Welcome everybody to another episode of compliance conversations. My name is CJ Wolf with Healthicity.
And today's guest is Anurag Lal, who, we're we have an interesting topic today. We're gonna be talking about cyberattacks. But before we jump into that, Anurag, we always like our guests to tell us a little bit about themselves.
How'd you end up doing what you're doing? Tell us what you do, and and anything like that that you feel comfortable sharing.
That's great, CJ. Thanks for having me on the podcast.
My background is inherently been about, mobile networks and network security, data security.
Also had an US government as part of the FCC and the US National Broadband Task Force.
So it's it's well rounded with that respect.
Here at NetSphere, we are really in the business of delivering robust messaging platforms to enterprises and mobile operators across the globe. Our heritage goes back to the time the first SMS or the first mobile message was sent out, and you'll say, how come? And we actually go back when we were part of Motorola.
And then we spun the company out, and we built this up as a stand alone entity. And since then, we've delivered robust solutions, messaging solutions to mobile operators across the globe. So a lot of times, you get Amber alerts and other emergency notifications from the from FEMA and other government agencies. And ninety nine point nine percent of the time that technology that they're leveraging has been deployed by us.
And so we are, you know, obviously very excited about that. And we've taken that heritage and really purpose built, a secure and, messaging platform, ideally suited to, you know, kind of keep secure communication within the enterprise. We recognized a long time ago that mobile messaging would be important not only in the consumer realm, but also within the enterprise. And, we were pruned.
Right?
But there wasn't really a purpose built platform specifically for the enterprise. And so that's how Netsphere came about, and that's the context in which we are speaking today, CJ.
Great. And, I failed to mention you're the CEO and president of Netsphere. Correct?
That is correct. That is correct.
Great.
And willing But at the end of the day, you know, my job is just making sure the rest of the team succeeds so the title stays at home for the most part.
Perfect.
And we'll make sure that we include some links to to that company's information as as our listeners may wanna reach out to you and your company.
So cyberattacks. Right? Like, our audience, compliance officers, it's like our worst fear. Right? Because we don't know when they're gonna happen.
We do know that health care cyberattacks seem to be on the rise, and we can get into some of the specifics in a moment. But can you just tell us in general what your experience is and what you're seeing with cyberattacks in the health care space? It feels like they're increasing.
Yeah. I I think there are a couple of things that happened. First and foremost, we had already seen the advent of digitization within the enterprise start, prior to COVID. Right?
And during COVID, it accelerated exponentially across the board, not only in health care, but every other, enterprise, if you may. And that led to a couple of things. Firstly, we rushed into this aspect of digitization. Some of us prepared, some of us not well prepared.
And with digital information out there and data really becoming the next, you know, real expensive commodity, believe it or not, your data, our data, our collective data is is wanted out there for multiple purposes, either by vendors to deliver a service or by back bad actors to take advantage of. And so, getting to that data, became obviously, you know, something that was being leveraged by, you know, essentially people with ulterior motives. And so post COVID and during COVID, we saw a huge spike in cyberattacks.
And health care specifically, got a large brunt of it because they viewed health care entities as soft targets. And we couldn't go into that, because there are a number of reasons related to that. But health care has been at the forefront of taking, the the brunt of ransomware attacks, phishing attacks that ultimately lead to ransomware attacks, and, you know, their data being compromised in so so many different ways. And this is gonna continue. This is not something that's gonna go away. In the old days, there were, you know, there were criminal organizations who were leveraging cyber as, as a means to monetize, you know, their, activities. But today, even state actors have essentially weaponized cyber.
And so we don't really know where these attacks are originating, whether they are, criminal enterprises or they are state enterprises, but cyber is here to stay. And so that's why we really have to prepare ourselves, for this new realm that we find ourselves in.
So I think that's really interesting that you you mentioned, you know, a lot of health care organizations might be soft targets. Is is that why they're targeted or and or is there something inherent in health care data that's more valuable than others or not really?
