Today in health.
Speaker:It, this story is the second item of our top of mind issues for healthcare CEOs.
Speaker:Cybersecurity.
Speaker:My name is bill Russell.
Speaker:I'm a former CIO for a 16 hospital system and creator of this week in health.
Speaker:It.
Speaker:A channel dedicated to keeping health it staff current and engaged.
Speaker:Just quick reminder, this time.
Speaker:Very quick.
Speaker:We have four shows for next year, this week health news to stay current.
Speaker:This week health conference for keynote interviews and emerging products.
Speaker:This week health community, where we hear from you about interesting solutions
Speaker:to the problems facing healthcare from the people who are solving them.
Speaker:And finally this week health academy, where you can go or send people to learn
Speaker:about the intersection of technology and healthcare, you can sign up at this week.
Speaker:health.com/shows.
Speaker:All right.
Speaker:We said, we're going to run through this week.
Speaker:The top five.
Speaker:Top of mind issues.
Speaker:For CEO's from the conferences I was at recently doing interviews
Speaker:and having conversations.
Speaker:Those were labor, cyber, digital automation, and caravan use we'll cover
Speaker:the next three over the next three days.
Speaker:We covered labor yesterday.
Speaker:And went into detail on the battle for staff and retention.
Speaker:Today's cybersecurity.
Speaker:2020.
Speaker:Or 2021, take your pick.
Speaker:It's hard to really determine where this actually happened, but let's just
Speaker:say over the last 24 months, It felt like a scene from the garden of Eden.
Speaker:We ate the apple and we found out we were naked exposed at
Speaker:risk healthcare is vulnerable.
Speaker:There were warnings clearly before that there was one a cry.
Speaker:Was a wake up call, but it wasn't until hospitals started being held hostage.
Speaker:And being taken offline for days that we started to realize that there was
Speaker:more involved here than a slight ding to our reputation or a small fine.
Speaker:I'm not saying that it wasn't aware of the risk before, but we couldn't
Speaker:sell it at most of the health systems.
Speaker:The events of the past 24 months gave us credibility.
Speaker:In our claims that the sky actually was falling.
Speaker:No longer was the, Cisco.
Speaker:. Chicken little
Speaker:the worst had actually come to pass and we were right.
Speaker:But you know what?
Speaker:It's not that great being right systems went down sometimes for weeks at a time.
Speaker:And sometimes with data loss that will never be recovered.
Speaker:There was at least one incident that claimed that a cyber
Speaker:event had caused a death.
Speaker:Again, not that neat being right.
Speaker:So what now you don't want me to recount all the incidents, Skylake
Speaker:scripts and countless others that may not have been as prominent.
Speaker:I've told you that I would cover these by putting my CIO hat back on.
Speaker:And telling you how I would be approaching this challenge today.
Speaker:If I were in the chair.
Speaker:Let me start by saying this.
Speaker:There is no one size fits all solution here.
Speaker:My listeners come from health systems with thousands of it,
Speaker:staff to Jess, 20 it staff.
Speaker:These call for different tactics, different investments, and AMC
Speaker:may have risks that a single hospital CIO may not have.
Speaker:So let's explore some of the common things before I explore
Speaker:some of the distinct challenges.
Speaker:All right.
Speaker:I think the approach I would take right now is we are under attack.
Speaker:At all times we are under attack.
Speaker:That is our posture.
Speaker:And that is what I would take from this day forward.
Speaker:Every day being treated as we're under attack.
Speaker:Let's have our standup calls.
Speaker:Let's have all those procedures in place.
Speaker:Where we are treating it.
Speaker:Like we are under attack today.
Speaker:Do we have our defenses in place?
Speaker:Do we know what's going on?
Speaker:Which brings me to my second item here, which is, I would know the threats.
Speaker:No who's after the information that you have know who's going to benefit the most
Speaker:from shutting down your health system.
Speaker:No.
Speaker:The tactics that they're using stay current on their approaches and how they
Speaker:are infiltrating systems like yours.
Speaker:The third thing is assess your defense.
Speaker:So really assess them.
Speaker:You have to be honest at this point.
Speaker:One of the things that I found over the years is that people will say
Speaker:things like we're all vulnerable.
Speaker:That's great.
Speaker:And that all may be true, but at the end of the day, you have to
Speaker:honestly assess your defenses.
Speaker:And I'm going to come back to this in a little bit.
Speaker:And talk about what you do with that honest assessment.
Speaker:But at this point, Really look at it.
Speaker:Ask yourself, the question, are we vulnerable?
Speaker:Don't just say well, everyone's like this.
Speaker:No.
Speaker:How vulnerable are you?
Speaker:How prepared are you?
Speaker:And you have to have that assessment done.
Speaker:And it has to be honest, if you need a third-party to do
Speaker:it, which in most cases we do.
Speaker:Have that done by the third party?
Speaker:Number four assume they are already in your network.
Speaker:And at that point, Understand your ability to identify their
Speaker:movements from within your network.
Speaker:Assume they're in because they probably are.
Speaker:Already in your network and understand that this capability
Speaker:of identifying what they're doing.
Speaker:And how they're moving within your network is a must have moving forward.
Speaker:The next thing I would say is assume you will be completely ransomed at
Speaker:some point and plan accordingly.
Speaker:All right.
Speaker:So there's enough information out there.
Speaker:We do a great webinar.
Speaker:With the people from sky lakes, the CIO was kind enough to come on and
Speaker:share his experience in some detail.
Speaker:So if you want to know what it's going to feel like.
Speaker:He shares what it feels like.
Speaker:And what goes on in those first couple of minutes of the cyber
Speaker:attack as you're watching systems just shut down one after another.
Speaker:Not being able to gain access to your systems and having to rely
Speaker:on vendors that you previously had worked with, but they're part of your
Speaker:cybersecurity insurance contract.
Speaker:And so they come in and actually ask you to step away from
Speaker:the keyboard while they do
Speaker:they're forensics on the event itself.
Speaker:If you have that information assume you're going to be ransomed.
Speaker:What is your plan to come back online?
Speaker:What is your plan?
Speaker:Are you going to pay the ransom?
Speaker:Are you not going to pay the ransom?
Speaker:Are you going to start a recovery?
Speaker:Do you have the systems in place?
Speaker:Have you air gapped your backups?
Speaker:Is it enough to air guy, your backups?
Speaker:Do you have immutable backups?
Speaker:It's a, is it enough to have immutable backups?
Speaker:What, what is going to work and what is not going to work.
Speaker:But plan accordingly, you're going to get ransomed plan accordingly.
Speaker:That's how I would be thinking about it right now as a CIO.
Speaker:All right, let's move on.
Speaker:So from the point of an honest assessment plan, your investments wisely.
Speaker:Acknowledge what you can and cannot do well.
Speaker:And I'm going to get to this in a little bit, but the smaller
Speaker:health systems, there's an awful lot of things you cannot do well.
Speaker:And you're going to want to look outside your four walls for some
Speaker:help, and who's going to help you.
Speaker:Today to prepare for an event and in the future, if you actually have
Speaker:an event so acknowledge what you can and cannot do well and go find help.
Speaker:Second thing is be open and honest with the executive team.
Speaker:And the board went asked.
Speaker:Hide nothing from the leadership.
Speaker:You don't want to be found, hiding important information from those that
Speaker:could have made a difference that can make the investments to shore
Speaker:up your foundation in your system.
Speaker:I wouldn't want to be that CIO.
Speaker:Who's trying to explain.
Speaker:Why they did not have an honest assessment or why they withheld any
Speaker:information about that environment?
Speaker:Honest open here's where we're at.
Speaker:The executive team needs to be brought into the loop.
Speaker:The governance team needs to be brought into the loop.
Speaker:So that they can determine what the risk is to the organization
Speaker:and what needs to happen.
Speaker:So that's table stakes.
Speaker:I assume everyone knows that.
Speaker:I just wanted to say it again out loud.
Speaker:And then the next thing is ask for help, seek help, be open to help.
Speaker:This is not the kind of thing.
Speaker:That every health system is going to have the resources and the wherewithal.
Speaker:We need to utilize the resources that are out there.
Speaker:That are designed to help us and designed.
Speaker:To bring us together as a community to fight this.
Speaker:This threat.
Speaker:All right.
Speaker:The next thing I would say is planted complete strategy.
Speaker:I remember standing at a conference, listening to CISOs share.
Speaker:And person after person talked about their education program.
Speaker:And while I was impressed with the programs they had
Speaker:developed, I couldn't help.
Speaker:But to think how unsophisticated the approach was to cybersecurity.
Speaker:You have to prevent, detect, remediate and recover.
Speaker:And that's not even a complete list of the things that need to
Speaker:be discussed and planned for.
Speaker:My point being you can't have a single threaded approach to cybersecurity.
Speaker:It needs to be multifaceted.
Speaker:You need a technology layer, you need a people and education layer.
Speaker:You need a remediation layer, you need a recovery layer.
Speaker:You need all those things in place.
Speaker:If you are going to be able to be effective in the world
Speaker:that we currently live in.
Speaker:All right, let me get moving here.
Speaker:I'm running out of time.
Speaker:So next thing I would say is no, what your contracts say?
Speaker:It's interesting.
Speaker:How many times this came up in conversations, post breach event?
Speaker:I didn't realize what my BAA agreement actually called for.
Speaker:I didn't realize what my cybersecurity policy gave power.
Speaker:During an incident to others and called for me to utilize
Speaker:companies, I wasn't familiar with.
Speaker:We didn't have an agreement that protected us from an incident
Speaker:at our community connect site.
Speaker:It's things like that, know what your contracts say?
Speaker:Those are just a few stream of consciousness.
Speaker:Thoughts . Let me address some of the specifics for smaller players.
Speaker:You can't do this on your own.
Speaker:You have to find the right partners that can help you to
Speaker:build a sustainable program.
Speaker:You can't do it with one cyber person and an engineer.
Speaker:It's not even remotely possible line up the players that can
Speaker:help you get them lined up today.
Speaker:Prior to an event.
Speaker:For an AMC, you have to be aware that nation states want the
Speaker:information that your research teams are working on nation states.
Speaker:You know, the ones.
Speaker:The, the ones I'm talking about, the ones with well-funded armies of cyber
Speaker:specialists, the tactics are varied.
Speaker:And while a traditional phishing attack may not work in this
Speaker:case, they have other ways.
Speaker:And in those cases, you have to be tracking the motion of critical
Speaker:information around your network.
Speaker:You have to have complete visibility into the motion of your
Speaker:critical data assets at all times.
Speaker:This is going to serve you well, since attacks are no longer just
Speaker:being initiated from afar, disgruntled employees are now offered money
Speaker:to get back at their employers.
Speaker:Place this code on your network and we will take care of the
Speaker:rest ransomware as a service.
Speaker:Oh.
Speaker:And by the way, if we successfully ransom your organization, we will
Speaker:give you a cut of the cryptocurrency.
Speaker:You have to track the movement of the data.
Speaker:In order to do that, you have to have a very accurate data inventory as well.
Speaker:All right.
Speaker:As I said this is going to be exhausted.
Speaker:I just wanted to share a few thoughts.
Speaker:This is top of mind for CEOs and it should be, it should have been
Speaker:for CEOs and it should have been.
Speaker:Probably for at least the last decade.
Speaker:Now we know.
Speaker:So let's try to make 20, 22, a transformative year in this area.
Speaker:All right.
Speaker:That's all for today.
Speaker:If you know someone that might benefit from our channel,
Speaker:please forward them a note.
Speaker:They can subscribe on our website this week out.com or wherever you
Speaker:listen to podcasts, apple, Google, overcast, Spotify, Stitcher.
Speaker:You get the picture.
Speaker:We want to thank our channel sponsors who are investing in our mission to develop
Speaker:the next generation of health leaders.
Speaker:VMware Hill-Rom Starbridge advisors, McAfee and Aruba networks.
Speaker:Thanks for listening.