top of page

The Security That Already Exists: Andrew Carney on Why Healthcare Keeps Getting Hacked

Andrew Carney started his career in classified offensive cyber operations, writing code to break into systems for a living. After a decade of that, he joined HSBC as a defender and landed during his second week there in the middle of the Log4j crisis, one of the most significant software vulnerabilities ever discovered. He now runs cybersecurity programs at ARPA-H and DARPA, translating national security tools into healthcare.

He came on Inside MedTech Innovation with a thesis Shannon has been testing across dozens of conversations: the technology to secure healthcare already exists. Getting it adopted is the problem.

This episode covers why healthcare is the most targeted and least defended sector, what a "locked down" device actually exposes, how digital twins let hospitals stress-test entire networks without touching a patient environment, and why Andrew told every medtech founder in the audience not to vibe code anything.

Who Is Andrew Carney? [03:43]

Carney spent a decade in classified offensive cyber work before moving to the private sector to defend at scale. His second week at HSBC coincided with the disclosure of the Log4j vulnerability, a critical flaw in a logging library used in systems worldwide that became a global attack vector almost immediately. He describes being pulled into the response alongside the entire security team, learning to defend by doing it in real time at one of the world's largest financial institutions.

He came to ARPA-H (the Advanced Research Projects Agency for Health, established in 2022 and modeled on DARPA) to run DigiHeals, the agency's first cybersecurity program. DigiHeals funds high-risk, high-reward research specifically aimed at adapting national security cyber tools to healthcare. His background, knowing how attackers think because he used to be one, shapes how he designs those programs.

Why Healthcare Is Defensible — and Why It Isn't Being Defended [12:42]

The conversation opens with a distinction Shannon draws out of Carney early: cybersecurity in healthcare is not an IT problem. It is a patient safety problem.

"The reality is that this is a business problem. If we're looking at healthcare cybersecurity, this is a patient safety problem."

That reframing matters because it changes how organizations prioritize. IT problems compete for infrastructure budget. Patient safety problems compete for a different kind of attention. Carney argues that most healthcare organizations have not made the shift: they are managing cyber risk the way they manage server uptime rather than the way they manage adverse events.

The threat picture he describes is not abstract. He asks you to "imagine that you have a system administrator whose primary job is to make your hospital less useful", someone with inside access, patient data, and the ability to lock devices, lock doors, and disable care systems simultaneously. That is what a sophisticated ransomware attacker looks like from inside a hospital network. And healthcare networks, built over decades around device interoperability rather than security, give attackers a long list of entry points to choose from.

The specific vulnerability picture for medical devices is worse than most medtech teams realize. A device that passed every required security audit may still be running legacy operating systems no longer receiving patches, communicating over protocols designed before networked threats existed, and sharing network access with every other device in the facility. "Locked down" is a marketing claim. Carney treats it as a question worth testing.

What Andrew Saw at HSBC During Log4j [14:18]

The Log4j story is worth understanding on its own terms.

Log4j is a logging library, software that records what systems are doing. It was embedded in applications everywhere, including systems where no one knew it was there, because it was included as a dependency inside other dependencies. When a critical vulnerability in Log4j was disclosed in December 2021, every organization that had ever used any software with Log4j in its dependency tree had a potential exposure. The number of affected systems globally was enormous. The attack surface materialized almost immediately.

Carney was in his second week at HSBC when it hit. He describes the response as total mobilization: every security team member pulled off normal work to map every system that might be affected and patch or contain it before attackers could exploit it.

His analogy for what Log4j represented: "You could open a letter, invisible robot jumps out, can control all the locks and doors in your house." Text input, processed by something you thought was benign infrastructure, could give an attacker full control. The attack did not need to look like an attack.

For healthcare, the Log4j lesson is particularly sharp: medical devices and hospital systems contain software dependencies that nobody has fully inventoried. DigiHeals is building tools to surface exactly those dependencies, map what each piece of software actually does, and find the discrepancies between what the documentation says and what the code does.

DigiHeals: What ARPA-H Is Building for Healthcare Cybersecurity [32:04]

DigiHeals is not one program. It is a portfolio of high-risk research bets, each targeting a different part of the problem.