No. I think it's the answer is all of the above, because, clearly, health care, enterprises and entities have, multiple aspects of of security that they need to deploy deploy to keep their environment safe. Right? They obviously have network security they have to deploy, then they have to deploy device security.
They have multiple different medical devices that are being operated that can be essentially compromised as well. Then they have the people angle, which is always a challenge. Right? Believe it or not, we are the weakest link, because a lot of times, the front door is through us.
Right? So if if you look look at all of that and and the fact that we they own data, that is valuable. And in my previous comments, I commented how this data is so valuable. Right?
And they have health data. They have financial data. They have social security data. And all of that has value and can be monetized on the dark web.
So that's why they find themselves and in in most cases, if not all, they don't approach security or till recently didn't approach security in a very sophisticated manner. Right?
And now they are being forced to pay attention to that. We've seen many examples of our customers who've all of a sudden had to sit up, and take notice and start, you know, expending resources and spending money to deploy solutions that protect their environment. They didn't have to do that before. So that's why I I I I refer to them as soft targets. One, they have what people want, and two, they're not necessarily entirely secure end to end.
That's right. And, you know, I'm sure you probably know more off the top of your head, but I I, you know, come from a clinical background, and I talk to clinicians a lot. And and they think, okay. Yeah.
We have to be secure, but how is it gonna affect patient care? There was a story last year of hospitals in I believe it was in Southern California. They had to shut their emergency rooms down and divert patients to other hospitals because of ransomware attack. And and until they got that resolved, they didn't have an electronic medical record.
And so this can and does, in many cases, affect patient care.
Absolutely. And today, you know, the the health care vertical is a very important vertical for us. We sell through other verticals as well, finance and, first responders and technology companies, what have you. But health care is a very, very important, vertical that we address, and we deal with a lot of hospitals.
And as a result, we sit down and and listen to, you know, clinicians and and and understand their challenges. A lot of them never realized how, essentially, how they themselves through their day to day activities unconsciously were compromising the environment. Right? They were using platforms like WhatsApp and just using SMS, sending patient data, exchanging passwords, and and and then responding to unconsciously sophisticated phishing attacks through mobile messaging or even email for that matter.
Email is a wide open door too. Right? And so when you give them an appreciation, sitting next to the compliance officer, a lot of times we'll be we'll have the compliance officer of the hospital and the chief medical officer of the hospital, both of whom are entirely on board.
Now you have to bring the physicians and the nursing staff on board. Right? Because those are the folks who are using this day to day. But the interesting thing was once they do understand the importance of what we are deploying and how they can use it to keep their environment secure, there's an added benefit that they themselves start seeing, which is an improvement in patient care.
So, you know, we've seen physicians and hospitals come back to us and even, nursing staff come back to us and report that they've become that much more efficient. Because now they have a platform that's uniform across the hospital or the health care entity, and all of them can communicate without worrying about data being compromised. They can send images. They can send lab reports. And and we also have an AI engine at the back that helps enhance that whole experience while keeping all of that secure.
There was one hospital actually came back to us and said that they found that our platform helped, enhance their ability to respond to trauma cases. It essentially gave them twelve to fifteen minutes of excess time, to operate in that golden hour. You know, and that golden hour, we all know, is extremely important.
And so not only the benefits of a platform such as NETSCOUT, is that you keep everything secure, you're in compliance to your regulatory obligation, but you're also enhancing health care and patient experience. So it's a home run into it.
Absolutely. Well, we're just getting warmed up, everybody, but we're gonna take a quick break, and then we're gonna come back and talk about some more specifics here in a moment. So hang in there. We'll be right back.
Welcome back from the break, everybody. We are talking about a really important topic, cyberattacks and and how they're evolving.
And, you know, Anurag, I was reading, a report of the internal audit society and what health care c suites are concerned about in today's day of risks, and cybersecurity was at the top of the list.
