Apply to Attend Nexus Conference 2026
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
On this episode of the Nexus Podcast, Krista Arndt, Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network of Pennsylvania and New Jersey, explains how healthcare's rapid adoption of technology has created cybersecurity exposures that must be mitigated. Compensating controls such as microsegmentation have also enabled innovative new procedures that improve patient care.
Healthcare
Cyber Resilience
Operational Resilience

Nexus Podcast: Krista Arndt on Healthcare Cyber Resilience

Michael Mimoso
/
Jun 17, 2026

Subscribe and listen to the Nexus podcast on your favorite platform.

Krista Arndt, Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network of Pennsylvania and New Jersey, has spent a relatively short period of time as a healthcare cybersecurity leader. But her immersion so far has taught her that technology adoption has outpaced the sector’s readiness for it, and the complexity of these environments has quickly elevated cybersecurity as a key facet of patient care. 

“Interconnectivity really funneled a velocity of adoption of technology that healthcare wasn't really ready for,” Arndt said on the Nexus Podcast. “Healthcare is just being pushed to do things in a very quick time frame. And so, cybersecurity became a necessity because of the quick, vast, and deep adoption of technology. Realizing that the technology in healthcare as we had built it out is so complex based on other verticals, it has become a necessity, a must-have. It is one of the most integral parts of our um our technology program.”

Segmentation a Key Healthcare Control

Arndt and the security team protect St. Luke’s’ 15-hospital system, including 85,000 medical devices across those facilities. Her team’s responsibility run the gamut from extensive microsegmentation initiatives to ensuring that clinical staff is engaged with cybersecurity and understands the risks that could endanger patients’ well-being. 

“Our CIO, ACIO, and my boss, the CISO, take a very conscious role in including our clinical leadership when there are significant technology changes to not only gain their buy-in and make sure that they understand what we're doing, but to really have them give us their input from a clinical perspective,” Arndt explained, adding that extending that outreach to the system’s Chief Medical Informatics Officer was crucial given the hand they play on the clinical side of the house. “They can really bridge that gap between technology and operations. I think that the whole partnership between all of us really makes us successful.”

On the operational resilience side, St. Luke’s recently underwent a microsegmentation deployment with partner Elisity, which in 45 days, implemented a critical compensating control for the organization. Given the known patching challenges in healthcare, compensating controls such as segmentation are indispensable, especially in enabling remote robotic surgical capabilities at the hospital system. 

“We have great visibility, and we can make sure devices are grouped together. So it allowed us to open our doors to some more innovation when it comes to um surgical robotics, which has been awesome from the clinical perspective, Arndt said. 

Medical Device Isolation Enables Innovation

Biomedical devices feed diagnostic data to a central cloud management system; that connectivity allows those devices, including robotic surgical systems, to function. But Arndt said there must be a level of isolation that prevents inbound communication to the devices. Isolation, she said, limits what the clinicians could do to improve the level of services and care they could provide. The segmentation—and visibility into their environment—changed that. 

“Now that we know that we have these isolated buckets and we have the blast radius contained, if something happens,” Arndt said. “We can start reconnecting that outbound connectivity and allow some agility for our clinicians to really do what they do best, which is to innovate in their space.”

Episode Transcript with Krista Arndt

MIMOSO 0:12

All right, welcome back to the next podcast. Krista Arndt is my guest. Krista is the Associate Chief Information Security Officer at the St. Luke's University Health Network, which is a 15-hospital health system in Pennsylvania and New Jersey. We're going to spend some time talking about how she and her team protect a large healthcare system in what's becoming a pretty turbulent threat environment and risk environment, especially with regard to patient safety. Before we bring in Krista, just my regular reminder to subscribe to the podcast. It's really the best way to keep up with the show and some of the great guests that we've got lined up. We're on all the major podcast platforms and pretty easy to find. So find us and subscribe. So with that, let's kick off the episode. Hi, Krista. Nice to see you. Thanks for uh for coming on the show. Appreciate it.

ARNDT 1:01

Hey Michael, thanks for having me.

