36 00:01:49.340 --> 00:01:51.800 Anna Delaney: Very much so. Speaking of cold, Tom, your back 37 00:01:51.800 --> 00:01:52.460 in the cold. 38 00:01:53.030 --> 00:01:56.420 Tom Field: Was, as this was the view from the hotel in New York 39 00:01:56.420 --> 00:02:00.200 City. We were there for the postponed summit a couple of 40 00:02:00.200 --> 00:02:02.780 weeks back. As you know, New York was predicted at the time 41 00:02:02.780 --> 00:02:06.110 to receive its biggest snowstorm in two years, that prediction 42 00:02:06.110 --> 00:02:10.490 wasn't quite fulfilled. But for a minute or two, we had the 43 00:02:10.490 --> 00:02:11.810 scene at the hotel room window. 44 00:02:12.230 --> 00:02:15.440 Anna Delaney: And it makes a great backdrop. So well done for 45 00:02:15.440 --> 00:02:17.900 taking it. Well, I just thought it was time to share one of 46 00:02:17.900 --> 00:02:21.440 Anna's vinyard experiences again, and this is in Sussex in 47 00:02:21.440 --> 00:02:25.190 the U.K., where they make lovely sparkling wine, but we won't 48 00:02:25.190 --> 00:02:30.410 tell the French that. So Tom, what is your topic today, I 49 00:02:30.410 --> 00:02:32.750 believe it's ISMG - one close to home. 50 00:02:32.000 --> 00:02:34.694 Tom Field: I do. This is something we don't talk about 51 00:02:34.756 --> 00:02:38.641 nearly enough. And I think it's time that we do talk about how 52 00:02:38.704 --> 00:02:42.338 we editors, that Information Security Media Group go about 53 00:02:42.400 --> 00:02:46.285 approaching our business, I'm going to start with a little bit 54 00:02:46.348 --> 00:02:50.045 of background, I came to ISMG, almost 17 years ago. At that 55 00:02:50.107 --> 00:02:53.553 time I worked for a print publication that didn't quite 56 00:02:53.616 --> 00:02:57.501 get the memo about online. To them, the web presence was where 57 00:02:57.563 --> 00:03:01.448 you put sidebars and pieces that didn't fit into the magazine. 58 00:03:01.511 --> 00:03:05.270 The notion of using the web to lead with your information as 59 00:03:05.333 --> 00:03:08.904 your main conduit to your readers was lost on the editors 60 00:03:08.967 --> 00:03:12.977 at the time. And that was one of the things that attracted me to 61 00:03:13.039 --> 00:03:16.924 ISMG - an opportunity to come someplace where security was the 62 00:03:16.987 --> 00:03:20.871 focus, because you can see that security was going to be a big 63 00:03:20.934 --> 00:03:24.631 deal. And where online wasn't just part of the strategy. It 64 00:03:24.694 --> 00:03:28.641 was the only strategy. And so I gladly made that move. And it's 65 00:03:28.704 --> 00:03:32.776 panned out in so many ways, look at the organization and the team 66 00:03:32.839 --> 00:03:36.536 that we have today. And ever since that time, we've focused 67 00:03:36.598 --> 00:03:40.483 on what's important and why it's important. We've done that in 68 00:03:40.546 --> 00:03:43.992 banking, in government, in healthcare, we've brought in 69 00:03:44.054 --> 00:03:47.688 from the U.S. to the world. We've added recent topics such 70 00:03:47.751 --> 00:03:51.636 as AI, and certainly broadened into events and to programming. 71 00:03:51.698 --> 00:03:55.332 So it's a far different world. When you look around at the 72 00:03:55.395 --> 00:03:59.092 media landscape in 2024, the print publication I came from, 73 00:03:59.155 --> 00:04:03.227 is gone. Most print publications have gone away and are left with 74 00:04:03.290 --> 00:04:06.611 their online presence. When I came over, to be in the 75 00:04:06.673 --> 00:04:10.182 publishing business required a significant investment in 76 00:04:10.245 --> 00:04:13.879 infrastructure. There's no barrier to entry today, you can 77 00:04:13.941 --> 00:04:17.826 be on social media and you can declare yourself an influencer. 78 00:04:17.889 --> 00:04:21.836 And as long as somebody supports you, you're an influencer. And 79 00:04:21.899 --> 00:04:25.408 the what and the when, the things that we as news people 80 00:04:25.470 --> 00:04:29.480 really built our foundations on, they are commodity now. Anybody 81 00:04:29.543 --> 00:04:32.926 can be a source of news. And with the use of gen AI in 82 00:04:32.989 --> 00:04:36.936 particular can put news together in a way that anybody can give 83 00:04:36.999 --> 00:04:40.445 you the what and the when. There's nothing unique about 84 00:04:40.508 --> 00:04:43.829 that. And so that's forced Information Security Media 85 00:04:43.891 --> 00:04:47.400 Group, to rethink how we do things. And the focus is not 86 00:04:47.463 --> 00:04:51.473 just what happened and when did it happen? Why does this matter? 