This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

All right. Another interview in action from the Chime fall forum, and today we're joined with Chuck Christensen Franciscan Alliance cio.

Good morning. How's things going?

Going well. Good. Going well. How about you?

How's the conference been?

Conference has been good. Glad

uh, you know,

I, I had the pleasure of being one of the first hundred 92 charter members and.

I think I'm one of the few still working. Most everybody else has,

uh,

has hit the bricks and retired, which is a really good thing. Maybe one of days I will.

But you like doing it. It looks like you like working

Well, unlike there, she said from the stage yesterday when she got CIO over the year that she has a problem of saying no.

That's what this is, is that you can't say no. Well, it's, it's a great organization, so,

uh,

I had the privilege. John Glasser and a whole bunch of other ones being my mentors as we all kind of grew up in a healthcare, CIO seat,

John Glasser's gonna be on stage this morning.

And I, joked with somebody yesterday, I'm like, have you been in the industry for any period of time? Everybody has a John Glasser seat. Oh yeah, absolutely. And it, it is generally along that lines of he comes alongside you and you go, John, I'm struggling with, and he goes, yep. There's always some funny story, anecdotal story, and.

And the point of that story is, and you go, yeah, yeah,

no, that's right.

Well, I mean, really the thing for me was, but through , the relationship of this organization when I would, we're all trying to solve the same problems, literally in the, 30 years ago in healthcare, challenges are a little bit different today.

But, we're all trying to solve the same, same issues. I mean, you and I, as we were walking to breakfast this morning, we were talking about work day, right? And the erp and some of the challenges. On the payer side is just , as challenging. But if you can find somebody who has already paved that ground, then it makes it so much easier.

So we actually all stood on the shoulders of giants because, today I had the answer to somebody's question and tomorrow somebody has the answer to mine. And that was the, that's the whole thing about the relationships that were created by this organization.

And have, have you taught the bootcamp?

I have. I taught it for seven.

All right, let's

talk about the next generation. Okay. Cuz you and I both have enough gray hair that we should be,

well, I've got less than gray hair. Most mine's flesh colored right now. So,

what is the next generation of CIO going to have to have in terms of skills, abilities temperament to be successful?

I'll give you a good six seg answer. It depends depends on the health system or it depends on the health system. We have a tendency to look at health systems through the eyes of Cleveland Clinic, Mayo, Sutter Health, and all the big ones. But there is still, a lot of community hospitals like the one I kind of grew up in, in southern Indiana, that have the same challenges, but they don't have the resources.

And so, if you're in a large health system like I am today I'm the CTO there and the challenges on the CIO are more of a. Of a nature of trying to figure out strategy, working with the other senior leaders. They truly are hurting cats. Trying to, find that right, that blend and mixture of relationship and stuff where if you're in a smaller organization, it could be a one or two hospital, is that you're gonna have to wear a lot of hats.

And so there's, you have to skill up for that. Being able to sit and, Fixing to wire up a new network, or you're building a new physician practice or anb you're gonna be right in the mix of it. Where if you're a senior vice president of a large health system, you got people to do that.

Right. And I'm kind of one of those people to do that. Charles does not get involved with some of the, day to day operational stuff. , and that's okay. I mean, that's his job is to be more strategic. So , my advice to those that have aspirations is ones go to. It is because there are a couple different things that you find out there.

Do I really want that job? ? I mean, and we say that as are used to, it's been three or four years since I've talked, but is that part of it is understanding if they truly want to, step up and learn the skills that are required to do that. And one of the things that I think are very important, that people think that you need all these technical skills to be a CIO that.

But being a subject matter expert is not required , in my humble opinion, is if you can create the relationships inside the organization, if you have the people skills to build a good team. Right. And I have a John Glasser story. I won't tell it because it would be, it's not that it's inappropriate, I'll just let John tell it.

It's, it's his story to tell,

it's his story to tell. But it was how he built the team at partners to do the things that they did while he was there. They had a relat. That he said was just phenomenal. And I think that that's what we have to be. If you're gonna be successful, and particularly in larger organizations, you have to build those communities of people that you trust and that trust you.

And so I think that's the, key for the next younger generation.

Well, some of that aspect is people think it's a technology job and it's technology adjacent. Yeah. It's a leadership job. It's a communications job. It's. It's a project job. It's a project management job. It's a marketing job.

