Field Report: The Cleveland Clinic with CISO Vugar Zeynalov
Episode 22615th April 2020 • This Week Health: Conference • This Week Health
00:00:00 00:16:43

Share Episode

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Welcome to This Week in Health IT News, where we look at the news which will impact health IT. This is another field report where we talk to the leaders from health systems on the front lines. My name is Bill Russell, healthcare CIO coach and creator of This Week in Health IT, a set of podcasts, videos, and collaboration events.

Dedicated to developing the next generation of health leaders. As you know, we stepped up production over the last three weeks and Sirius Healthcare has stepped up to sponsor and support This Week in Health IT. I want to thank them for sharing our passion to capture and share the experience, stories, and wisdom of the industry during this crisis.

Today, Drex DeFord conducts the field report for This Week in Health IT. Special thanks to Drex for helping us cover more ground during this time. If your system would like to participate in a field report, please shoot me a note. And, uh, easiest way to do that is by email bill at thisweekinhealthIT. com.

Now, on to today's report. Hello, everyone, and thanks for joining us. Uh, it's This Week in Health IT. I'm Drex de Voord, CI Security's Chief Healthcare Strategist and President at Drexio Innovation Network. And today, uh, we welcome, uh, Vugar Zainalov. How'd I do? Excellent. All right, excellent. Excellent. Vugar is the CISO of Cleveland Clinic, and thanks for being with us today, Vugar.

I know it's super busy, and you've just got a lot of crazy stuff going on, but I really appreciate you being here. Thank you. Thank you for having me, Drex. Can you start by telling me a little bit about Cleveland Clinic and your team there, and how you work, and how things have sort of generally been going during the...

during the past few weeks. Sure. So Cleveland Clinic is one of the most impressive and well recognized brands in healthcare worldwide. Sixty six thousand employees, we call everybody caregivers. Facilities in Northeastern Ohio, Florida, Canada, uh, Nevada, and we have facilities in Middle East. and London. So it's a global institution.

Frankly, I've been, I joined the Cleveland Clinic about three years ago. It's going to be three years and a week from now. And it's a very humbling experience because you get to work with the best of the best in the world. Very humble. Wow. Very cool. I love the, how you call everyone caregivers. That's, that's brilliant.

I mean, it really, because very often, you know, I think in IT and in the, uh, information security areas, um, sometimes we feel separated. And I think the reality is great care cannot be delivered without our teams and the work that we do now. I agree. Prior to joining the clinic, I was with the government financials.

Payers and Pharma, but this experience has been a career changing experience for me since I came in We lived through some Challenging times and I took my entire team to every facility we had and we went through a journey of the patients From admission to discharge. And when you experience that, when you see that, that, and these days it's, uh, it's amplified, that, that level of heroism and that, that heart that our caregivers and nurses and, and, and our clinicians put into everything they do, that's a life changing experience.

And even as a cyber professional. I questioned every common practice I had in my mind in lieu of common sense in order to, uh, kind of join that movement and help them help our caregivers to have that frictionless experience to have, um, the best of the best technology they can use for the advancement of our care delivery.

That's terrific. I mean, there's nothing like going to the place where the work is happening. to understand how you're helping or how you're hindering the delivery of great care to patients and families. Thanks for sharing that. I think that's, that's awesome. Pulling your whole team around to do that's pretty impressive.

Um, so, what are you seeing with regard to threat activity during the pandemic? A lot of stuff happening out there? Well, unsurprisingly, uh, cyber criminals, both foreign and domestics, are trying to take advantage of the global pandemic situation as they never let any crisis go to waste. And then we see a lot of fake COVID themed phishing emails, phones, and text messages.

that are being used to lure victims to visit, like, websites with payment scams and malicious software, exploiting that human trait, such as concern and curiosity. And every industry has seen an increase in threat activity, but healthcare is the primary target right now. In various sectors, they seek healthcare professionals.

that are exhaustible physically and emotionally. And they also see health IT systems that are changing overnight to accommodate these new working styles. And then people who are continuously searching for the latest information, so any threat masquerading as a trusted source, like World Health Organization or CDC, has a huge pool to fish in.

Well, to that end, uh, by the Cleveland Clinic communication team has done an excellent job by curating news and information. So I encourage everybody to check out, check out Twitter feed and newsrooms, uh, as they're putting out that reliable information about the virus and our response, as well as.

valuable information about taking care of yourself, uh, physically and mentally while at home. Great. Good, trusted information. You're right. There's so many channels right now that you can tune into and so many of them are not giving you the truth or they're They're guiding you in the wrong direction. So I love that Cleveland's doing that.

Really cool. Now one of the questions I was going to ask you about was, um, I'm seeing a lot of articles being written right now that say that the bad guys and their bad guy consortiums around cyber security, uh, have sort of agreed to Not attack healthcare systems, and if they accidentally, something happens to a healthcare system, to give them the keys to the ransomware or whatever for free, given all of the stress that's going on in the healthcare system right now.

You know, I have a skeptical side to this, and a hopeful side to this, and I'd like to hear kind of what's really happening. Are you seeing that out there? I've read that. I've read that, but the reality on the ground doesn't support it. Frankly, we've seen a significant increase in number of COVID related threats.

And, uh, perhaps some of these nefarious actors, they lay down their weapons, but that's, that might be a minority. Uh, in reality, we're, we're, we're seeing completely opposite. Yeah. Uh, one of the other things I wanted to ask you about was kind of given the incredible amount of activity that we have going on right now and standing up new units and connecting to field hospitals and everything else that's going on.

There's always the challenge of how do you have good security and at the same time respond Uh, quickly and effectively, uh, to the requirements that you're given. How, how do you guys do that, Cleveland Clinic? You're right. We're living through one of the greatest experiments in remote work and virtual health.

I mean, the number of virtual visits at Cleveland Clinic increased 26 times. Yes. And then the capacity of our remote access infrastructure increased five times in just a matter of a few days. Um, And so right now cybersecurity is kind of embedded into a larger, impressively orchestrated response at the Cleveland Clinic.

Mm-Hmm. . And then there's a coordination and dedication from the caregivers is impressive, uh, and humbling to witness. So, um, one of the, uh. focus areas for us and the part we play is making sure that, uh, the caregivers have the same experience in these temporary hospitals and the surge sites. We're standing up this, uh, we're transforming our health education campus into what we call a hope hospital.

It's a thousand bed hospital. So we want to make sure that our caregivers have the same protection, same access, and everywhere they go they can have frictionless Experience so they can focus on care delivery. Amazing. Very good. So in that same context, I'll ask you another question. That's kind of something that's come up pretty recently.

Have you seen any Flex or trying to think of probably the right way to talk about this. Privacy is always a concern. Have you seen any lessening of our adherence to privacy issues during the pandemic?

Do we seem as worried about it as we we let up some? Well, I mean, I think it's well known that the Department of Health and Human Services, Bye. Thank you. Thank you. And then they talk about that they're going to postpone the enforcement of some of the privacy settings. That said, um, I think from our standpoint, we...

We're trying to, even in this time of, um, um, urgency, trying to make sure that we conduct whatever we need to conduct on behalf of our patients and the caregivers with utmost velocity. To that end, we're actually an agile shop, um, and any type of cybersecurity engagement. It used to be sequential. Now we're doing it as a multidisciplinary team.

So we're bringing almost a tiger team together and we're doing everything in a rapid succession so we can deliver the outcomes faster, but we get maintain the quality. How, who, who's in the tiger team? How does, how does that work? That's very interesting to me that you're, um, you actually get the buy in on the front end of everything that you're doing.

Right, so from that multidisciplinary team, there are cyber professionals from, from GRC, like third party risk assessments, to cybersecurity architects that help not only to do the due diligence, but talk about integration into our platforms, as well as our vulnerability management. And then we have multidisciplinary team from cyber, and we engage Folks from application development, infrastructure, and everybody comes together in, and then the vendors chime in as well in rapid succession.

So things that used to take weeks now taking quickly days. Wow, very cool. I have, there's so many things that have been pressed into service recently too, like, um, well, I mean, Zoom, there's been a lot written about Zoom. sort of recently, but, you know, personal devices, all of those kinds of, as we've rushed into this, uh, telemedicine, work from home world, do you have some best practices you'd recommend to folks who are listening or watching?

We welcome any tool or service provided that can help us better serve our community and caregivers. The challenge is that many of these technologies, they're not designed for heavily regulated industries such as healthcare and have some security concerns. Now, I believe that the right approach is to work with the solution providers and bring them into healthcare space and explain the operational challenges of the healthcare environment.

Um, how it worked, what worked, uh, what we saw before. Um, and if you're asking about some kind of basic framework, I will talk about like three things. Um, especially for technologies like virtual, virtual health. First is... Establishing that connection and authentication is critical. Just like caregivers confirm a patient when they walk into a room, we need to make sure we confirm the patient and the caregiver and clinician, um, and make sure they are who they say they are when they joining meetings remotely and then maintaining that connection.

We're called end to end encryption to ensure patient privacy. And then finally, when that connection is dissolved to make sure that there's no PHR left on the vendor systems. Now, given the opportunity, all these providers, they welcome. This type of, uh, help because for them, it's an opportunity to get into a space with a high, high barrier.

Um, and then for us, it's ultimately improves experience and safety. Yeah, I think that's exactly right. Coaching as much as you can. And, um, using the analogies that you're using to like the patient care experience to help them understand, uh, The end to end connectivity and the introduction piece is a very smart way to approach this.

Thanks for sharing that. I probably have another million questions, but I know you're super busy. Is there anything that I haven't asked you about that I should have asked you about that you want to talk to the listeners and the viewers about? Well, you know, um, it's interesting. Until recently, cyber risks were preeminent, like an existential threat to healthcare organizations.

And not a day would pass where you see, um, headlines about transformer and exploits and mega breaches. We have received enormous support from our clinicians. Uh, as we implement like sweeping changes to combat these risks, but now this is a global health crisis that stress tests every aspect of our health care systems and Obviously cyber risks don't go away, but I believe cyber leaders.

They have a new role to play because as professionals We need to work on the background diligently to make sure that we provide the safe telehealth and media conferencing platform for our patients, so they can communicate with the providers and stay connected with their loved ones. And then for our clinicians, deliver that frictionless experience, that trusted and resilient digital platform, so they can focus on care and research.

And then most importantly, collaborate within an industry. And that's why I welcome this opportunity so much. Share threat intelligence, share best practices, so we can leverage each other's strengths to better protect our communities. Yeah, thanks. I couldn't agree with you more. I mean, part of the reason we're doing these reports from the field, Bill and I, um, are to facilitate that crosstalk and conversation of, we've figured something out over here, so you don't have to.

Uh, we're, we're approaching this issue in this way. Maybe that gives you some background to start with. Uh, that's, that, that kind of crosstalk and collaboration we've always been great at in healthcare. And, you know, we're just trying to help, uh, help make that, that continue. Thank you. Thank you for the work you do.

We really appreciate it. Oh, sure. Thank you so much. And thanks for taking time to, uh, to see us. I really do appreciate it, Vugar. Uh, um, it's, uh, it's been a great conversation. I hope we can, uh, cross paths live and in person sometime very soon. Absolutely. Looking forward, looking forward to meeting you in person.

Thanks. Stay safe. Stay well. You too. That's all for this show. Special thanks to our channel sponsors, VMware, Starbridge Advisors, Galen Healthcare. HealthLyrics and ProTalent Advisors for choosing to invest in developing the next generation of health leaders. If you want to support the fastest growing podcast in the health IT space, the best way to do that is to share it with a peer.

Send an email, DM, whatever you do. You can also follow us on social media, uh, you know, subscribe to our YouTube channel. There's a lot of different ways you can support us, but sharing with peers is the best. Uh, please check back often as we will be dropping many more shows, uh, until we flatten the curve across the country.

Thanks for listening. That's all for now.

Chapters