87 00:04:51.535 --> 00:04:55.107 What can you, our audience members, do about these issues 88 00:04:55.169 --> 00:04:58.741 that we're putting in front of you. How do experts in the 89 00:04:58.803 --> 00:05:02.500 industry feel about this? And what advice can you take from 90 00:05:02.563 --> 00:05:06.322 them. And it's the way we've shifted the way of how we focus 91 00:05:06.385 --> 00:05:10.395 on producing the content that we do. Now you see it in different 92 00:05:10.457 --> 00:05:14.092 ways. You see it in your own programming, Anna. This panel 93 00:05:14.154 --> 00:05:17.851 right here, where we bring together our internal experts to 94 00:05:17.914 --> 00:05:21.673 talk about what we see and what we're hearing and what we're 95 00:05:21.736 --> 00:05:25.620 participating in, occasionally bringing in guests such as Troy 96 00:05:25.683 --> 00:05:29.568 Leach from the Cloud Security Alliance a couple of weeks back, 97 00:05:29.630 --> 00:05:33.515 and Jeremy Grant, not long ago, either, the recent programming 98 00:05:33.578 --> 00:05:37.588 that you and I have done in the Proof of Concept series, talking 99 00:05:37.650 --> 00:05:41.222 about election security, and talking about the use of AI. 100 00:05:41.284 --> 00:05:45.044 We've seen it in our coverage. Over the past week or so, the 101 00:05:45.106 --> 00:05:48.929 couple of weeks, the LockBit shut down and aftermath has been 102 00:05:48.991 --> 00:05:52.688 something where we have focused not on just each individual 103 00:05:52.751 --> 00:05:56.573 event that's happened. But what does this mean? How does this 104 00:05:56.635 --> 00:05:59.643 impact your role? Marianne's going to talk about 105 00:05:59.705 --> 00:06:03.590 UnitedHealthcare today, and this huge healthcare breach story, 106 00:06:03.653 --> 00:06:07.287 her coverage has been much the same, not focusing on every 107 00:06:07.349 --> 00:06:11.234 little item that happens. And the who, what, when and why. But 108 00:06:11.297 --> 00:06:15.307 what matters here, what can you - our audience members - do with 109 00:06:15.370 --> 00:06:18.690 this information? We had a meeting yesterday, where I 110 00:06:18.753 --> 00:06:22.700 thought Marianne and Matt summed things up really well, is when 111 00:06:22.763 --> 00:06:26.585 taking in all this information. You pay attention to what are 112 00:06:26.648 --> 00:06:30.470 the key questions we have to focus on. And that really is our 113 00:06:30.532 --> 00:06:34.229 mission, to focus on the right questions for an audience of 114 00:06:34.292 --> 00:06:37.926 over 1.3 million security and technology leaders globally. 115 00:06:37.988 --> 00:06:41.873 Now, the objectives for us, it's not to be first, this isn't a 116 00:06:41.936 --> 00:06:45.695 medium anymore, we're being first get your points, we've got 117 00:06:45.758 --> 00:06:49.517 to be best. And best means to be comprehensive, to make sure 118 00:06:49.580 --> 00:06:53.339 you're focusing on the topics that matter, to be analytical, 119 00:06:53.402 --> 00:06:57.287 make sure you're diving in and exploring why this news matters 120 00:06:57.349 --> 00:07:01.234 to our audience, and to present a view, to give them something 121 00:07:01.297 --> 00:07:05.244 that's unique that they aren't going to get somewhere else. And 122 00:07:05.307 --> 00:07:09.379 certainly they are going to have served up by gen AI, focusing on 123 00:07:09.442 --> 00:07:13.515 the topics that count. And today that can be AI, it can be OT, it 124 00:07:13.577 --> 00:07:17.399 can be the further evolution of SASE or identity, ransomware. 125 00:07:17.462 --> 00:07:21.096 And it's going to be programming that engages where we get 126 00:07:21.159 --> 00:07:24.918 together and discuss what we know, we bring our guests in to 127 00:07:24.981 --> 00:07:28.740 share who we know. And we make sure that we're answering the 128 00:07:28.803 --> 00:07:32.813 right questions. So in a lot of ways, it's a brave new world. It 129 00:07:32.875 --> 00:07:36.572 was a brave new world when I came here in 2007. And we made 130 00:07:36.635 --> 00:07:40.582 the shift from print to online, we're making the shift now from 131 00:07:40.645 --> 00:07:44.592 online to exclusive to standing out. And at a time when you see 132 00:07:44.655 --> 00:07:48.665 giants in the industry, and I've spoken about this before, we've 133 00:07:48.728 --> 00:07:52.236 seen the venerated magazine Sports Illustrated shutdown. 134 00:07:52.299 --> 00:07:55.870 We've seen the Los Angeles Times, pare down it's newsroom 135 00:07:55.933 --> 00:07:59.630 by 20%. I don't want to be in those numbers. I want to make 136 00:07:59.692 --> 00:08:03.514 sure that we know that people know who we are, and that we're 137 00:08:03.577 --> 00:08:06.835 here and that we're not forgotten, and that we stand 138 00:08:06.898 --> 00:08:10.657 out. And I thought it was just time to take a few minutes to 139 00:08:10.720 --> 00:08:14.354 talk about who we are at ISMG - what we stand for, and our 140 00:08:14.417 --> 00:08:18.176 pledge to you as our audience members to. When you come here 141 00:08:18.239 --> 00:08:21.873 and you share your time and attention with us, we're going 142 00:08:21.935 --> 00:08:25.945 to make it worth your while and give you information. It's going 143 00:08:26.008 --> 00:08:29.830 to help you understand what's happening in our world, and how 144 00:08:29.893 --> 00:08:33.590 you can apply that in your own enterprise. So there you go. 145 00:08:33.000 --> 00:08:37.320 Anna Delaney: Very well said! So Tom, as journalists, we need not 146 00:08:37.320 --> 00:08:41.400 fear AI, but actually use it to our advantage and get those 147 00:08:41.400 --> 00:08:42.840 creative juices buzzing. 