MIMOSO 1:03

So look, just kind of as uh an icebreaker, I like to ask my guests um about their career path and how they landed in cybersecurity. I know that I I find as I asked this question that everybody has a pretty diverse experience, and there isn't necessarily this direct path to to cybersecurity. So, what is your story in that regard?

ARNDT 1:23

It's crazy that you say that. I think about it a lot. And I live my life by memes and and gifts. So if everybody else does, we'll be really good friends. And I always think of that thing like how I expected my life to go with this little graph, and then um how it actually went with just a scribble everywhere, and that was really my career path. Um so I started uh actually, I was a teacher back in the day, and I thought like I just wanted to do something very helpful um to society, and so I taught. I majored in biology, so nothing even close to technology. Um, and then I fell into a job with the Department of Defense doing process improvement and got interested in learning business, and then I navigated a couple different jobs there, um, started doing, you know, contract line item validation, compliance, um, risk management, and um ended up as a program manager on a program for insider threat for the government that no one else wanted because they didn't think it would grow. And I just was fascinated by security and started teaching myself and asking questions, and then along the way, moved up and out and had a few really good mentors to help me along the way, um, noticing that I put in the effort and all that stuff. And, you know, so I went from a pre-nursing degree to being a CISO here, which I never thought I would be either. Um, it was never in the career path for me, but I I realize it's a place where I can make a lot of change and kind of help people up and coming as well who are trying to navigate the same challenges. And so uh it's been a privilege. Uh, and here we are today where I'm helping to run a security team for a big hospital.

MIMOSO 3:02

Um healthcare, cybersecurity is one of the most complex environments I've ever kind of been involved with indirectly, obviously, but you know, there's this kind of linkage to between cybersecurity and patient care that's emerged fairly recently, I think. Well, it can you point back to like this turning point where these two things became so so intertwined?

ARNDT 3:24

So what look, I haven't been in healthcare a long time. I come from a background in defense, finance, crypto. Like, so I've seen a lot of different verticals and it gives me a lot of context. But I'll tell you when I got into healthcare and really started um getting a handle on the history there, you know, ever since the high-tech act pushed um interoperability, uh, which I totally understand why um the high-tech act came to be. So patients can send and receive information and get better care and the care that, you know, the information can be accessible and accurate, etc. Um, but I would say really since then, the interconnectivity um really funneled a velocity of adoption of technology that healthcare wasn't really ready for. And so, you know, it it's very similar. We're gonna, I'm sure, have a conversation about AI, but you know, healthcare is just, you know, being pushed to do uh things in a very quick time frame. And so, you know, cybersecurity became a necessity because of the quick and the vast and deep adoption of technology, realizing that the technology in healthcare as we had built it out is so complex based on versus other verticals, it's it became a necessity, a must-have. It is one of the most integral parts of our um our technology program.

MIMOSO 4:43

In terms of getting the clinical side of the house, for example, on board with with cybersecurity, I mean, that's not their job, but you have to and your teams have to convey that message. How do you how do you manage that successfully?

ARNDT 4:58

I I'm gonna give a shout out because it's a huge team effort. And we have a wonderful um cybersecurity liaison, or what we call an information security liaison who has been a member of our team for quite a few years now. And he is really a people person and um and delivers that message. And so we spend a lot of time as our team rounding at other hospitals um and just meeting them where they are and saying, hey, you know, do you have any problems? They may not have any problems, but every hospital campus gets visited at least once a month by this wonderful team of field engineers, our informatics nurses, as well as our information security liaison at minimum. And then each um each campus has an IT liaison. So one of the directors um is essentially assigned to make sure that they get white glove service. And so, you know, a lot of them to your point, it's an afterthought. They may have issues, but they're running around like crazy. And so they may think I'll I'll submit the ticket later, and it never gets submitted. So we not only do that to kind of be proactive about fixing um obstacles in their path, but um, our CIO, ACIO, and my boss, the CISO, take a very conscious role in um including our clinical leadership when there are significant technology changes to not only gain their buy-in and make sure that they understand what we're doing, but to really um have them give us their input from a clinical perspective and especially our um associate chief medical informatics officer or CMIO, they're a huge part because they have a big hand in the clinical side. So they can really bridge that gap between technology and operations. And I think that whole partnership just between all of um how this organization was built out really makes us successful.

