Interview in Action @ ViVE ’24 – Mike Smith, KLAS and David Ting, Tausight

March 14, 2024: Drex Deford speaks with David Ting, Founder and Chief Technology Officer at TausightΒ  (7:18 start). They delve deep into the complexities and advancements surrounding the integration and security of health information. As we explore the pressing question of how we can protect one of healthcare’s most valuable commodities, PHI, from the incessant threat of cyberattacks, David sheds light on their innovative partnership with CrowdStrike and the pivot towards an event-driven database structure. How does Tausight leverage technology to not just react to threats but anticipate them by understanding the intricacies of PHI data movement and storage?

Read on thisweekhealth.com.

 

Video Transcript:

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Welcome to This Week Health. My name is Bill Russell. I’m a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare, one connection at a time. Today, we have an interview in action from the 2024 conferences, the spring conferences, VIVE in LA, HIMSS in Orlando.

Special thanks to our sponsors, Quantum Health, Gordian, Dr. First, CDW, Gozeo Health, Artisite, and Zscaler. You can check them out on our website, thisweekhealth. com. Now, onto our interview

β€Š[7:18 transcription start] (Transition) πŸ“ πŸ“ πŸ“ ​

(Interview 2) πŸ“ Hey, this is Drex from This Week Health. We’re here at VIVE 2024, and I am with one of the smartest people that I know. Actually, not kidding. David Ting from Talsight. Maybe not Bill Russell, who’s over in the back creating a bit of a ruckus right now, but yes, David Ting. You’re actually really talking about yourself?

Ah, no. Not at all? How’s it going? Drex, great to see you. It’s good to see you too. Glad to see you in your new role. I have I have made the switch from a very close company that Amazingly enough, we were just talking about this. A year ago, we were here at this very conference, and I was with CrowdStrike, and our booth was like two booths down from this one.

And there was some conversations that happened at that conference that continued after the conference and on into the last whole year. And you have an announcement to make about CrowdStrike. Right.

So we have a great partnership with CrowdStrike. We’re built, as you can see, on the CrowdStrike logscale platform.

And it looks great. It looks great. It’s been a great experience. We migrated all our data directly from our cloud where we Enrich the data, and then we send it directly into your LogScale repo. And we generated a lot of the queries, a lot of the background queries generated all the widgets and dashboards.

The thing I tell people is LogScale is built as a streaming, event driven database. As opposed to a πŸ“ lot of other databases that look at stats, that look for relationship between data. BlockScale is an event driven database, so we had to do some stuff to make stateful data for inventories of PHI and inventories of devices.

But in terms of picking out what happens in an event stream, this is perfect. How hard was it to do? Well, once we got through understanding the difference, I think it’s a mental shift for people to say, Gee, I’m used to a relational database, or I’m used to a NoSQL database, which is all stateful to a Event driven database, which if you’re done digital signal processing, everything’s screen based, yeah?

If you’re familiar with that, you go, forget everything you learned about databases, and think in terms of what happens in an event window, right? And generating these dashboards is incredibly easy. So I have a team of a couple of data engineers that basically, once they got over the first shock of, oh, I could do this like this, right?

One of the most powerful features we have is the nested group bys and the capability to add function lambda function Everything once you master that it’s like oh my god. I can do all this stuff. You’re off to the right two lines Insights that you can get by relating all this data is incredible.

I mean, I’ve been really happy with this. To be able to, on not only the log scale side, but all the other additional capabilities. Our ability to generate alerts, scheduled searches for remediation. We show real time data, real time risk, all calibrated using real data aggregator. Our sensors to the cloud into your And then, we know we have additional abilities to generate orchestration, to do remediations, to do reports, to do e mails.

And we did it all within like months. I mean, it was really amazing. Really amazing. You guys have been brilliant.

Not me guys. CrowdStrike guys. Folks were really amazing. We had some great folks on that team. They did. Anybody you wanna shout out? Well, I think Paul MacGyver. I think Paul MacGyver.

MacGyver, yeah. When he first saw it, he goes, oh my God, you can do all this stuff. And I said, well, just, we, next week we’ll show you what else we can do. And I think we exhausted a lot of. His capability is to go, stop, slow down!

πŸ“ πŸ“ β€Š In the ever evolving world of health IT, staying updated isn’t just an option. It’s essential. Welcome to This Week Health, your daily dose of news, podcasts, and expert commentary.