148 00:08:43.290 --> 00:08:45.930 Tom Field: Oh, there's so much to be done with AI that helps us 149 00:08:45.930 --> 00:08:48.690 in our own personal productivity and helps us analyze 150 00:08:48.690 --> 00:08:51.720 information. It helps to automate some of the manual 151 00:08:51.720 --> 00:08:55.050 things that we do now. I am liking it. I've said this again 152 00:08:55.080 --> 00:08:57.690 before, I hate to do it, because it shows how old I am every time 153 00:08:57.690 --> 00:09:01.260 I say this, but when I first started newspapers, I was given 154 00:09:01.260 --> 00:09:04.230 a choice between did I want a typewriter or did I want to use 155 00:09:04.500 --> 00:09:07.980 a computer, which at that time, by the way, was a RadioShack 156 00:09:08.640 --> 00:09:12.600 Tandy computer. And I chose the computer because I wanted to be 157 00:09:12.600 --> 00:09:15.360 part of the emergent technology, I wanted the ability to be able 158 00:09:15.360 --> 00:09:17.910 to write and cut and paste and edit and do things you couldn't 159 00:09:17.910 --> 00:09:22.200 do with a typewriter. We are at a similar inflection point now. 160 00:09:22.620 --> 00:09:26.940 And gen AI is going to open so many doors for us and help us 161 00:09:26.940 --> 00:09:30.120 evolve our roles in ways that we can't imagine. It is something 162 00:09:30.120 --> 00:09:33.120 to run to, run with, not run from. 163 00:09:33.960 --> 00:09:37.890 Anna Delaney: Very well said. Marianne, so for the past few 164 00:09:37.890 --> 00:09:40.680 days, you've been reporting on what's been called the most 165 00:09:40.680 --> 00:09:43.890 significant cyberattack on the healthcare sector in U.S. 166 00:09:43.890 --> 00:09:47.100 history. And I know there are a few twists and turns here, but 167 00:09:47.100 --> 00:09:49.470 maybe just bring us up to speed with the story and its 168 00:09:49.470 --> 00:09:51.420 implications for the healthcare sector. 169 00:09:51.930 --> 00:09:55.080 Marianne McGee: Sure. Well, every day it just seems like the 170 00:09:55.151 --> 00:09:59.661 fallout from the February 21st cyberattack on Change Healthcare 171 00:09:59.733 --> 00:10:03.599 gets worse. And as you said, some groups including the 172 00:10:03.670 --> 00:10:08.109 American Hospital Association is calling the Change Healthcare 173 00:10:08.181 --> 00:10:11.975 incident the most significant cyberattack in the U.S. 174 00:10:12.047 --> 00:10:16.056 healthcare system to date. And I have to agree with that 175 00:10:16.127 --> 00:10:20.494 assessment based on everything that I've seen so far. And all 176 00:10:20.566 --> 00:10:24.647 the zillions of other breaches and attacks that I've been 177 00:10:24.718 --> 00:10:29.229 covering over the years in the healthcare sector. The impact is 178 00:10:29.300 --> 00:10:33.166 being felt like no other cyberattack in the healthcare 179 00:10:33.238 --> 00:10:37.748 sector today. What happened is that Change Healthcare for those 180 00:10:37.820 --> 00:10:42.187 people who are not familiar with it, it's an IT services firm 181 00:10:42.258 --> 00:10:46.339 that was acquired a couple of years ago by Optum for $7.8 182 00:10:46.411 --> 00:10:50.706 billion. Optum is a unit of UnitedHealth Group, which is one 183 00:10:50.778 --> 00:10:55.073 of the largest health insurers in the U.S. Change Healthcare 184 00:10:55.145 --> 00:10:59.727 says it handles about 15 billion transactions per year, touching 185 00:10:59.798 --> 00:11:03.807 about one in three U.S. patients in some way. Now Change 186 00:11:03.879 --> 00:11:08.103 Healthcare provides IT services for more than 100 different 187 00:11:08.174 --> 00:11:12.756 critical functions that keep the U.S. health system running from 188 00:11:12.828 --> 00:11:16.980 claims processing, pharmacy benefits, clinical information 189 00:11:17.052 --> 00:11:21.562 exchange and pre-authorization for patient care. However, since 190 00:11:21.634 --> 00:11:26.144 the attack on February 21, most of these it functions have been 191 00:11:26.215 --> 00:11:30.582 unavailable because Optum took Change's IT systems offline as 192 00:11:30.654 --> 00:11:34.806 the company responds to the attack, and to keep the damage 193 00:11:34.878 --> 00:11:39.388 from spreading to other parts of Optum and UnitedHealth Group's 194 00:11:39.460 --> 00:11:43.397 IT environments. In the meantime, the American Hospital 195 00:11:43.469 --> 00:11:47.120 Association with which represents thousands of U.S. 196 00:11:47.192 --> 00:11:51.845 hospitals, says that as a result of the ongoing change healthcare 197 00:11:51.917 --> 00:11:55.854 IT outage, patients are struggling to get timely access 198 00:11:55.926 --> 00:12:00.579 to care and their prescriptions. Billions of dollars have stopped 199 00:12:00.651 --> 00:12:05.161 flowing to providers. And this is all threatening the financial 200 00:12:05.233 --> 00:12:09.671 viability of hospitals, health systems, physician offices, and 201 00:12:09.743 --> 00:12:14.110 other medical care providers. Meanwhile, the American Medical 202 00:12:14.182 --> 00:12:18.048 Association, which is a professional organization that 203 00:12:18.119 --> 00:12:21.842 represents physicians, also contends that the Change 204 00:12:21.913 --> 00:12:26.352 Healthcare outage is threatening the viability of many medical 205 00:12:26.424 --> 00:12:30.290 practices, especially the smaller ones that operate on 206 00:12:30.361 --> 00:12:34.299 tiny margins and are already under tremendous financial 207 00:12:34.370 --> 00:12:38.666 pressures. The AHA and AMA and others also say that the many 208 00:12:38.737 --> 00:12:43.319 manual workaround processes that Optum has been recommending for 209 00:12:43.391 --> 00:12:47.686 affected entities to implement while the outage