MIMOSO 6:51

And is the messaging there? Again, just going back to kind of linking how cybersecurity can negatively impact patient care, or maybe not negatively, but threats can negatively impact uh patient care.

ARNDT 7:03

Yeah, the message is there and it's strong. It really comes from the tippy top as well. Um, our president, our chief operating officer, um, you and our CFR, CFO are a huge proponent of the criticality of cybersecurity. And um, they echo our messaging and um and really it's funny when I started here a couple of years ago, you know, I was told, hey, you know, I take, and this was by one of our leaders, I take information security very seriously, um, which is was great. It's a wonderful culture that they breed up at the top. Um, but you know, obviously, if we can spend on patient care and innovation, we would totally obviously do that, you know, above anything, because that's why we're here with the messaging, truly. It comes from the top and then it comes in the ground floor. We've we have a security um awareness program that creates champions across the board in each of our departments to help spread that message and to help almost the buddy system to say, hey, I have a problem or I have a concern or I don't know how to use this. And they help usher them in and make them more comfortable with using the security controls. And when we deployed um passwordless across our entire organization, we used a white glove approach to really partner um versus throw security at them. And I think that's really critical to success.

MIMOSO 8:22

It's really important to have that champion within those lines of business or on the tech side, right? I mean, that's that's invaluable.

ARNDT 8:29

Yeah, I think that's something that as I came up in my career and I'm still young in leadership. That was one of the biggest messages that resonated no matter what position it is. It could be a clinical worker, it could be the head of an organization. They don't want to feel like they're fighting you. They want you to understand the business. And I think you probably hear that a lot from people, right? Like CISOs are like, yeah, it's our job to understand the business. And can I I tell you that that was one of the biggest hurdles that I had to overcome is figuring out like what do they mean? Because everybody would say it, but no one would explain what they mean. And so it's not only understanding um the business from a um an operational perspective, it's understanding the business from a financial perspective, understanding how purchases are made and and how strategies are composed, like everything about it is so critical for a security leader. And our team, um, actually we we teach each other to make sure everybody is on the same page when their depth of knowledge with understanding operations.

MIMOSO 9:33

Yeah, I guess that's what they mean by speaking their language, right? Yes, it's it's the skill that it's those soft skills that are super important. So, in in terms of threats, I'm just curious, um, is ransomware still the biggest disruptive threat that either your bosses or the board asks your teams about, um, or or what else might you be cautioning them about as a security leader these days?

ARNDT 9:55

Yeah, I mean, when it comes down to it, ransomware is still a big threat. It's still very heavily on the radar. Um, we're actually on a regular basis, we run simulations to help make sure the team um maintains readiness. And my concern is ransomware has been such a big topic that they may lose sight of other things going on within the industry. And so uh really, I mean, vulnerability management and patching, I'm sure we'll get into it, is probably one of the biggest uh the other biggest risks as well. Um, because when it comes down to attacks and how they're occurring, it typically results in some sort of account takeover, some exploitive vulnerability, and um, they are able to commandeer your systems, move laterally and do whatever they set out to do. Um, there obviously we could talk about that all day. Everybody has their motives. But I'm really, I mean, identities and safeguarding your identities for me. Um, when I started here, I was given the identity program, has been one of my biggest focus areas because even in the realm of AI, what is AI? It is still just an identity, and identities can be exploited, and non-human identities have always been a big focus area. So that that's another thing. I mean, ransomware, the exploitation of accounts that are not secured correctly to get keys to the kingdom and move move around the your systems.

MIMOSO 11:24

I I'm glad you brought up patching because I everybody in healthcare knows the difficulties about patching and the need for compensating controls. But what what are some of the realities? Okay, so today uh a major vulnerability drops in an insulin pump or some kind of critical system. What happens on your end in terms of the vulnerability management and assessing that that risk and that threat? Because your hands are tied in terms of receiving a patch. It takes a while, right?

