This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
This episode is brought to you by Island.
Today's healthcare staff needs safe, convenient, and dependable access to patient data across various applications. Island, the enterprise browser, simplifies and secures healthcare data access. It's a new take on the most common application we use every day, the web browser, tailored for the unique demands of healthcare.
Clinicians can safely log in from any device to interact with HealthSystem applications and PHI. Built in last mile controls keep data where it belongs, so access is simple, data is safe, and patient care is smooth. Visit ThisWeekHealth. com slash Island to see Island for yourself Today on Unhack the News.
(Intro) If you don't just think of it the old way of we can cut and paste once, why are we doing that? What if you can have a whole palette of ways to integrate that data and workflow move faster, instead of worrying about like a millisecond on the latency of the cloud what if we could just make up minutes? Or hours by streamlining a process
📍 📍
Hi, I'm Drex DeFord, a recovering healthcare CIO and long time cyber advisor and strategist for some of the world's most innovative cybersecurity companies. Now I'm president of this week Health's 229 Cyber and Risk Community, and this is Unhack the News, a mostly plain English, mostly non technical show covering the latest and most important security news stories. And now, this episode of Unhack the News. (Main)
Hey everyone. It's Drex, and this is Unhack the News. John Kirkman from Island is with us today. How you doing buddy? Great Drex. Just came off an awesome weekend and happy to start my week with you. Nice. where are you today? Where in the World is John? I am in Lake Tahoe. Oh, fantastic.
And the weather there is awesome, or no? Oh, yes. It's pretty much always awesome in the summer. Yeah, like low 80s. We had the big Pro Am golf tournament with all the people in town over the weekend, so that was really fun. Ah, yeah, awesome. So we're going to hit some news stories today. Some of the kind of interesting things that are happening the world and in our world of cybersecurity, my world of cybersecurity, there's always something crazy going on.
stomers, all the data is from:Text and call data, all that kind of stuff. What do you think? Why does this stuff keep happening?
Yeah, I think there's, it's about disruption, but it's also about trying to monetize things. Obviously, in healthcare, we see more around ransomware, which that's a little more obvious because they're asking for something.
Maybe with the phone company it's other things, right? Other factors for why they want to do this. But the important part to note is layering additional controls around your data is always gonna be important, particularly having that, just things that have been around. Multi factor authentication.
The more you put in front of these things and make sure the right people are the people getting access to the data are who they are. You're going to be able to solve for some of this. So I think some of it's just block and tackling and bad luck, but it's a big one. For sure. Man, the MFA thing is a huge deal right now.
We continue to see people pressing the button on that. Like you got to get MFA out there. You got to get MFA out there. And a lot of folks are just. Resistant to it. Challenge you see too, as you talk to folks? What I think is it comes down to a user experience conversation, right? Because you don't want to disrupt the user from getting to what they need to do their job.
You don't want to slow that down. That's very germane in our business, right? That's why there's these tap and go technologies and things to help right at the point of care. But the trick now is how do we modernize and have these secure systems, but have it work in the workflow so that it doesn't feel onerous, so it doesn't stop people.
And that's why I think people are afraid to, add additional steps in the process. So how can we simplify and do it in different ways? And there's lots of new ways to do that. So. It's just about embracing some of the new and thinking about how that might work. I think that's totally right.
There's so many technology changes. The bad guys change. There's new ways of doing things. We think about, Oh, we need to add additional security like MFA or whatever the case may be. We always think about it inside the prison that we've built for ourselves, if it has to work like this. So I like your thinking that we have to Open our minds a little bit to solving these problems in a different way.
Not the same thing over and over again.
Yeah. I think there's factors. There's, you have to think about it. There's the content you're protecting and then there's the context. All right. If you have both of those as your kind of vectors where you're thinking about so for instance, like if you have certain information that has a stronger security posture you want around it, then how can you dial up?