It's a marketing job. I, yeah, it's, it's amazing how little technology you called it hands on, but I'm the architecture's done by the architect. Yep. And the, security automation is done by the security automation team, and it almost doesn't matter. I mean, I guess if you get down below a billion, the CIO could be a little bit more Yeah.

Techy. But if you're at a billion, that's generally the, , or maybe a little bit more, but that's generally the point at which it becomes a leadership job.

Yep. Well, and the thing about it is when I talk about marketing is that you know what the solutions are and you're working with the other senior leaders, and you're, and I hate to use the word selling, but when you're talking about a 20, 30, 40 million investment you're trying to convince some people, you know,

We're owned by , a Catholic Franciscan Order of Sisters.

Well, I mean they want their mission to take care of patients. We all do that cuz most of us that are there, we connect with that, mission. But you know, when you're asking them to spend that kind of money and it's not necessarily related, it is adjacent to care but it's some of the infrastructure stuff we need to.

In order to allow us to provide that care that it's not brick and mortar. It's a, a marketing campaign.

So have you presented when the sisters are in the room and they start asking you questions

and grilling you?

No. Not Charles gets to do that. I meet with the sisters.

I've had the pleasure. They invite a certain number of leaders up to the convent convent's up in mis. , it is, you know, and bill, I dunno if you know,

but I'm Orating clergy in the Episcopal Church. didn't, , I'm retired. I was a

vocational deacon for 20 years. And so I'm, it was very humbling to be around those ladies who devoted their life to, moving forward with that mission of caring for people.

And they're very passionate about it. And the other thing that really impressed me about the Sisters is, They're called the order of perpetual adoration. There are two sisters in the chapel, 24 hours a day, 365 days a year, praying for,

you know,

we as

employees can ask them to do anything. We,

you know, you know,

any prayer and I have on many occasions.

And so it's an interesting organization to, kind of be within that mission of that org of those folks.

When I came in, I went to work for St. Joseph Health. Mm-hmm. , sisters of St. Joseph. And I remember presenting and you come to the realization very quickly that this is a mission.

Yeah. Because they start asking you questions and you say, well, here's what we're gonna do on the technology side, whatever. And then they say, tell us about how you're gonna help before and vulnerable. I'm. Mm-hmm. . Wow. Yeah, that's an interesting question. And no other industry, are you getting that question?

No, absolutely not. And it really does make you think what are some of the priorities that you guys are focusing on right now?

Well, I mean, we're like all of the healthcare systems, our revenues and stuff didn't necessarily bounce back like everybody thought they would. And so we're looking at, I was in a, a focus group yesterday and we talked about, how do you slim down?

How do you cut cost and. Taking a very serious look at that.

You know,

We're a three plus billion organization. The budget I manage is larger than the entire budget of the first hospital I worked in. So it's kind of interesting about how, to take care of that. And so, the other thing is how do we engage our patients differently?

Because some of the populations that we serve are

you know,

we have several critical access hospitals and stuff. A lot of our patient populations are medic. And Medicare. So our payer mix is not fabulous. Like you, a larger healthcare organization should be to maintain a healthy bottom line because,

you know,

they say no margin, no mission.

And so I think it's the, from a technology standpoint I'm trying to predict what the future's gonna hold. We've, added a lot in the almost four years I've been there. We've added a lot to the stack. I've replaced the phone system throughout the enter. Almost done.

End of December. I'll be finished

outta curiosity. How old were your phones when you finally replaced 'em?

We had seven different PBXs, both Nortel and Avaya. Nortel and, yeah. And so they were, they were beyond we had a third party maintaining 'em because the vendors long ago abandoned those platforms.

And so,

uh,

it's taken me three years to get that done. We're also designing a new zero trust. And putting the parts in for that. One of the things I found I have a good partner in my peer who's a ciso. And I been in that position along with other things at smaller organizations and, you have to use technology as, as a security barrier as well as all the policies and controls and that kind of stuff.

And. We're working on that to make that organization more secure. And that's the thing that keep myself and Jay up at night is I'm afraid that it's not a matter of if it's a matter of when. Right. And so how do we reduce the, power of that attack?

The CISO role has been really interesting to watch.

Yeah. Cuz it used to be they were over here, they sort of did their, are we compliant? Are we,

you know,

is the technology in place? And more and more, Escalating and, we had a meeting with some CISOs a couple weeks ago, and they're presenting to boards now. Yeah. I mean, they're, they're leading

that charge.