ARNDT 11:53

It does, yeah. And so we have a continuous, uh I think patching and vulnerability management has moved into CTEM, like continuous, um, continuous risk review and and management of those vulnerabilities to figure out really what is the true impact to your organization given all of those controls around it. Medical devices, I'm glad you brought it up. It's a huge focus area, has been for a while of the healthcare industry, um, because of the limits that we run into with, you know, you can't touch the device with anything from a security perspective. So you can patching is limited, no agents, um, you know, very strict vendor constraints. A lot of them have hard-coded IP expectations, legacy protocols. I think uh our medical device leader said it takes like two years to get through an FDA cycle sometimes, which by that time a lot of it is you know outdated. How often do we refresh our laptops because they're already outdated? And then unknown communication patterns is a big one. Um, and then you're worried if you change something. I mean, God forbid uh you could, you know, upend that. And medical devices are such a critical part of patient care and also of innovation. And innovation is an area where St. Luke's thrives that you know we have paid attention to that stuff and especially the vulnerability management. And one of the things that we've done that has probably been one of the best investments in a long time here has been um micro-segmentation. And so I can't take any credit for that. Um, I give full credit to our senior enterprise security architect, Dan. Um, but it was a wonderful project and it was absolutely worth the effort just to kind of help, to your point, um, compensate for the fact that we do have limited capacity to secure medical devices.

MIMOSO 13:42

All right. So let's let's talk about that project because I know that this is something that you guys went through and and um this is a big control for healthcore healthcare organizations in the context of you know the patching challenges that you might have. What what drove this project specifically?

ARNDT 13:59

Were you is this was there a specific challenge you were trying to address or um so it was something as a best practice because our security program likes to be as proactive as possible that they were already trying to implement um prior to my starting here two years ago. But traditional segmentation, you know, takes a lot of effort. Um, it's a lot of manual change, right? Like traditional VLANs um and IP addressing and everything that comes with the traditional controls can hinder your speed of getting this stuff in place. And and healthcare moves so quickly, uh, we needed a better solution. And so we actually came across an identity-based solution, Elicity, which a lot of healthcare folks have adopted and has been doing wonders for us, which uh is you know focuses on attributes of the system. So traditional segmentation is IP and VLAN-based versus elicity being identity-based. So instead of using central firewalls, we use distributed enforcement um at our switches. Uh, instead of static rules, we use dynamic, context-aware policies. Um, instead of it re-requiring this like in-depth redesign that you know could result in some domino effect of an issue that we can't pinpoint. Uh, it uses existing infrastructure or existing uh Cisco switches. And then uh instead of broad zones, we do a per device segmentation. So like it um it's really cool. And and we found it by getting out and and kind of going to conferences and meeting people and talking to other um other healthcare organizations, such as Mainline, who was one of the first ones to do this. And it really identifies, um, which is amazing from someone who thrives on identity programs. Um, it identifies like, hey, it's not just this nebulous um asset here, and we are trying to figure out what it is in this big pot, right? It can segment it down to, you know, who uses it where, what does it do in the organization? And so all of those attributes are recorded within Alyssi's platform and really helps us to control it at the level of minutiae that allows us to um make sure that we're not blocking devices. We know what they do, like we have great visibility, and um, we can make sure devices are grouped together. And so it allowed us to um open up our doors to some more innovation when it comes to um surgical robotics, which has been awesome from the clinical perspective.

MIMOSO 16:43

So before we get into the robotics part of it, just segmentation is is notoriously complex. And I'm just curious from a perspective of, for example, trying to segment medical devices properly, what are the chances for disruption if this isn't correctly done? I mean, what are some of the things that you guys had to think through as you were implementing this initiative?

ARNDT 17:05

Yeah, I mean, it's it's very common, right? Um so instead of having to deal with complex firewall rules, for example, where I mean, you know, one, someone here tells a story who's been here a while on my team, how when he was young in his career, he accidentally changed the firewall rule that caused an outage for like hours. And so even something as simple as that, and and I am not by far going to um to say that I'm an architectural expert, which is why like I am where I am and Dan where he is where he is. But just the outages by um the complex chain of changes that you have to make in traditional VLAN um setups is a huge concern. And so um Alyssy has simplified that significantly for us, where you don't have that chain of events where you can be searching for a day and a half as to why, you know, it it maybe a simple rule was accidentally changed and and you don't have to search and try to put that chain together as to why. Like it really reduces the time um that teams are spending just doing damage control, and it significantly obviously reduces the the probability so that way they can move on to bigger and better things.