Or force higher levels of multi factor authentication in those instances. And which ones do you not need to do that? Which ones can we keep? So how do you get that granularity of how you grant this authority? And I think, again, that's out there. It's doable. It's just another project.
That's really interesting, right?
Cause one of the stories that I was going to talk to you about too was around tech debt and the legacy data, the legacy tech debt being an Achilles heel for critical infrastructure, including healthcare. In the story, they talk about things like water systems and other stuff, but it's definitely a challenge for us too.
All the cranky old software and all the cranky old hardware that we have and that we've had for a while. So this idea of. In a lot of ways, the way we do security today is that we have to secure everything at the top level, like top secret. Everything's top secret because we don't have any way to do some of that granular kind of work, right?
This legacy issue is, again, this is something I know you're seeing a lot of out there.
Yeah, for sure. Definitely. There's a lot of legacy in the healthcare world. Right. And particularly, even if you look at many of the popular EHRs and the like, they don't necessarily have the most modern architectures. So now we're having to bolt on things or stream, you're basically like streaming a version of an application across a network and backhauling data and doing all this madness.
But 15 years ago, that was pretty novel that you could even just do that. But now it's like. We really don't, there's so much more web based software in the wild and in the environment. Both inside and outside of the network that like, how can we harmonize and bring these together better? I think it's some of the themes you'll see.
And trust me, like all the EHRs, they want to get to the web too, because they want to get hosted or they want to have somebody, nobody wants this stuff. Then least of all, it's really expensive if you're a major operator of technology and you've got a bunch of legacy connector stuff in there. So like, how do we streamline that out?
I think, cause you're going to see a lot of that in the next several years. It's happening now.
Will it be done you think by just buying new equipment and buying new software or this goes back to our earlier conversation about some of this legacy issue isn't about just buying new stuff to replace the old stuff.
It's really about thinking about the problem in a whole different way.
Oh yeah, absolutely. And there are some forward reaching, forward thinking folks in the security community that tend to also the ones that span and think more like in a CTO fashion or in a CIO fashion, they're having these business conversations and they're having architectural conversations, so the CISO job is not just protecting anymore.
It's really educating and it's expanding the discussion. And. The CTO's job is security too, and the CIO's job is security too, right? So how do we harmonize it across that? But I think it's, at first it's a recognition of, okay, this is not, we did a lot of things, especially COVID really accelerated a ton of this, which was good in some ways, but we rushed to it and we just took what we had and we and in the moment.
Just like we're going to take auto plants and turn them into respirator equipment manufacturers and what have you, right? We had to do what we had to do. Now people, I feel like I'm talking to lots and lots of senior leaders around the country in large health systems and small. And a common theme is let's take stock again and say, wait a minute.
Maybe we can look, cause we've racked up a ton of tech debt just to your point. And we got to get a handle around that. Cause we can't do some of these new modern things if we're just It's paying so much to keep the lights on. So let's look at rationalizing, getting some of those things to be a little more simplified and rationalized so that we can then direct our efforts, both human power and money and towards this modernization.
📍 📍 📍 📍 Hi everyone, I'm Sarah Richardson, president of the 229 Executive Development Community at This Week Health. I'm thrilled to share some exciting news with you. I'm launching a new show on our conference channel called Flourish. In Flourish, we dive into captivating career origin stories, offering insights and inspiration to help you thrive in your own career journey.
Whether you're a health system employee in IT or a partner looking to understand the healthcare landscape better, Flourish has something valuable for you. It's all about gaining perspectives and finding motivation to flourish in your career. .
You can tune in on ThisWeekHealth. com or wherever you listen to podcasts. Stay curious, stay inspired, and keep flourishing. I can't wait for you to join us on this journey.
Yeah, tech rationalization and application rationalization. Are you're seeing a lot of that out there?
Big time. And if you think about it too, again, in healthcare, M& A is always a thing.
acquiring or divesting something at all times. These big systems, right? You see it. It's constant and that's fine.