Well, when we got, a couple hospitals, we had Eskenazi Johnson Memorial and a few others that got hit with ransomware. Yeah. That got the sister's attention. And . They started asking the very difficult questions and of course they ask him of Charles at a senior leadership meeting and they trickle down to, us, which is fine.

Yep. And so we went and put together a presentation about what are we doing to stop as much of that kind of activity at, at the The issue is, by the time they let you know that they're. They've been there for a long time. And so that's,

they're getting in with valid credentials.

Yeah. And then they, and then they sit there, so they don't, they don't want to tip their hand. Yeah. And they make sure it's like, okay, we have the escalated privileges, we're ready to move. And by the time they're ready to move, they're ready to, it's already too late. Yeah. I mean, it's like within an hour.

Yeah. You,

well, I mean, I think that's the things,

you know,

lock for J and some of the other ones. They go in and spend time getting those elevated credentials. And they, they're good techniques because if you, you think about our organization, I've got 96 to 98,000 connected devices. Well, every one of those is a potential vector of getting into the, to the network.

The question is, do we have enough tools to identify them when they show up and then clean 'em The other thing is do we have all the tools available to ensure that they don't get in and get those elevated credentials? I mean, , we've put a bunch of stuff in place that drives my system admins and, server storage team.

They, cause they have to go ask and check out privileges, right? And they only get it for a short period of time and they say, well this is just insane. I'm going, no. I said, what's insane? Having everybody having admin riots. And then when something happens, we're spending days, weeks cleaning up the mess. I said, so it may be a little inconvenience, we'll get used to it.

And, and we are airing. One of the CISOs at the meeting said they have automation software. And I said, when they detect something going on at a workstation, they shut it down immediately. Yep. And immediately one of the other sisters goes, what about the false positives? He said, They were, their community connect partner was completely ransome out for 30 days.

He said after that event, we said, Hey, here's what we'd like to do. And everyone said, absolutely. Yeah, because we just saw what happened over there and we don't want that to happen.

Well, and we're, doing some of the same things. We put in some software that most healthcare systems don't know what's actually connected to their network, particularly all the medical devices and that kind of stuff.

So we put some software in that interrogates the packets as it as it goes by it sits on the network span ports, it sees everything. And it doesn't gather the data, but what it does, it reads the headers and knows the equipment that's sending it, and then it learns what the patterns of communication is.

And so,

if you got a CT scanner sitting out here, what is he gonna talk to? Well, it's gonna probably talk to your order management system and the. Anything else other than those two things, or maybe three. They may be sending to a VNA or something like that. It's, and then all of a sudden it starts trying to talk to an IP address and that you've got geo blocked, something's going wrong.

And so, you can set the rules up so you can with our big firewalls that you can just shut that port down. Yeah. And be done with it. And the other thing too is we've got some segmentation based upon our regions. We have. If we see something happen at that, location, we'll shut it down. And the thought is I'd rather block off that region and lose it for an hour until we find out, is this a real attack or if it's a false positive than lose the entire enterprise.

Which, it always takes at least three weeks to clean up the mass.

We could probably talk for another, I know we could hour cause I. I'll tell you one of the larger health systems, I remember when I came in, we started flattening the network to make it easier Yeah. For administration. I know. And then the security, we, had an internal audit and they came back to us and said, don't do that.

Do the opposite. Yeah. I'm like, well, that'll increase the complexities, like Yes. For you and for them.

Well, even some of our cloud journey stuff we're, micro segmenting inside the cloud using some of the tools. Our cloud vendors have, but we're also adding another layer of that as well because if it's difficult for us to navigate, it's gonna be difficult for the others to navigate too.

And if, we can, it's, it's kinda like, I'm sure you've heard the story about the lady who was afraid of ghost and she built a house with doorways that went nowhere. Same thing. And then we've got honey pots in various locations of the organization. And if they get in there, they may be able to mess it up, but they will know very quickly that they're, that they.

Chuck, first time on the show. Thank you.

Okay man. Thanks very much. Very much appreciate it.

Another great interview. I wanna thank everybody who spent time with us at the conferences. I love hearing from people on the front lines and it is Phenomen. That they have taken the time to share their wisdom and experience with the community, which is greatly appreciated. We also want to thank our channel sponsors one more time, who invest in our mission to develop the next generation of health leaders. They are Olive, Rubrik, trx, Mitigate, and F5. Thanks for listening. That's all for now.