Designed specifically for healthcare professionals like yourself. Discover the future of health IT news with This Week Health. Our new news aggregation process brings you the most relevant, hand picked stories from the world of health IT. Curated by experts, summarized for clarity, and delivered directly to you.

No more sifting through irrelevant news, just pure, focused content to keep you informed and ahead. Don’t be left behind. Start your day with insight at the intersection of technology and healthcare. This Week Health. Where information inspires innovation. πŸ“ β€ŠIncrease so before I go on, because I love, I mean, one of the things I love about you, you have a huge amount of enthusiasm for the work that you’re doing to make healthcare better and safer.

Thank you. Let’s Talk more broadly about Taasite. What does it do? if somebody has what kind of a problem, why would they talk to you? I tell people Taasite is really about lowering the liability and the risk. to an organization that has to deal with PHI. PHI is the most powerful commodity in healthcare today.

is about understanding how do I help you lower your liabilities and risks, and how do I streamline any kind of incident response. So today, cyber security is not only about protecting your perimeters and privacy. Keeping the bad guys out is about cyber resiliency. How do I get back to business?

How do I file all those disclosures? How do I keep the legal requirements down? So I’m not spending endless dollars and hours filling out these forms about the details of an incident. The 8K. The SEC. Now it’s a thing. And you’re going to have to basically prove that you’ve done everything right. Because the shareholders are going to say, Hey look, that’s what they did for protecting the assets and the mining investment in their company.

That’s not good enough. You’ve got to be able to describe, right? You’ve got to describe, you’ve got to verify and prove that you’ve done a good job. I think that’s going to be a huge change. So our goal is not only help that organization not only understand the risks and what the OCR calls the potential.

Right, which is really, I mean, if you read the hypersecurity rule, you go, oh my god, how am I going to do this? Complete and thorough assessment of all the variables. vulnerabilities, and potential risk to CI and A for all the electronic patient records. That’s an insurmountable task, and you can’t just do it by saying, I surveyed 20 machines, I surveyed these folders.

No, you need to actually know where everything is. You need to know in real time what that risk looks like. It’s kind of the next version of like, you can’t protect it if you don’t know where it is. That normally means the things that are on your network. If you’re the different version of that, you’re like all of the PHI and where it is.

And it’s in a lot of strange places, right? When you do a test, when you do an initial POV with somebody or something, you find a lot of, they’re really surprised. I don’t know if these are shared desktops. You’ve seen these shared desktops? Look at all the files that have everyone access. Why? It’s because they put discharge handoff notes in there.

Or, look at the recycling folders that nobody purged. There’s tons of data in there. They’re log files that applications have generated. They’re files sitting on servers belonging to users. that aren’t even there anymore, but they’re still sitting on your There are files that are 10 years old. There are files that are in excess of 20, 000 files by a single user.

Why? Because somebody

It’s just kind of It’s sloppy work. It was the easy way to do it. People change jobs and do other things, and they put different stuff in. Right, yeah.

So, those are the things that we know. You can reduce that. Either in a preventative phase, pre breach, or get to a remediated point where you say, I have a good security posture around it.

How I’m handling PHI. Then, because we monitor the stuff continuously, and dump the data into a CrowdStrike environment, we can generate queries and background searches to look for things that you need to worry about. Oh, why is Dr. Jones, again, sending PHI using her personal email? Yeah, well that never happens in Ohio, so we know that.

But they do. Or, why are you, USB drives still being used so prevalently by certain people while they’re taking their PHI. Oh, Yeah. And then, a real simple thing. The alerts that generate interventions, where interventions break then and their name is needed. Those are the anomalies. Why is the encryption all of a sudden turned off on these machines?

And that machine is going out the door. I should stop that.

I should quarantine that machine. You get an alert when somebody has Encryption on and then they turn it off or it’s turned off. Very

interesting. Or they turn off security tools. Monitoring. Yeah. It’s all the little edge cases that you go, Yeah, it might be nice to know that in real time.

Is that a repeated behavior?

So. One of the other announcements you had was Office 365 integration. Tell me about that. So, Office 365 is, as we all know, widely used in healthcare, but the risks there are how many files are there, or how many emails and how many attachments are in those folders, that should that user’s account be compromised somewhere, you have a huge exposure.

It’s not uncommon for people to keep their entire work histories, I know I do, in my email. I want to know who I talk to, I go and search for my email. Doctors do the same thing. So, there has to be controls, at least to say, look, these are sensitive data, and You should tap it and then put the rest, in a more safe, protected archive, right?