I'm sure you are interacting with clients all the time. Tell us why so we're we're trying to talk a little bit about how this has evolved. So I've been in health care over twenty five years. So I back when we had paper, when we were writing medical records on paper. Tell us a little bit of the evolution. Like, what were cyberattacks like before?
How are they like now? Are they the same, different? What what do people need to be aware of?
Right. Yeah. So we talked about digitization. Right? So we've gone from paper to be mostly, if not entirely, digital.
Right? That puts all of that the information out there and accessible if you have the right tools or if you have the right motives. Right? At the same point in time, there's a level of sophistication that has come about.
If you go back just a few years, we all used to receive phishing emails. Right?
Or or or text messages, and they were really badly written. The grammar was invariably not correct. And, you know, we would laugh at it because it was so easy to for you to figure out that that this was a phishing, email, and it should be awarded. But now with the advent of technologies like AI, AI actually is being used to make those phishing attacks that much more sophisticated.
And how so? Well, they're using AI large language models as a means to write those emails. Right? And make them that much more, believable, if you may.
Right? The text messages that you get, sometimes are very compelling. And, you know, unconsciously, if you're not thinking or you're busy doing something else, you click on them. There've been so many instances even in my company that people, deployed in different parts of the globe messaged me on Netsphere saying, hey, Anurag, I got a text message from you asking me for information.
I'm assuming that was not you because they know I only, reach out to them leveraging NetsuAir, which is our own product. Right? So so the the sophistication has increased exponentially.
And now state actors have gotten into the act too because they've seen this as a real profitable enterprise.
Somebody shared this data out there, where they said that North Korea's entire missile program was funded through money raised through cybersecurity attacks.
Wow.
Now think about that for a second. Right? That is millions hundreds of millions of dollars.
Right? And and so if if a if a state actor like North Korea can make so much money, through their efforts, right, that message gets propagates itself pretty quickly, across the globe. So, you know, we are seeing better tools. We are seeing more sophistication.
We are seeing state actors coming about. And I think there was some data out there that said thirty thousand percent increase in cyberattacks. So they're coming at us from every which angle possible. Right?
And sometimes even the most sophisticated people fall victims to it. Right? Even though we train our employees constantly.
And that's why it is so important, CJ, not only to train, but to deploy the right technology and the right tools so that they can use them unconsciously and and they can do their job versus worrying most of the time on being compromised.
So tell us a little bit more about those the technology and the tools that you recommend, and what what's unique about those?
Yeah. So so, again, you know, compliance is key. Right? And especially in the health care context.
And compliance, you know, whether it's HIPAA in the United States, whether GDP PR in Europe, PDP in in Asia and and parts of, other parts of the globe, all of that really is a framework to ensure that data is secured, within a health care environment. Right? And it it invariably is patient data. Right?
And so what that really essentially means is make sure that you are deploying the right tools and technologies to keep that data secure. Right? And so it's very, very important that people pay attention to that.
I have seen today in so many instances, though, you know, people are increasing their awareness of of this, but in so many instances, people don't necessarily realize that a huge part of keeping your data secure is making sure your communication is secure.
Right? Because you are communicating in all aspects of what you do within a health care entity, whether it's patient to physician communication, it's physician to physician communication, it's nursing staff to physician communication. And if you don't deploy the right tools, you're going to get compromised. There's no question about that.
So what are the right tools? The right tools essentially need to be built from the ground up for the enterprise. Okay? We cannot take the likes of WhatsApp and Teams and some of the other products, which were never meant by their own admission, by the way.
So I'm not saying that. Right. You know? Microsoft says this on their own and as does, Meta that the and, actually, if you go to their website, they will say very clearly that we are not compliant.
So don't use us in health care settings. So please don't use those.
Pick a platform that has been purpose built from the ground up for your particular enterprise. Right? In this context, health care. And then most importantly, make sure it has encryption built into it that is true end to end encryption.