MIMOSO 18:17

Yeah. And you mentioned you know, the the quality and level of visibility you have. That really is the necessary first step. I mean, uh kind of talk about what you know that excellent visibility and complete or as complete as you can get an asset inventory of the devices in your organization. What does that enable in terms of the rest of the security program?

ARNDT 18:40

Yeah, I mean, I come down to it as a security leader that we can't um secure what we don't know. And so, you know, identification of things on our network and what they do and how long have they been there, who has touched them, and then feeding that telemetry back and forth. I think Gartner coined the term like uh uh mesh network, right? Like everything talking to everything, and really that's what we're getting to here is that telemetry can actually be fed into our sim. It can be fed into our um our identity resilience provider some Paris, where we can then correlate and enrich that across all of our platforms to really have a near real-time understanding of what's going on, how it's being used. You know, is it working correctly? Are we doing something to block it? Like, is it secured correctly? And so for me, the graph that you get in Elicity and the details that you get from those devices, the the tagging that occurs when you set this up, um, because I I oversee a great security operations team, has enriched our data to understand what's going on in our environment in near real time. And then obviously the asset validation is huge. You know, if if there's a a new asset that shows up, it needs to be allowed on our network. Like we're not going to automatically allow that stuff. It gets isolated in a bucket. So um, so yeah, all of the above, so much, so much opportunity when you have something like this with so much visibility.

MIMOSO 20:06

You shared some stats before we talked in terms of some of the wins here, how how quickly this project came together. I think it was 45 days. Um, you know, no outages, no IP address changes. How big of a win is it to have no IP address changes for devices that are segmented?

ARNDT 20:22

Oh, oh my god, concern going in.

MIMOSO 20:25

Yeah.

ARNDT 20:25

Yeah, that that's a big concern, especially uptime is a key metric that uh everything that we design in healthcare is designed around uptime of our core critical systems and capabilities to make sure that you can provide patient care. Imagine if someone was coming in the emergency room and because of an accidental or an incorrect IP address change, or you had to change an address and we had to wait for something to update, that a system was unavailable for care and how that would affect somebody's life. So, I mean, super critical that there was absolutely no downtime and that the platform is built to facilitate that with the understanding of the complexity of healthcare.

MIMOSO 21:03

Tell me a little bit about um the robotic surgery part of this story, because I think it's pretty cool and just like maybe give me a before and after of how this whole project enabled uh this to happen.

ARNDT 21:16

Okay. I I can go into a little bit of detail. I don't know a lot about the specific, um the specific robotics that were being considered, but I can tell you the backstory here is we have a very tight risk management program. And so um one of the things that it and and again, this is where it goes back to our conversation of the support of the organization, the culture of they understand um why we make the decisions we do. But, you know, one of our our clinical arms wanted to bring aboard some um some innovative surgical robotics, and um, it didn't quite meet our security standard. And so, you know, the answer was no. And I know in the video that Alyssia did, you always Uh, my boss, because he built this program with Dan from the ground up over about 12 years' time. And, you know, there's a joke inside, and we hear this a lot in security, you don't want to be the office of no. And unfortunately, although they don't want to, they had to because it's if you don't have them isolated on their own area of the network, and if they have public or outbound access, right, like they're so easily susceptible. And a lot of these robotics and biomed devices nowadays to feed diagnostics back to some central like cloud location, something with the vendor. And it's really difficult to allow them and allow them to function correctly without that connectivity. And so we had been able to allow certain robotics to function, but have had to isolate them so they are not allowed to talk back. And um, so it was a little of a challenge. You could still use it, but the diagnostics, you know, the clinicians weren't getting the diagnostics that they needed to really improve their services. And so as soon as we had this in place, it becomes, you know, not no, we can't do it at all. It becomes, okay, now that we know that we have these isolated buckets and we have the blast radius contained, if something happened, what can we allow to start um reconnecting that outbound connectivity and allow some um some agility for our clinicians to really do what they do best, which is to innovate in their space. Um, so that that's about the level of detail I can give.