Right. If you need to look at it, you know where to find it. It shouldn’t be in an active email, right? Preferably, it’s covered by a separate account, so you’re not logging in towards using the same login, or better, have an MFA approach. Yeah. So all these are steps that I think you should take. will gradually help tighten down the infrastructure so that we don’t leave our PHIs ready to be attacked by some nation state actors or who are always out to get you.

So, I’m sure you know the probabilities and the success rates for phishing attacks. It’s high. It’s not impossible to get into a system. So, once you get into a system You’re doomed. Yeah, I mean then the only thing you can do is compartmentalization, right? No, why should the admin account be open to everything?

They should be compartmentalized. It should be firewalled into rings. Yes And so those are the things that we start to want to promote because these aren’t costly things They’re just changes in your process.

They’re best practices And you’re giving them a way to sort of find where they’re not doing those best practices and then building alerts to tell them where somebody is violating that practice.

So it’s a continuous performance improvement kind of loop that you’re It’s using quantified data. It’s using the quants as opposed to subjective assessments of, Hey, you know, I took a sample of these 20 different machines and they all look good. Yeah, I know. It’s knowing what happens on all those points.

Actually knowing. Correct. In real time. I showed somebody this and I said, think of your security risk assessment that you do annually. How broad a sample do you take? Take a sample. What if you had a 100 percent sample? This is continuous, in real time, across all your machines. Yeah. So, one of the numbers I always like to talk about is, 12, 000 endpoints, 10, 000 users.

You’ve got 12, you’ve got what? 120 million at that point. Multiply that by the number of files that you’re dealing with across the system. Multiply that by the number of emails. That’s the space that you’re trying to protect. Where’s my RISC? It’s all those endpoints. And your surface area is huge. You cannot do this by hand.

You need technology. You need to know where everything is and be able to prove it when the time comes. And then, hopefully, you have all that immutable data, audit data, in a place that attackers can’t get to. Right. And so, the idea, I have all the event logs, oh look, I can hand this off to the rensing team.

Right. A good attacker will have wiped that out. Yeah. Good stuff. Yeah. I mean, I was covering my tracks when I was πŸ“ a student.

Yeah. So I want to ask you, so one other kind of big, broad, general question. Besides those two like tiny little projects you’ve been working on, what else, what’s next?

Or what are you looking at as you look into the future?

Improving our AI so that we have our, what we call our gen four ai starts with. tie all the data around PII information, different unstructured content, emails, etc. to say, these things all tie to the same individual? Are they all, do they all plug to David Ting so I can go backwards and say, hey, I’m David Ting, I’d like to know where you have all my data and you can find all of them.

We want to do this in a privacy preserving manner. I don’t want to have your demographic data in my database. I want to do it in a privacy preserving manner that leverages all the, quote, PII like terms about you so I can correlate them. So all of a sudden, dude, those files, that email, they’ll talk about the same person without actually having any of that data in our cloud.

Is there, Is there some part of this that might also help us with Patient identification. We have a lot of duplication in that kind of stuff that happens. So today we see that already for files, attachments. I sent out an attachment that has information, so you see lots of duplications all over this place.

Duplication everywhere. Right? It just speaking on the M 365, the first thing you notice is attachments get sent to 20 different people. Super areas just increase. Right? It’s the same freaking file. Yeah. And you have that multiplied by. The number of emails, because attachments are sent everywhere.

And then they get forwarded. They get forwarded. So, this again, another thing that you might want to consider. Do I really need to send this attachment to all these people? Just because it’s easy to have them on the to list? Yeah. It’s just, once you understand the risks and the sensitivities to the overall equation, you can say, yeah, let’s just train people to not do this as an automatic response.

Right.

Hey, thank you for the time today. I really appreciate it. David, you’re awesome. Great to see you. I’m looking forward to continuing to sort of have this conversation. See all the other stuff that’s coming up. Because I know you have a million ideas about what’s happening. No, no, No. Thanks for your time.

Thank you.

(Transition) πŸ“ πŸ“ πŸ“ ​

Thanks for listening to this Interview in Action episode. If you found value in this, share it with a peer. It’s a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that would be great, and we want to give a big thanks to our partners who make this possible.

Quantum Health, Gordian, Dr. First, CDW, Gozio Health, Artisite, and Zscaler. You can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That’s all for now.