And I say that very you know, this is a very important point. Because you may deploy a platform that gives you feature functionality, but if it's not secure, and I believe the only way you can secure it if you have true end to end encryption, then you are not conforming to your compliance requirements or guidelines. Right? And so you will ultimately fall victim, to an attack. And and so let's parse encryption even further. Right?
K.
Today, there are only few platforms that offer true end to end encryption. NetSuite is one. We actually feel very good about it because that was one of the pillars we built the platform on. The other aspects of, encryption is make sure encryption is future proof.
And by that, I mean, very quickly, we're gonna see the advent of, quantum threats to our current encryption algorithms.
So the data that we're encrypting today could potentially be compromised in the very near future once we have quantum platforms available. Right? And and and believe it or not, they're gonna come about sooner rather than later. And in most cases, these kind of technologies fall into the hands of the bad actors before they get into the hands of the good actors. Right? Right. And so while you pick your platform and you ensure there's encryption, also make sure it's quantum proof.
We are very excited about the fact that we are quantum proof, and we have, deployed post quantum cryptography within our platform. So what does that do for the health care entity? That assures them that not only will the data be secured today, but it's gonna be secure in future too. Because what we are seeing is the advent of, you know, of attacks that basically compromise your get access to your data today, but they'll keep it to decrypt it later.
So they call it harvest now, decrypt later because the data still has value even down the road. Right?
Okay.
Five years down the road, that data still has value. Right? So they'll access your data. It's encrypted now, but they'll decrypt it later.
So harvest now, decrypt late later is a huge threat. And that's where post quantum cryptography comes in, which ensures not only that your data is secured today, but it's secured down the road when we are faced with a quantum in environment. So, again, pick the right tools, pick the right platforms, don't ignore communication. That's your number one, threat to vector if you may.
You have to secure it, and then make sure encryption end to end with quantum, capabilities is what you deploy, and I think you'll be in a good place there.
So, you know, a lot of our listeners are compliance officers, and we like to hear these kinds of things and follow these kinds of rules, but we might not be the most technologically trained individuals. So when you start talking about encryption and certain levels and but we interact frequently with our security officers or our IT folks. So how would you tell a compliance officer to ask the right questions of the people who know those technology answers.
Is it basically what you've just said, or are there certain ways to ask those questions? And then what kind of responses should we have? Because someone might just say, yes. Everything's encrypted.
And we might think, oh, well, that's great. Well, you're saying no. It has to be this certain kind of, standard of encryption. So how might you coach us to ask the right questions?
No. And and that's that's a great question. And and I think everything that I talked about till now in in the context of encryption is is, questions you should be asking. But, you know, we'll put a link in this, in this podcast, to our website. We have a couple of white papers that lay out very clearly and very simplistically, for compliance officers and, chief information security officers exactly what they should be looking for, in a secure, communication platforms, such as ours. And the other most other important thing as well is that we don't want to make this complicated.
It may sound complicated, but but the way we've engineered this, CJ, is we've made this entirely friction friction free, excuse me, for the end user and the people responsible for deploying it within the health care environment. Right? We wanted to do that because we've we felt it was very important to make sure it's simplistic, where you can deploy. Pretty much within a matter of a couple of minutes, I can deploy it to thousands of people within an organization.
And once they download and start using it, it it's fairly simple to use on its own without any formal training, if you may. And, again, it was built with that intention. And we've talked to nursing staff. We've talked to physicians, and they've all told us.
And we actually spoken to real people. And they all told us, hey. I I you know, it's seamless. We can use it.
We got it. And, you know, I we ask them how is the proof of concept going? How is the trial going? Hey.
We love it. When can we have it? So deployment and use also has to be simple. Deploying something complicated will assure you that nobody's gonna use it.
Right? And so we wanna make sure we we don't do that, and we did not do that.
So you you've emphasized, kind of the importance of the communication channels being secure. You know, in this world where a lot more individuals are wanting their health services received through telecommunications, you know, maybe through a a platform like this, on the telehealth side, do your solutions also address the needs of telehealth services?
Absolutely, CJ. In fact, we are being leveraged for telemedicine by a lot of hospitals in Europe and in Asia, where specialized specialized, segments of the hospital make themselves available, and then they can reach out to, to patients and have a conversation.
They also have, I think there's a use case where patients who've just recently discharged, they go back home, and they stay in touch with their with their healthcare staff. So, you know, telemedicine is a very important part. And for that, we also built in a capability within the platform where you can essentially extend the encrypted surround that you have as part of NetSphere to encompass your patient who may be sitting in their home, to give them that same security that the the the conversation that they're having, the information that they're sharing, the documents that they're sending back and forth get the same level of encrypted security as any other conference conversation going on within the hospital. So that's a very powerful capability that we've built in, and that's available and widely used by our customers.
That's great information. Well, we're getting to the end. I mean, I could talk all day about this because I need to learn more about it myself, but we're kinda coming to the end of our time. I wanna give you some, time just to share any last minute thoughts or or parting thoughts or maybe a a a principle that I did not ask you about. Anything you'd like to to share before we kinda come to a close here?
No. I'll just share a a a just an incident that, that happened with me just a few weeks ago. I was in a roadshow going out and meeting some of our constituents, prospects, and customers. And I I met with a particular hospital that has about twelve thousand beds. I won't give you more details than that. And and during the course of the presentation, unannounced, the CEO showed it showed up at the meeting and sat at the back very quietly, and I didn't know the person. And and and, and then as you were coming to a close, the person identified themselves and said, how soon can we start deploying your solution?
And I said, we are ready to go now. If you wanna do it right now, we can start deploying. And then I asked them to introduce themselves, and then she told me, I'm the CEO of this company, and we are just coming out of a ransomware attack for which we had to pay three to four million dollars to get the the the codes to decrypt our data. Right?
So the reason I wanted to share that incident, it's a live incident straight from the horse's mouth, if you may, is because as we you know, in the same tone as we started this conversation, cyber threats, especially in the context of health care, are real. Right? We can't have our head in the sand and pretend, it's not gonna impact us or it's gonna go away. Cyberattacks are here to stay.
Right? And they're not gonna go away. They're actually going to exponentially increase.
It is important as part of your compliance requirements within the health care environment that you make sure all aspects of of your environment are kept secure.
A huge portion of that environment is your communication.
And and and that communication piece becomes, your weakest link in a lot of cases because it is the way people leverage, to get into your, organization to compromise. Right? And so if you ignore it, you ignore it at the expense of, you know, four to five million dollars, loss of brand, loss of face, loss of, patient care, if you may. And no health care entity can afford to do that. So my request to organizations is is take this threat seriously.
There are solutions like Netsphere out there that will give you that end to end, security, if you may, that you're looking for.
Do not live with the dirty little secrets that everybody has of using consumer messaging platforms like WhatsApp and others and sending information thinking it won't happen to you. Guess what? It will happen to you. It's it's just a matter of time. So take take this threat seriously. The good news, like I said, is we have solutions like Netsphere. We're happy to deploy them as quickly as you need them, but this is extremely important, and pay attention to this now.
Well, thank you so much, Anurag. This has been really helpful information. I know our audience, already believes in this, and and where we sometimes need help is asking the right questions so that we we can confirm if we're at the right level or not. And as you mentioned, we'll link out to some links where you said there's some white papers that kind of Correct. Walk people through that. So I think that'll be really helpful. Thank you so much for taking the time to to to share a little bit about this today.
Absolutely, CJ. Thank you so much.
And thank you to all our listeners for listening to another episode. As always, if you have topics you'd like to hear about, please let us know. Or if you know speakers that you think would make good guests, we'd like to, know about them as well. And until next time, everyone. Take care.
This transcript has been auto-generated. Please forgive any errors.