persists are 210 00:12:47.758 --> 00:12:51.910 ineffective and impractical. Meanwhile, UnitedHealth Group 211 00:12:51.982 --> 00:12:56.134 took the highly unusual move the other day of announcing a 212 00:12:56.206 --> 00:13:00.644 financial assistance program to help some of the entities that 213 00:13:00.716 --> 00:13:04.582 were affected by the Change Healthcare IT outage. That 214 00:13:04.654 --> 00:13:08.806 assistance includes short-term financing to help with cash 215 00:13:08.877 --> 00:13:12.958 flows that are being disrupted. But the American Hospital 216 00:13:13.030 --> 00:13:17.397 Association was highly critical of the program, saying it was 217 00:13:17.468 --> 00:13:21.764 too onerous and exceedingly limited in terms of who can take 218 00:13:21.835 --> 00:13:26.059 advantage of the financing. Since then, the U.S. Department 219 00:13:26.131 --> 00:13:30.283 of Health and Human Services has also stepped in with some 220 00:13:30.355 --> 00:13:34.436 regulatory maneuvers aimed at helping affected healthcare 221 00:13:34.507 --> 00:13:38.946 organizations with their cash flow problems. That includes for 222 00:13:39.017 --> 00:13:43.384 instance, some moves that are meant to help facilitate faster 223 00:13:43.456 --> 00:13:47.394 payments to Medicare and Medicaid health care providers 224 00:13:47.465 --> 00:13:51.761 as they trudge through this outage. Now, last week, BlackCat 225 00:13:51.832 --> 00:13:55.841 took credit for the attack claiming to have stolen about 226 00:13:55.913 --> 00:13:59.994 six terabytes of data pertaining to all Change Healthcare 227 00:14:00.065 --> 00:14:04.432 clients. To add insult to injury and all this now, it's being 228 00:14:04.504 --> 00:14:09.014 reported that UnitedHealth Group paid a $22 million ransom to a 229 00:14:09.086 --> 00:14:13.596 BlackCat affiliate for decrypter key and for destruction of the 230 00:14:13.668 --> 00:14:17.892 stolen data. Now, that BlackCat affiliate who claimed to be 231 00:14:17.963 --> 00:14:22.259 behind the attack now says that BlackCat administrators, you 232 00:14:22.330 --> 00:14:26.411 know, main operation, they kept the entirety of the Optum 233 00:14:26.482 --> 00:14:30.921 payment, and did not share any of that with the affiliate. And 234 00:14:30.993 --> 00:14:35.002 so it appears that Change Healthcare might have gotten a 235 00:14:35.073 --> 00:14:39.154 decrypter key for the ransom, but that its stolen data is 236 00:14:39.226 --> 00:14:43.593 still being held hostage by the BlackCat affiliate. Optum has 237 00:14:43.664 --> 00:14:47.960 not commented on the reports that the company paid a ransom. 238 00:14:48.032 --> 00:14:52.399 In the meantime, our colleague Mat Schwartz has also reported 239 00:14:52.470 --> 00:14:56.479 this week that BlackCat's Tor-based data leak site has a 240 00:14:56.551 --> 00:15:01.204 message posted on it saying that the FBI ceased the sight as part 241 00:15:01.276 --> 00:15:05.715 of a coordinated law enforcement action, taking down BlackCat. 242 00:15:05.786 --> 00:15:09.509 Now, last December, law enforcement did indeed cease 243 00:15:09.581 --> 00:15:13.876 BlackCat's infrastructure, but it only temporarily disrupted 244 00:15:13.948 --> 00:15:18.315 that group. And now security researchers are saying that this 245 00:15:18.386 --> 00:15:22.539 is sort of a ruse that, you know, BlackCat has put up this 246 00:15:22.610 --> 00:15:27.049 notice to make it seem like oh, no, we're out of business. But 247 00:15:27.120 --> 00:15:31.774 actually, it's just some sort of exit scam. And the DOJ right now 248 00:15:31.845 --> 00:15:36.356 is denying that it took BlackCat down for a second time. In any 249 00:15:36.427 --> 00:15:40.508 case, the situation is just growing worse, as this outage 250 00:15:40.580 --> 00:15:44.589 lasts, and it just keeps persisting, we're not sure when 251 00:15:44.660 --> 00:15:49.242 it's going to be over. And we've seen many ransomware attacks in 252 00:15:49.314 --> 00:15:53.896 the healthcare sector. But this has been so disruptive by for so 253 00:15:53.967 --> 00:15:58.191 many in the ecosystem that it will surely negatively impact 254 00:15:58.263 --> 00:16:02.558 the bottom lines of many change healthcare clients and their 255 00:16:02.630 --> 00:16:07.140 affiliates. Now, on top of that, with all this disruption, it's 256 00:16:07.212 --> 00:16:11.435 only a matter of time before Optum determines the extent of 257 00:16:11.507 --> 00:16:15.659 the data compromise that most likely occurred and probably 258 00:16:15.731 --> 00:16:20.170 affects not only scores of the company's clients, but millions 259 00:16:20.241 --> 00:16:24.608 of their patients. So we'll have to wait and see what happens 260 00:16:24.680 --> 00:16:29.047 next. But this whole thing is just a lesson in what you don't 261 00:16:29.119 --> 00:16:33.128 want to happen. And it's happened. It's sort of like the 262 00:16:33.199 --> 00:16:34.560 nightmare scenario. 263 00:16:35.730 --> 00:16:38.850 Anna Delaney: Huge story. Marianne, what about the 264 00:16:38.880 --> 00:16:42.360 vulnerabilities exploited here? How are researchers and experts 265 00:16:42.360 --> 00:16:45.840 analyzing the cyberattack and its underlying vulnerabilities? 