UPGRADE (Universal Patching and Remediation for Autonomous Defense) creates digital twins of hospital environments, complete virtual replicas of a hospital's network, devices, and software, so that patches and security fixes can be tested against the real environment before anyone touches a live system. Patching in healthcare is dangerous precisely because the systems being patched are running patient care. You cannot take down an infusion pump to test a software update the same way you can take down a web server. UPGRADE moves the testing environment out of the live system entirely.

The Tulip Tree program goes further: a full cyber range, a digital twin of an entire network environment where security researchers can run attack simulations, test defenses, and stress-test systems without any risk to patients.

Karambit addresses a different problem: the gap between what software documentation says it does and what the code actually does. Carney calls this a "software bill of behaviors", a natural language description of actual code behavior that can be compared against specifications to find discrepancies. NARF Industries, one of the Karambit performers, focuses specifically on healthcare data formats like FHIR, finding places where the implementation deviates from the spec in ways that create vulnerability.

The program that Carney cites as one of the most striking results is one that finds and patches vulnerabilities autonomously, with a 95% acceptance rate from human developers reviewing the patches. The tool is not overriding human judgment, developers are reviewing and approving every patch. But it is generating patches that developers accept at a rate that compresses the timeline between vulnerability discovery and remediation dramatically.

Carney's framing: "Wouldn't it be great if you never had to have that adverse event in the first place?"

The Failure Model That Makes ARPA-H Different [01:02:49]

ARPA-H is structured to fund research that no one else will fund. The investments are explicitly high-risk and high-reward. Program managers like Carney have term limits, significant autonomy, and a mandate to run toward the hardest problems.

Shannon presses Carney on what it means for a medtech company when an ARPA-H-funded program does not pan out. His answer is direct: failure is the point.

"If we're not failing frequently, then we're not shooting high enough. We're not thinking big enough."

Healthcare cybersecurity has never had federal research investment at this scale before. The programs DigiHeals is funding are not incremental improvements on existing tools. They are bets that the right combination of national security expertise, purpose-built healthcare context, and adequate funding can produce capabilities the market has not produced on its own.

Carney describes becoming an ARPA-H PM as a position unlike any other in government or industry: "There is no other place on earth I think that gives you that opportunity." No committee approvals on individual research decisions. No tenure to protect. A fixed window to make high-risk bets on ideas you believe in, then step aside.

What Medtech Founders Should Do Right Now [1:15:47]

The rapid fire at the end of the episode produced one answer worth writing down.

"Don't vibe code anything."

Vibe coding, using LLM-assisted tools to generate code without fully understanding what the code does, is propagating into medtech teams the same way every other development trend does. Carney's concern is not philosophical. The same AI tools that help developers write code faster are helping attackers find vulnerabilities faster. The window between flaw and exploit is shrinking.

"Flaws are exposed, they're weaponized, they're potentially leveraged much, much faster."

A developer who uses AI coding tools but cannot fully review the output is creating software vulnerabilities at the same speed they're creating features. In medtech, where the output runs on devices attached to patients, that risk is not abstract.

The ARPA-H programs Carney is funding assume that attacks will happen and focus on limiting damage and recovery time. The advice for medtech founders is about not volunteering attack surface you did not have to volunteer.

What This Means for MedTech

Shannon's thesis going into this episode was that the technology to secure healthcare already exists. Carney's evidence for it is DigiHeals: digital twins of hospital networks, autonomous patching with developer-approved accuracy, software bills of behaviors that surface what code actually does. These tools exist. They came from national security contexts and are being adapted to healthcare now.

The barrier is not invention. Hospitals have not adopted digital twin testing environments. Medical device companies have not mapped their full software dependency trees. Developers are generating code with LLM-assisted tools without understanding what those tools are producing.

The question Carney returns to throughout the episode: if the technology exists and the need is clear, what is the path from one to the other?

"I cannot think of a place where the need is higher than in med tech, than in defending hospitals."

The path runs through ARPA-H, through the SBIR lineage that takes proven research into commercial development, and through medtech founders and CISOs who treat cybersecurity as a patient safety problem rather than an IT line item.

Inside MedTech Innovation is hosted by Shannon Lantzy. This post was created with AI assistance from the full episode transcript.

 
 
bottom of page