MIMOSO 23:31

No, it's great. And it's, you know, I I think that whole discussion of, you know, security can't say no, they have to figure out how to do it safely. That's a really good example, a shining example of what that means and how to successfully carry that out.

ARNDT 23:47

Yeah, that's something we struggle with. Um everyone has their every department, you can be a um a clinical department, you can be a chief finance officer, everybody has their rails as to what is acceptable and what's not when it comes to a balanced risk-based program. And unfortunately, you know, fortunately for us, we have amazing support from our senior leaders that says, I accept your rails, your recommendations, because they see what the potential outcome could be. Um, but unfortunately for the clinicians, you know, the rails had to be a little bit more stringent than we wanted to because we needed that additional control in place somehow, right? Like you're not going to be able to do it through those devices. But um it, I'll put it plainly, it sucks. I I got into healthcare to help innovate. I was in crypto. Innovation is probably one of my favorite parts. It keeps us interested. It really lets you know that you're doing all you can to try to help patients get literally the best care um in the country. And that's why we rank top in quality this year. And so the fact that the team was able to accomplish that and and big, big props to our networking team, our endpoint teams in IT, like it was a group effort. Um, but yeah, it it's almost it's one of those you second guess your decision often when you have to say no to something because you know what the potential um implications could be.

MIMOSO 25:10

All right. So before we wrap up, I have to ask you about AI. It's obligatory.

ARNDT 25:15

So we're gonna start a drinking game now.

MIMOSO 25:19

There you go. It always gets these gets us through these these episodes quickly. Um so let's start with you know the frontier models, things like Claude Mythos, obviously, really in the headlines in the last month or so. Um, how do you anticipate, for example, vulnerability and exposure management management changing in the near future because of the speed of vulnerability discovery, exploit development really compressing because of these models?

ARNDT 25:48

Yeah, it's an arms race already. We talk about that constantly in my CISO signal chats. And um, I would just came back from HealthSec Boston, which is very healthcare leadership focused and sharing our concerns and what we're doing to counteract that. So, what are you seeing? Like, I think zero days identified and exploited in in like, you know, maybe an hour and a half or something. I forget that stat that I just saw, but it is insanity. A human can't physically move that fast. Um, so Trump just came out with his mandate, and we were talking about it um the other day. And so it's top of mind. And essentially what they're trying to do as part of his AI mandate is provide funding to organizations who are trying to innovate in the vulnerability management space to help figure out how we more autonomously and more near real time not only identify, but how the heck do you patch? I mean, patch sequels can take a month. And if you can exploit in hours for a if you can identify and then exploit in hours, I mean, the humans are behind. So you really have to do something to, again, like we did with segmentation, like you know you're gonna get hit. So how do you limit the blast radius? But on a positive end, um, I've seen healthcare, major healthcare tech and innovation vendors using it anthropic to their benefit right now and really shifting left when it comes to code quality and identifying um insufficient code and secure code, those types of things sooner in the software development lifecycle. And so, really, what we need to do now is figure out from a patch cadence, you know, with an EMR, you don't want to patch, you know, you can't push patches like every week, right? You have very minimized downtimes that you can afford in an organization. So, like, how then do you work those, you know, more commonly identified um vulnerabilities and code fixes into your update cycles? And so that's something we're specifically seeing in healthcare. Um, I don't know, it depends on the day. Some days I'm I'm glass half empty and some days I'm glass half full. I understand the implications and what we're up against when it comes to these, you know, the autonomous attacks and you know, buying AI bots on the dark web. Like we we're almost fighting a losing battle. But what Mythos has changed the narrative on very significantly is changing us from information security into cyber and information resilience. And because organizations are not thinking anymore, CISO, you have to prevent everything. They're thinking, okay, we know like the message finally has sunk in. We know you can't prevent everything. Where do you stand or where do we stand as far as resilience perspective? How hard can we fight back? How long can we stand before we are able to eradicate and get the business back up and running as usual? And really revisiting, which is cool from an infrastructure perspective and from a financial perspective, revisiting truly what are our core critical assets that we need to sustain and where does it make sense to invest in their resilience versus the conversations where you try to tear things out and everybody thinks their stuff is the most critical. So everybody wants to spend on resilience and it just doesn't always make sense. So the CIOs are kind of happy about that.