266 00:16:46.770 --> 00:16:50.730 Marianne McGee: Well, I guess it, sometime this thing seems to 267 00:16:50.730 --> 00:16:53.640 be rolling into months. But it's only been a couple of weeks. I 268 00:16:53.640 --> 00:16:59.790 think it was last week, the U.S. government had put out a 269 00:16:59.790 --> 00:17:03.630 publication of indicators of compromise for BlackCat, in 270 00:17:03.630 --> 00:17:10.200 general. And Optum has said that it's also shared the indicators 271 00:17:10.230 --> 00:17:14.430 of compromise that they've found so far in their investigation. 272 00:17:14.760 --> 00:17:18.960 And it looks like it was like a multi vector sort of thing. You 273 00:17:18.960 --> 00:17:22.170 know, there's on their suspicion that there was social 274 00:17:22.170 --> 00:17:26.190 engineering involved, you know, early on in this attack, they 275 00:17:26.910 --> 00:17:31.770 were suspecting that connect wise, the screen connect, 276 00:17:31.950 --> 00:17:35.820 product vulnerabilities might have been exploited. Maybe 277 00:17:35.820 --> 00:17:39.630 that's the case. But that was not the main, you know, way this 278 00:17:39.630 --> 00:17:43.800 happened. It seems to be multifaceted sort of thing and 279 00:17:43.800 --> 00:17:46.770 then I was listening on to a webinar just yesterday, you 280 00:17:46.770 --> 00:17:51.660 know, some pundits speaking about this. And it seems like it 281 00:17:51.660 --> 00:17:54.690 was like an enterprise wide sort of attack. So it wasn't just, 282 00:17:54.720 --> 00:17:58.980 you know, one way in; it was well planned, and, you know, a 283 00:17:58.980 --> 00:18:03.990 multiple sort of strategy involved with the attack, which, 284 00:18:04.050 --> 00:18:06.120 you know, again, it's a frightening scenario for the 285 00:18:06.120 --> 00:18:08.160 healthcare sector, because, again, you know, this is a lot 286 00:18:08.160 --> 00:18:12.540 of financial transactions that are being impacted and you know, 287 00:18:12.540 --> 00:18:14.670 patient safety is always a concern as well. 288 00:18:14.000 --> 00:18:18.020 Tom Field: Good time to host a HIMSS conference now. 289 00:18:19.070 --> 00:18:19.640 Marianne McGee: I'm sorry? 290 00:18:19.910 --> 00:18:21.380 Tom Field: Good time to host the HIMSS conference. 291 00:18:21.380 --> 00:18:25.010 Marianne McGee: Yeah. This should be probably, I would say, 292 00:18:25.010 --> 00:18:29.180 probably top on the agenda of what's discussed there. Good 293 00:18:29.180 --> 00:18:30.200 timing for HIMSS. 294 00:18:31.800 --> 00:18:33.330 Anna Delaney: Well, this won't be the last of it. But thank you 295 00:18:33.330 --> 00:18:37.140 so much, Marianne. Well, Michael, there's a big industry 296 00:18:37.140 --> 00:18:39.840 story of the past few weeks, and that is Palo Alto Networks' 297 00:18:39.840 --> 00:18:43.590 decision to offer free products to new platform customers. So 298 00:18:43.830 --> 00:18:46.470 tell us about the strategy and the market's response. 299 00:18:46.800 --> 00:18:49.193 Michael Novinson: Palo Alto Networks had their earnings. And 300 00:18:49.250 --> 00:18:52.840 they did announce exactly what you described there. And it came 301 00:18:52.897 --> 00:18:55.974 as a surprise to industry observers, to competitors to 302 00:18:56.031 --> 00:18:59.165 customers. And that is essentially the problem, as they 303 00:18:59.222 --> 00:19:02.585 described it is that they're seeing prospects out there who 304 00:19:02.642 --> 00:19:06.232 use Palo Alto for certain pieces of their technology stack. But 305 00:19:06.289 --> 00:19:09.480 then they're interested in growing their other footprint 306 00:19:09.537 --> 00:19:12.728 with Palo Alto Networks. But it's too expensive, because 307 00:19:12.785 --> 00:19:16.090 they're locked into an existing sim product or an existing 308 00:19:16.147 --> 00:19:19.566 endpoint security product, or an existing firewall, existing 309 00:19:19.623 --> 00:19:23.042 cloud security tool. And they simply can't afford to pay for 310 00:19:23.099 --> 00:19:26.348 two different tools that do the exact same thing from two 311 00:19:26.405 --> 00:19:29.995 different companies at the same time. So Palo Alto Networks was 312 00:19:30.052 --> 00:19:33.471 thinking is, hey, how can we make it easier for customers to 313 00:19:33.528 --> 00:19:37.118 transition onto our platform and use our technology in multiple 314 00:19:37.175 --> 00:19:40.708 different areas of security? So what they came out and said is 315 00:19:40.765 --> 00:19:44.070 that if you agree to use our platform, and the question is 316 00:19:44.127 --> 00:19:47.432 going to be how that's defined, that we will for up to six 317 00:19:47.489 --> 00:19:51.136 months, pick up the cost of the Palo Alto Network security tool, 318 00:19:51.193 --> 00:19:54.499 while your contract with your existing vendor Ron Zack. So 319 00:19:54.556 --> 00:19:58.203 essentially, it's just trying to lower the barriers to entry for 320 00:19:58.260 --> 00:20:01.223 people to expand their footprint. And with Palo Alto 321 00:20:01.280 --> 00:20:04.357 Networks, this is not something that we've really seen 322 00:20:04.414 --> 00:20:07.434 established big security vendors do. Security vendors 323 00:20:07.491 --> 00:20:10.569 historically have been very clear that they compete on 324 00:20:10.626 --> 00:20:14.159 quality, they don't compete on price. They're not trying to be 325 00:20:14.216 --> 00:20:17.806 the cheapest, they're trying to be the best. So it's an unusual 326 00:20:17.863 --> 00:20:21.054 move. The folks who have seen this move of bundling free 327 00:20:21.111 --> 00:20:24.131 technology is Microsoft and Microsoft has grown their 328 00:20:24.188 --> 00:20:27.664 security business very quickly doing this in particular, what 329 00:20:27.721 --> 00:20:30.913 Microsoft does is they have what's called an E5 license, 330 00:20:30.970 --> 00:20:34.161 it's a type of enterprise software license, where if you 331 00:20:34.218 --> 00:20:37.694 pay for Office 365 and they've been just essentially throwing 332 00:20:37.751 --> 00:20:41.113 in Defender for several months at no cost. And the idea is, 333 00:20:41.170 --> 00:20:44.817 once people try it out, they'll realize how good it is, and then 334 00:20:44.874 --> 00:20:48.122 they'll be willing to pay for it. Okay, that's an unusual 335 00:20:48.179 --> 00:20:51.427 tactic in security. And it has a lot of people are really 336 00:20:51.484 --> 00:20:55.018 surprised and people trying to figure out what it means. So, I 337 00:20:55.075 --> 00:20:58.152 mean, in terms of legacy vendors, the question is, and 338 00:20:58.209 --> 00:21:01.685 we've already seen in places like endpoint security, that the 339 00:21:01.742 --> 00:21:04.933 market is really consolidating around Palo Alto Network, 340 00:21:04.990 --> 00:21:08.238 Microsoft, CrowdStrike, and SentinelOne before. Companies 341 00:21:08.295 --> 00:21:11.486 who are growing endpoint security faster than the market 342 00:21:11.543 --> 00:21:14.564 as a whole? Does this just accelerate that if they're 343 00:21:14.621 --> 00:21:18.268 making it easier for us to make it easier for customers to leave 344 00:21:18.325 --> 00:21:21.972 a legacy antivirus standard? We see that in the same space where 345 00:21:22.029 --> 00:21:25.448 you certainly have a lot of legacy SIM players? Do we see it 346 00:21:25.505 --> 00:21:29.152 in cloud security, where we have companies who are doing kind of 347 00:21:29.209 --> 00:21:32.685 small pieces of cloud security, CCIE and CSP? And but not the 348 00:21:32.742 --> 00:21:36.161 whole thing? Do we see more customers leaving if they're not 349 00:21:36.218 --> 00:21:39.296 locked in to an existing vendor? So that's going to be 350 00:21:39.353 --> 00:21:42.886 interesting to watch, there's been a lot of talk about this, I 351 00:21:42.943 --> 00:21:46.362 think one piece, in my opinion that's been missed in there's 352 00:21:46.419 --> 00:21:49.667 been a lot of talk about platform association, which is a 353 00:21:49.724 --> 00:21:52.744 term Palo Alto Networks came up with, or this idea of 354 00:21:52.801 --> 00:21:56.448 consolidation. And I think with Palo Alto Networks, because they 355 00:21:56.505 --> 00:21:59.469 play in so many different spaces, there's really two 356 00:21:59.525 --> 00:22:02.945 different questions. There's consolidation within a security 357 00:22:03.002 --> 00:22:05.908 technology, and then consolidation across different 358 00:22:05.965 --> 00:22:08.928 security technologies. And I think they've been very 359 00:22:08.985 --> 00:22:12.461 successful in the former, if you look at cloud security, that 360 00:22:12.518 --> 00:22:16.165 they've done a really fantastic job of getting customers to move 361 00:22:16.222 --> 00:22:19.528 away from standalone CASB and CSPM and CIEM vendors and to 362 00:22:19.584 --> 00:22:22.719 really embrace this vision of CNAP and all in one cloud 363 00:22:22.776 --> 00:22:26.024 security. And they've all gotten customers to leave their 364 00:22:26.081 --> 00:22:29.500 existing vendors and to adopt Prisma cloud, what's been more 365 00:22:29.557 --> 00:22:33.090 challenging is to get customers to adopt each of the different 366 00:22:33.147 --> 00:22:36.395 technology stacks that Palo Alto has to adopt their cloud 367 00:22:36.452 --> 00:22:39.871 security technology and their security operations technology 368 00:22:39.928 --> 00:22:43.234 and their network security technology. And part of this is 369 00:22:43.291 --> 00:22:46.767 just how it was built that Palo Alto Networks was born in the 370 00:22:46.824 --> 00:22:50.072 firewall, but everything else that they've done, has been 371 00:22:50.129 --> 00:22:53.548 built off of acquisitions. And certainly they've added value 372 00:22:53.605 --> 00:22:56.625 they've integrated, they've enhanced upon it, but the 373 00:22:56.682 --> 00:23:00.101 foundational elements of every other space they play in this 374 00:23:00.158 --> 00:23:03.350 acquisition. So in that way, it's really the company has 375 00:23:03.407 --> 00:23:06.769 three different platforms for each of its technology areas, 376 00:23:06.826 --> 00:23:10.359 rather than a single platform. So they're really trying to get 377 00:23:10.416 --> 00:23:13.835 more loyal customers to use them in more in across different 378 00:23:13.892 --> 00:23:17.140 areas of security technology, which is a bit of an uphill 379 00:23:17.197 --> 00:23:20.331 climb, especially for large enterprises, who often have 380 00:23:20.388 --> 00:23:23.864 different buyers and each of these security technology areas. 381 00:23:23.921 --> 00:23:27.398 So now in terms of how others are responding, we've gotten to 382 00:23:27.455 --> 00:23:30.076 hear from a couple of executives, during their 383 00:23:30.133 --> 00:23:33.609 earnings calls. We heard from heard from Jay Chaudhry the CEO 384 00:23:33.666 --> 00:23:37.142 of Zscaler. Last week, we heard on Tuesday from George Kurtz, 385 00:23:37.199 --> 00:23:40.447 the CEO of CrowdStrike. And in short, they're essentially 386 00:23:40.504 --> 00:23:43.867 spinning this as a desperation move from Palo Alto Networks 387 00:23:43.923 --> 00:23:47.457 that they have a lot of business and sales tied up in firewall 388 00:23:47.514 --> 00:23:50.762 hardware. And that this is essentially a way to cover for 389 00:23:50.819 --> 00:23:54.295 that to make sure that they're not losing customers in legacy 390 00:23:54.352 --> 00:23:57.885 technology by essentially just throwing it in no cost for some 391 00:23:57.942 --> 00:24:01.361 period of time, and from the standpoint of Zscaler, that the 392 00:24:01.418 --> 00:24:05.122 markets just kind of moving away from how Palo Alto Networks does 393 00:24:05.179 --> 00:24:08.541 things that it's moving toward zero trust, that it's moving 394 00:24:08.598 --> 00:24:11.676 towards a different model that doesn't rely on network 395 00:24:11.733 --> 00:24:14.753 hardware, in the case of CrowdStrike and this message 396 00:24:14.810 --> 00:24:17.830 I've heard from them, because they've gone up against 397 00:24:17.887 --> 00:24:21.363 Microsoft, who does bundling for years now, is that there's a 398 00:24:21.420 --> 00:24:24.440 difference between price and cost that yes, Palo Alto 399 00:24:24.497 --> 00:24:28.144 Networks may cost, or the price may be lower if they're offering 400 00:24:28.201 --> 00:24:31.621 it to you for free for several months. But the total cost of 401 00:24:31.678 --> 00:24:35.040 operating CrowdStrike is lower in the long run. Because the 402 00:24:35.097 --> 00:24:38.459 architecture is unified. It's a single agent, it's a single 403 00:24:38.516 --> 00:24:41.707 console, and in terms of personnel and manpower they are 404 00:24:41.764 --> 00:24:45.240 using even if you have to pay more upfront to get CrowdStrike 405 00:24:45.297 --> 00:24:48.944 that as the years go on them so much cheaper platform to operate 406 00:24:49.001 --> 00:24:52.136 because it requires less resources and it requires less 407 00:24:52.192 --> 00:24:55.669 of a technology so I'm curious given how they use AI. So it's 408 00:24:55.726 --> 00:24:59.088 going to be interesting to see how it plays is out. I mean, 409 00:24:59.145 --> 00:25:02.621 Will anybody else match Palo Alto Networks in doing this type 410 00:25:02.678 --> 00:25:06.211 of in terms of doing some type of freebie for people who adopt 411 00:25:06.268 --> 00:25:09.402 the platform? I mean, it's something that takes several 412 00:25:09.459 --> 00:25:13.106 months to build out. So nobody's going to come out and say, yes, 413 00:25:13.163 --> 00:25:16.753 we're doing it right now, like Palo Alto Networks doubling with 414 00:25:16.810 --> 00:25:20.230 customers for a while. So I think really, at some level, the 415 00:25:20.286 --> 00:25:23.592 question is going to be 3-6-9 months from now, what are we 416 00:25:23.649 --> 00:25:27.011 hearing from Fortinet, Zscaler, CrowdStrike? Are they still 417 00:25:27.068 --> 00:25:30.316 sticking to that discounting and bundling doesn't work in 418 00:25:30.373 --> 00:25:33.450 cybersecurity, or do you see them doing their own test 419 00:25:33.507 --> 00:25:36.300 versions of what Palo Alto Networks is doing now? 420 00:25:36.000 --> 00:25:38.670 Anna Delaney: That was a great explainer. So what do you think, 421 00:25:38.670 --> 00:25:42.150 Michael, Do you think, do you believe Palo Alto strategy will 422 00:25:42.150 --> 00:25:45.870 ultimately succeed in consolidating its position as a 423 00:25:45.870 --> 00:25:48.720 leader in the cybersecurity market? And why or why not? 424 00:25:48.000 --> 00:25:50.266 Michael Novinson: It's a good question, and they certainly are 425 00:25:50.317 --> 00:25:53.563 entitled to the benefit of the doubt. I mean, they've made some 426 00:25:53.614 --> 00:25:56.705 really bold moves over the past half decade. And people only 427 00:25:56.756 --> 00:26:00.053 said that platforms don't work. Then people saw what happened to 428 00:26:00.104 --> 00:26:03.143 Symantec and McAfee, that you have to be best of breed, and 429 00:26:03.195 --> 00:26:06.337 you need to focus on doing one thing well, and the cash threw 430 00:26:06.389 --> 00:26:09.376 that out the window made lots and lots of acquisitions and 431 00:26:09.428 --> 00:26:12.364 lots of different security areas, and certainly not every 432 00:26:12.415 --> 00:26:15.300 acquisition is worth. But in general, they've worked and 433 00:26:15.351 --> 00:26:18.236 they've been able to build a cloud security offering and 434 00:26:18.287 --> 00:26:21.017 market leading cloud security offering purely through 435 00:26:21.069 --> 00:26:24.159 acquisitions and subsequent organic investment. So I mean, I 436 00:26:24.211 --> 00:26:27.456 think they deserve the benefit of the doubt. And I think people 437 00:26:27.508 --> 00:26:30.701 are realizing the impact that Microsoft is having under space, 438 00:26:30.753 --> 00:26:33.998 and that if you're going to have to compete with Microsoft with 439 00:26:34.049 --> 00:26:36.419 Palo Alto Networks, increasingly, as Microsoft 440 00:26:36.470 --> 00:26:39.561 rolled out their own security Service Edge technology, which 441 00:26:39.612 --> 00:26:42.858 is a space Palo Alto Networks is big. And so they're going head 442 00:26:42.909 --> 00:26:45.536 to head there, Palo Alto Networks, who has grown an 443 00:26:45.588 --> 00:26:48.833 endpoint security and XDR space where Microsoft's haven't begun 444 00:26:48.884 --> 00:26:51.975 in a while. So historically, I mean, Microsoft did email and 445 00:26:52.026 --> 00:26:54.808 Microsoft did endpoint, Microsoft did Active Directory 446 00:26:54.859 --> 00:26:58.001 Identity that was different than what Palo Alto Networks did, 447 00:26:58.053 --> 00:27:01.247 because Palo Alto Networks did firewalls and network security, 448 00:27:01.298 --> 00:27:04.337 which isn't really a space Microsoft does much in. But they 449 00:27:04.389 --> 00:27:07.273 have to go head to head where I think Palo Alto Networks 450 00:27:07.325 --> 00:27:10.570 realized that we have to have a way of competing with Microsoft 451 00:27:10.621 --> 00:27:13.557 on price that if they're just going to throw in stuff for 452 00:27:13.609 --> 00:27:16.700 customers and no cost, that it's not reasonable to ask small 453 00:27:16.751 --> 00:27:19.893 organizations where resource constrained organizations to pay 454 00:27:19.945 --> 00:27:23.190 significantly more for our stuff that people, especially in the 455 00:27:23.241 --> 00:27:26.332 current economic climate, just can't afford to do that. So I 456 00:27:26.383 --> 00:27:29.525 think they're really trying to find a way to match Microsoft. 457 00:27:29.577 --> 00:27:32.822 But yeah, it's not a move that's typically worked well for pure 458 00:27:32.874 --> 00:27:35.913 play security vendors that probably has won out over price. 459 00:27:35.964 --> 00:27:39.209 I mean, I think, really, what's the proof is going to be as are 460 00:27:39.261 --> 00:27:42.094 all of Palo Alto Networks, competitors, saying the same 461 00:27:42.145 --> 00:27:45.030 thing that this is a fool's errand six months, 12 months 462 00:27:45.081 --> 00:27:48.018 from now? Or do you see them testing and trying to do the 463 00:27:48.069 --> 00:27:51.057 same thing that Palo Alto Networks does, but yeah, it's an 464 00:27:51.108 --> 00:27:53.993 unprecedented move in this space, and it's going to be a 465 00:27:54.044 --> 00:27:55.590 very interesting one to watch. 466 00:27:56.040 --> 00:27:58.200 Anna Delaney: Completely. Well, thank you so much, Michael. 467 00:27:59.040 --> 00:28:02.130 Finally and just for fun, if you were to design a ride for a 468 00:28:02.130 --> 00:28:07.140 cybersecurity theme park, what would you name it? Tom, you've 469 00:28:07.000 --> 00:28:14.230 Tom Field: I do have an idea. I call it the Ransomwhere 470 00:28:07.140 --> 00:28:07.590 got yours? 471 00:28:14.410 --> 00:28:18.250 Rollercoaster. Where does it take you? It takes you from launch to 472 00:28:18.250 --> 00:28:21.310 infection through lateral movement to detection through 473 00:28:21.310 --> 00:28:25.090 response to containment and the question isn't to pay or not to 474 00:28:25.090 --> 00:28:27.790 pay because you'll pay. 475 00:28:29.230 --> 00:28:30.370 Anna Delaney: It's a bumpy ride. 476 00:28:31.090 --> 00:28:32.320 Tom Field: Indeed, buckle in. 477 00:28:34.990 --> 00:28:35.740 Anna Delaney: Marianne, go ahead. 478 00:28:37.180 --> 00:28:43.360 Marianne McGee: Mine is a Dark Web Whirl - it takes place in 479 00:28:43.360 --> 00:28:50.260 the dark and it stops and if you paid a fee, you can have someone 480 00:28:50.260 --> 00:28:53.350 help you off the ride and out the door otherwise you're on 481 00:28:53.350 --> 00:28:53.830 your own. 482 00:28:55.690 --> 00:28:59.440 Anna Delaney: Spooky. Michael, bring some color to this. 483 00:28:59.000 --> 00:29:06.950 Anna Delaney: Yeah, I think people would pay for that for 484 00:28:59.430 --> 00:29:02.209 Michael Novinson: I feel like my ideas are bad, followed by some 485 00:29:02.270 --> 00:29:05.775 talented colleagues. I was thinking of the Ransom-Go-Round 486 00:29:05.835 --> 00:29:09.461 kind of merging the two that merry-go-round ransomware style 487 00:29:06.950 --> 00:29:07.160 sure. 488 00:29:07.000 --> 00:29:25.240 Tom Field: It will playground merry-go and you spit in and the 489 00:29:09.522 --> 00:29:13.329 - you experienced the vertigo, you experienced the nausea, that 490 00:29:13.389 --> 00:29:17.015 security practitioners feel after an incident like this. And 491 00:29:17.076 --> 00:29:20.400 when does the right stop? Nobody really knows for sure. 492 00:29:21.000 --> 00:29:24.907 Anna Delaney: Well, I'm going for a Phishing Pond. You know 493 00:29:24.994 --> 00:29:30.551 the spelling of that - like the chocolate lake - Charlie and the 494 00:29:25.240 --> 00:29:27.070 kids' bodies just fly off randomly. 495 00:29:28.330 --> 00:29:29.290 Michael Novinson: I've seen that. 496 00:29:30.638 --> 00:29:36.282 Chocolate Factory. But watch out there Trump's some tricky emails 497 00:29:36.368 --> 00:29:41.926 and phishing scams hidden in the midst and if you fall for them, 498 00:29:42.012 --> 00:29:47.309 you might be taken down some unexpected turns but however you 499 00:29:47.396 --> 00:29:52.953 don't there are some treats and in waiting for you at the end of 500 00:29:53.040 --> 00:29:58.250 the lake. Well, this is a lot of fun, informative as always. 501 00:29:58.336 --> 00:30:03.633 Thank you so much all of you, really appreciate it and thanks 502 00:30:03.720 --> 00:30:07.020 so much for watching. Until next time!