What comes with that can be very risky. And so it's being able to , look at how do we maybe stand up some way to work together until we fully bring these systems together, right? How do we do that in a safe manner without slowing down the practitioners? So there's methods for all this. And that's the exciting part to me is that there's a lot of new ways to look at this.
But to your point, I think a moment ago, when you said we can't just be stuck in our like little silo of how we've been thinking you do this, right? Sometimes it takes something totally new. Let's rethink this thing. Wire, we're using some tech that's pretty old, that hasn't really evolved and that's designed for other use cases and we've adapted it.
We don't have to, we just need to be open to a conversation to say, here's where things are heading. Yeah. And Gartner and some of the other major pundits see these waves coming and pay attention. They see changes afoot and the cloud enabled that. And although I just said disparagingly that COVID caused us to do some weird things, it also it moved us forward.
Yeah, no, for sure. I think the sort of speaking of all that, the last article that I wanted to chat about was from the Wall Street Journal, right in your wheelhouse I think you guys were even called out in the article internet browsers are getting a makeover for the workplace. And I think there's the, you're big time when the Wall Street Journal starts to call out the new tech and the new ideas that are built around things like.
Browsers for work, enterprise browsers, security, and the business experience all in one package, right? Yeah.
Like I mentioned, a lot of these things, like the browser became the most deployed application in the world, probably by accident in a way, it just happened over time, but what other major mission critical application in an enterprise that is a consumer product that doesn't even have support,
that is
odd, right?
But that's what's happened. So to deal with that, bolted on. And the idea of the enterprise browsers, it's built in instead of built it on. So now instead of having all these ancillary things to make a consumer product work. We can go back and rethink and say, what if we just designed it from the get go?
And thankfully some, the standard of Chromium came along and at least gave a standard for us to rally around.
And
that's what's really helping the industry. That's what's going to move the enterprise browser market forward is that standardization. So the reason that's important is the end users, it just looks like Chrome to them.
They won't even know. There's no training. It just looks like a regular browser. Yeah, you can download a browser from the app store or whatever and run it. This is what people do. So now it looks and feels the same. So the user experience can be actually improved where you can start to think about, Hey, there's all these workflows constantly happening.
That is the same repetitive task for somebody that's doing ICD 10 coding. What if we were to pre populate some of those fields for those folks? So there's less errors. There's things that can be done. If you don't just think of it the old way of we can cut and paste once, why are we doing that? What if you can have a whole palette of ways to integrate that data and workflow move faster, help the end user, instead of worrying about like a millisecond on the latency of the cloud or whatever, what if we could just make up minutes?
Or hours by streamlining a process and just having it present for that user. So these are the types of themes that you're going to start to see where it's rethinking that user experience.
It's a problem that I know I've seen over and over again.
And it's just the challenge with change in healthcare, just not that change, but the change management process in healthcare, and that we get really good at something, and that's the way all the problems have to be solved, we're going to keep doing it this way, like you said, trying to figure out how to adapt that thing that I know how to do really well to my new problem, instead of taking a step back and saying, if I could do anything I want, How would I do this?
That's a conversation that is starting to happen now around internet browsers. Yeah,
Even in that mind bending sort of portion of the conversation, it's, imagine it's an enterprise browser, but it doesn't have an address bar. That would be weird.
There's no bro, but it doesn't need it. We're just, you just bring together the applications in this workspace environment, and it's the interface to the information for the people you want to have it. And for the people you don't want to have it, they will not be able to. So it's not really, it is a browser.
It, by all standards, it runs, it works like browser, but the implications of it are very far reaching.
So this is wrapped into the business kind of
part of the conversation. Okay. And the workflows really track, like, how does business move, right? And we've had to adapt our workflows to what the application vendor says, right?
That's hard. That's really hard for the, especially in the clinical space, right? So what if we were able to adapt all those applications without touching their code, but instead how it's presented? What does that look like? That last mile right here on this, the piece of glass.
Yeah.
Where that happens, as opposed to changing a bunch of systems.
You just change how they see it, what they see. It's the same info. It's just some people, they don't get it all. Some people get more. So it's just whole new way of doing it. But the funny part is it's simple cause it's just a browser. So that's why Gartner and you're seeing the whole industry starting to really pop up about, Ooh, this enterprise browser things need.
So from the user perspective, there's nothing new to learn because they use browsers. We use browsers all the time.
Yeah, that's it. Then there's some implications there. What is going to be your policy for, Hey, if you want to do business with us, or you're working here. Then this is the, how you're going to do it, but you can have variants in that space.
So you can either nudge people over to, Hey, this is the way we're going to work together. And then when, just like the Zoom link popped up when you were inside of an invite, that's a Chromium based application. That's a Zoom is. So, in the same way, you could just make this thing pop up. So does Zoom look like a browser to you?
Yeah, I get it. You see what I'm saying? So it like brings it home for you. What if we could say, we don't want our critical data out, so we're just going to remove the share screen button. We just won't let that user have that.
Yeah.
You can't post to X on our
screen. No, whatever.
All those things. Yeah. But even beyond just like cut, paste, screenshot, take a picture of it.
You embed QR codes right in the watermark. There's all kinds of ways to control those that are in the enterprise browsers now. But in particular, what if you could actually change. What the user interface is for the person on the application so that they can't get themselves into trouble. A lot of it is people making mistakes.
Yeah, and honest
mistakes. Trying to get the work done.
So they accidentally are talking with a case manager about something and they accidentally Popped up some PHI on a Zoom session. Eek, right? You can control that in, in this newer
paradigm. That's interesting. I'm looking forward to talking to you more about this.
I know we have some other programming coming up to dig in bit deeper. So I appreciate that. Just out of curiosity. You guys have your regular kind of concert tour of stuff that you're doing. Are there any place that you're going that you want to mention? You're going to be at RSA? You're going to be at other places?
Yeah,
so even soon I'll be at Black Hat. Our whole team will be there. I also have some other Folks on my team that are healthcare specific and dealing with some of the really cool new integrations to different thin client type of mentality and different things. So we'll be with blackout with that. I've got multiple H ISAC kind of events coming up, maybe even like a two to nine event in my future pretty soon.
So yeah, those will be the things that I'll be taking part in. and then as we roll towards next year, then the typical VIVE and HIMSS of the world. But no, I'm excited to get out there and I'm excited to see you. So
yeah. It's good. It'll be good to see you too. I think I'll be a black hat too for a day.
So maybe I can cross paths with you while I'm there.
We got to do it. Yeah, sounds good.
Hey, thanks for being a guest today. Really appreciate your insight on the stories. You can, where can folks find you if they want to go take a look at Island?
Yeah, it's so it's island. io is our website, but it's cool is, and I don't know if it's today, but it's literally was either Friday or today, but we have an island.
io Slash healthcare, or it's actually might be like a solution slash healthcare. I'll find out. But if you go to the Island site, you can actually find a healthcare related page. You've got a bunch of use case information in there and ways to work together. So yeah, and then I'm just john. k at island.
io. So if you'd like to hit me up.
Okay. Hey, thanks, John. I'll see you really soon, probably in Vegas.
Okay. Sounds good. All right. Thanks for having me. It was really fun. Appreciate it.
Thanks for tuning in to Unhack the News. And while this show keeps you updated on the biggest stories, we also try to provide some context and even opinions on the latest developments. And now there's another way for you to stay ahead. Subscribe to our Daily Insights email. What you'll get is expertly curated health IT news straight to your inbox, ensuring you never miss a beat.
Sign up at thisweekhealth. com slash news. I'm your host, Rex DeFord. Thanks for spending some time with me today. And that's it for Unhack the News.
As always, stay a little paranoid, and I'll see you around campus.