MIMOSO 29:08

For sure. Yeah, I you mentioned the the AI executive order. I there's provisions in there too to extend these models, uh, it would seem to you know smaller hospitals and critical infrastructure that may not be so well resourced. Sounds like there may be an opportunity to leverage these models of as defensive tools as well, which is encouraging.

ARNDT 29:28

Yes. And so for if I were a small rural hospital and like I came from a, I was a CISO in National Orthopedics prior to this role, and my team was small but very mighty. And so if you hire some really key go-getters who are interested in um in dabbling in the technology and figuring out like what can you use it for that it wasn't made to use for? I think like instead of investing in numbers in a security team, because rural always has an issue with funding, which is why they're you know subject to getting the free AI help, like, where can you invest strategically with someone who maybe came from a tech organization and wants to dabble and do really cool things? And so there's a lot of opportunity there. I like that our government has um put more and more emphasis on small and rurals because Health Isaac and Health Sector Coordinating Council, which I'm a part of, um, has been lobbying for help for rural healthcare for a very long time. And so it'll be interesting to see where that goes. Um, we're a small community, and so even hospital systems like us like to jump in and say, hey, you're getting this. How can we help help you innovate with it? Because, you know, we have a pretty vast team.

MIMOSO 30:41

Um, so as a last question, just another AI question, but from a productivity perspective, uh, an efficiency perspective, where are you seeing just AI in general making improvements in either time savings or again efficiency, et cetera?

ARNDT 30:56

Yeah, that's a good question. Um, so I'll tell you one of the cool things we have done with it is we're I don't know specifically what you call it. I I call it a design partner, but a partner with Microsoft, and and we test out a lot of their stuff um before it goes. Um, so we're in private preview, and we were able to do some neat things with Copilot. I think there was a um an article about that on the internet, but ultimately it it saved us. Incident reports are the obvious, but what was a really cool thing is the autonomous triaging of fishing, the autonomous triaging of tickets to take that tier one, for example, um, and really help your analysts spend time doing the deep dive analysis that they should be doing instead of going over. I mean, we have like 11,000 tickets a month through security operations. That's insane. So imagine a team of I I think we're what, like five people or six people right now going through 10,000 tickets a month on top of supporting projects, right?

MIMOSO 31:54

You're never gonna win.

ARNDT 31:55

No. So I they were so ecstatic when um we partnered with Microsoft to incorporate co-pilot into um analysis. Um they have a great analysis engine and um Defender and Sentinel, and then really um triaging those tickets with the help of their Defender for Experts team uh on the back end and taking all that administrative burden off, the incident reports for you know, all the documentation. Truthfully, from an um investigation standpoint, it has been phenomenal. It it really helps point you to what your next investigation step should be instead of figuring out it or trying, you know, chasing your tail.

MIMOSO 32:36

All right, Chris, I think that's a good place to leave it. Um, thank you so much for coming on the podcast. This is great stuff, and I think uh there's a lot of valuable information for the listeners here. So I appreciate your time.

ARNDT 32:47

Yeah, likewise, always happy to share. One of the biggest things we can do in security is share with our peers um where it makes sense. So hopefully it helps someone. Yeah, no, it makes a difference.

MIMOSO 32:59

Makes a difference. All right, thanks, Krista. Bye-bye.

ARNDT 33:02

Thank you.

Healthcare
Cyber Resilience
Operational Resilience
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
derbyshire.jpg
Cyber Resilience
Industrial
Operational Resilience
Operational Technology
Risk Management
Vulnerability Management

Nexus Podcast: Ric Derbyshire on Living-Off-the-Plant OT Cyberattacks

Michael Mimoso
Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT.  Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure.
Internet of Things
Vulnerability Management
Risk Management
Operational Resilience

Nexus Podcast: Deral Heiland on Weaponizing Cellular-Based IoT

Michael Mimoso
rob-king.jpg
Industrial
Operational Technology
Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations

Michael Mimoso
nexus_samir.jpg
Industrial
Cyber Resilience
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: MITRE on Caldera for OT Adversary Emulation

Michael Mimoso
Tiffany Wilson, the founder of Wilson Inclusive Solutions (WINS), a disability accessibility consulting firm, joins the Nexus Podcast to discuss the proliferation of consumer technology into healthcare infrastructure. This technology—smart speakers that help manage medications or cameras that monitor vulnerable individuals—often handles patient data and safety, and operates in a regulatory void.
Healthcare
Risk Management
Internet of Things

Nexus Podcast: Tiffany Wilson on the Security Crisis of Consumer Tech in Healthcare

Michael Mimoso
nexuspod_joe-slowik.jpeg
Operational Resilience
Operational Technology
Internet of Things
Industrial
Healthcare
Cyber Resilience
Risk Management

Nexus Podcast: Joe Slowik on Securing Exposed Internet-Facing Assets

Michael Mimoso
On this episode of the Nexus Podcast, Health-ISAC VP of Medical Device Cybersecurity Phil Englert discusses the cybersecurity risks introduced by legacy technology in healthcare and how it impacts patient care and safety. He also brought context and insight into the U.S. Food and Drug Administration's (FDA) updated guidance on cybersecurity requirements for medical devices aimed at manufacturers and premarket product submissions.
Healthcare
Cyber Resilience
Vulnerability Management
Risk Management
Technical Debt

Nexus Podcast: Health-ISAC's Phil Englert on Medical Device Cybersecurity

Michael Mimoso
On this episode of the Nexus Podcast, Rafael Arakelian, the OT/IoT Cybersecurity Manager for Accenture, joins to discuss the inner workings of Operation Grim Beepeer, a 2024 Israeli operation that used booby-trapped pagers and walkie talkies to injure or kill Hezbollah members. Raphael studied the technical, cybersecurity, and supply-chain risks involved in this operation, and shares how those lessons can be applied to operational technology.
Industrial
Cyber Resilience
Operational Technology
Operational Resilience
Risk Management

Nexus Podcast: Raphael Arakelian on Operation Grim Beeper

Michael Mimoso
Adm. Michael S. Rogers, USN (Ret.) joins the Nexus podcast to discuss the Biden administration's National Cybersecurity Strategy, and its themes of cyber resilience and critical infrastructure protection.
Risk Management
Cyber Resilience

Nexus Podcast: Adm. Michael Rogers on the Job of NSA Director

Michael Mimoso
On this episode of the Nexus Podcast, Michael Pyle, Director of Product Cybersecurity at Schneider Electric (SE), joins the Nexus Podcast to discuss Internet Exposure Prevention, a new SE approach to preventing illicit connections to internet facing OT and industrial control systems (ICS) that are insecurely connected to the internet.
Operational Technology
Operational Resilience
Risk Management
Cyber Resilience
Industrial
Vulnerability Management

Nexus Podcast: Michael Pyle on Securing Internet-Facing OT, ICS Assets

Michael Mimoso
gus.jpg
Industrial
Cyber Resilience
Vulnerability Management
Operational Technology
Operational Resilience

Nexus Podcast: Gus Serino on the Efforts of a Massachusetts Water Cybersecurity Collaborative

Michael Mimoso
ricci-s4pod.jpeg
Vulnerability Management
Operational Technology
Operational Resilience
Cyber Resilience
Industrial

Nexus Podcast: Dan Ricci on Four Years of the ICS Advisory Project

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
On this episode of the Nexus Podcast, Krista Arndt, Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network of Pennsylvania and New Jersey, explains how healthcare's rapid adoption of technology has created cybersecurity exposures that must be mitigated. Compensating controls such as microsegmentation have also enabled innovative new procedures that improve patient care.
Healthcare
Cyber Resilience
Operational Resilience

Nexus Podcast: Krista Arndt on Healthcare Cyber Resilience
Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT.  Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure.
Internet of Things
Vulnerability Management
Risk Management
Operational Resilience

Nexus Podcast: Deral Heiland on Weaponizing Cellular-Based IoT
rob-king.jpg
Industrial
Operational Technology
Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations