This Week Health

Don't forget to subscribe!

October 9, 2024: Kerri Gallagher, President and COO of First Health Advisory, dives deep into leadership, culture, and the challenges of cyber resilience in healthcare. Kerri shares her insights on the critical traits she looks for in new hires, balancing technical skills with the ability to collaborate effectively. As healthcare entities face growing cyber threats, how should organizations prepare to mitigate risk? Last, Kerri discusses the importance of being proactive, from comprehensive assessments to prioritizing actions for cybersecurity resilience. 

Key Points:

  • 01:09 Building a Culture of Excellence
  • 06:04 Cyber Resilient Digital Health
  • 11:56 Beyond the Next Too
  • 15:28 Engaging with First Health Advisory

Subscribe: This Week Health

Twitter: This Week Health

LinkedIn: Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[00:00:00] This episode is brought to you by First Health Advisory. Health IT leaders strengthen and streamline your healthcare system with First Health Advisory. They offer comprehensive cyber risk management, governance and security optimization, and strategic advisory services to enhance patient safety and bolster cyber resilience.

Their expert solutions ensure compliance and boost operational efficiency. Visit ThisWeekHealth. com slash First Health Advisory today and elevate your cyber strategy with First Health Advisory.

Kerri Gallagher: Everyone's under the gun.

We get that. Everyone's got metrics to meet. stakeholders to report to. We want to be by you in those boardrooms, making sure that you have what you need to feel confident to present and that we've got your back.

Bill Russell: My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare one connection at a time.

Now, let's jump right into the [00:01:00] episode.

(Main) it's an interview in action and today we're joined by Kerri Gallagher with First Health Advisory, President and COO. Keri, welcome to the show.

Kerri Gallagher: Thank you so much, Bill. I'm excited to be here and connect with you today.

Bill Russell: Yeah, I'm looking forward to the conversation. You've been at First Health Advisory.

You spent 10 years with First Health and directly supported the growth and trajectory , for each of the subsequent years. What drives you as a leader? And how's your vision shaped your approach to developing teams, strategy, culture? It's a big question. It's like the world and all is within it, but how do you cultivate a culture of excellence and teamwork at First South?

Kerri Gallagher: I think the key to cultivating really good culture at a company and encouraging teamwork is really focusing on the people that work for you, that are in front of the clients every day, making sure that they have what they need to feel supported. We are now in an age where at any given time you're available through your cell phone at [00:02:00] work.

And so ensuring that our associates here feel supported, valued, and also have. The opportunity to grow and learn here at the company is absolutely imperative, and that's really what drives me as a leader. I want to make sure that all of our associates feel seen, heard, and valued here so that as they're out there representing us and responsible for some pretty big, hefty deliverables that are outlined in our statements of work with some of the best healthcare entities on this planet, we want to make sure that those individuals have what they need to be able to succeed.

So that's really what drives me as a leader here at First Health.

Bill Russell: Are there common traits or focus areas you look for when bringing on new associates or leaders?

Kerri Gallagher: Bill, absolutely. There's two things that I'm always looking for. The first one is technical proficiencies. We are in an age where People can go about getting the knowledge they need to serve [00:03:00] cybersecurity healthcare entities in a variety of ways.

You can follow the more traditional route by going to a four year school, maybe getting a master's degree, or you can do the bootstrap method where You're learning hands on biomed activity because you're working at a hospital and then you're getting some certifications that align with that technical skill and development.

But the biggest thing that I'm looking for is the technical prowess and understanding some of the state of the art information that's out there that our clients expect us to know. We need to be the subject matter experts. So one of the biggest things I'm looking for when we are recruiting talent and even retaining our own individuals here is making sure from a technical standpoint and an education standpoint, that they have what they need to best approach our clients.

And then utilize that knowledge as well to help mentor some of the greener individuals on the team. That drive for self education. I'm not worried [00:04:00] whether or not you go to a four year school or if you have the necessary certifications. I just want you to be the best me within your cybersecurity niche so that you can be operating the best you can for our clients and for your own internal teammates.

The second thing that I'm always going to be looking for Is how do you collaborate? Collaboration is absolutely imperative because here in the healthcare IT space, it is a very big sandbox and you need to play nicely with everybody. You also need to be able to learn from the individuals that whether they're on a different team or coming from the vendor side of the house, having that collaborative attitude and approach is absolutely imperative so that you can take that.

From across business units within our company, as well as different departments you're going to be working with in healthcare IT, because biomed might not always talk to IT. So being able to collaborate as the client's [00:05:00] SME here at First Health Advisory, you might be able to. Speak both languages really well and bridge that gap.

So the collaboration portion is just as important as the it proficiencies that I look

Bill Russell: for. So do you hire the person first and the skills second. And we hear that all the time, but there's a certain amount if you're doing consulting work if you're coming alongside these people, there's an expectation of skills as well.

So how do you balance those two things?

Kerri Gallagher: It's a delicate balance and I love that you asked that question because the greatest thing about First Health Advisory is we can hire people first and we can train them up because we already have the greatest technical SMEs out there that can help align individuals with what they don't know yet.

We already have individuals that have 10 years of consultative experience under his or her belt. So I'm not worried about bringing someone in who might be a little bit greener. because we already have the team built around them to ensure that they're going to succeed with just some of those mentoring [00:06:00] opportunities, shadowing opportunities, and cross department shadowing opportunities that's going to help that person grow.

I think that's really important. We need to make sure that we're growing from within, and if we see something in somebody that they want to learn, they want to grow, We are happy to bring them on board and we know that we can train them up so that they can eventually be that technical SME and be able to talk to some senior stakeholders at a client site.

They might not be able to do that from day one, but that's why we're here so that we can help mentor and guide them along the way.

Bill Russell: FirstHealth recently rebranded for further thought leadership on Cyber Resilient Digital Health. What is that about?

Kerri Gallagher: Yeah, Cyber Resilient Digital Health. That's essentially saying from the entire ecosystem at a healthcare level, You need to be cyber resilient.

We're not just talking about network. We're not just talking about internet of medical things. We're talking about behaviors. We're talking about ensuring [00:07:00] that patients lives and safeties are protected. So when we're thinking about true cyber resilience, you're doing everything you can to make sure that if there is a breach.

You are ready to go because you've already done the tabletop exercises, you've already got your plan of action in place, you've already done the crown jewel assessments or analysis, which is a great tool to be able to do for any health care level, and ensuring that From a 30, 000 foot view, everybody is constantly thinking about cyber first, because ultimately, that is going to affect patient lives and patient safety.

Bill Russell: Yeah, has that conversation changed recently? We've had so many ransomware events, so much in healthcare. I would assume that's top of mind. What kind of conversations are your clients approaching you with?

Kerri Gallagher: I think if anything, the conversations have just been amplified, right? It's now people are starting to get ahead of it.

I think for a while, the rural hospitals were [00:08:00] like, we're too small, nobody cares about us. But now that game has changed. If anything, they're the most vulnerable because bad actors out there know they don't have the dollars. From large healthcare entities. They're starting to lean into it and ask us more about, okay, what are some prevention things that we can be focused on?

What are some policy and procedures that we can start rewriting and working and implementing now that are like low cost, low investment, but massive impact? Doing those analysis and even the enterprise risk assessments, that's really where people are coming into us and talking to us so that. We can just start opening the door, we can come in, we bring our team, we do the assessments, we do the report out, and essentially now we can partner with our clients on all of the action items that need to come next.

I think the scariest thing is realizing that You're never going to be 100 percent safe. It doesn't exist, but you do have to invest in the [00:09:00] assessments to at least get a baseline standpoint as to where you are, and then you have a partner that can help take you to the places you need to be to ensure that.

Not only is network, your data, everything is as safe as it possibly can be. And that's the scariest part, is not only getting the report back to you, but knowing that whether you are the largest entity in the country or a small rural hospital in Illinois, there's always going to be some problems.

Pretty big action items that are going to come out of those reports and assessments. But the best thing is, you now have a partner to help walk you through what you need to do next. And most importantly, just prioritize. I think that's the biggest thing. It's just, you realize that there are certain areas of how the healthcare system might be running that is just unsafe, not up to par.

HCP is not in alignment with how you're running things, but knowing that you can prioritize things and you've got a partner to walk with you, [00:10:00] I think that helps calm the fears that a lot of leaders have out there right now.

Bill Russell: It's interesting. I was talking to a leader yesterday and we were just discussing how far have we come.

And it wasn't a comforting conversation. At one point he said, yeah, at one point he said to me, he goes, they're not hacking in, they're logging in still.

Kerri Gallagher: Yeah.

Bill Russell: was a great conversation because he started to talk about.

How they've changed their emphasis to detection and limiting the blast radius. He also talked about how much work they're putting in terms of resiliency and recovery, especially in the recovery side. They're like, we now have a plan for if there is a complete outage. What's it going to take to rebuild?

And I said how long is that going to take you? He's we're still measuring it in weeks. It's not where we would like it to be. that still the state of healthcare? We still have a long way to go.

Kerri Gallagher: Yeah, absolutely. I wish I could sit here and say, no we're on the up and up.

The thing is we're getting bigger, faster, [00:11:00] stronger. But so are the bad actors out there. And so the most important thing is that when we're thinking about cyber resilient digital health, it's just that it's always changing. It's always evolving. We always need to try to be one step ahead of what might be coming down the pike.

And as long as you are Meeting with your cyber teams and different departments and everybody does have an incident response plan in place or knows what needs to be done should there be a breach or a ransomware attack. That is true cyber resilient digital health. It's always top of mind, regardless of what department you're in.

Like you said, people are logging in now. Someone might have credentials for someone who's working in maintenance, right? Or facilities maintenance. Like it's not, it is not just limited to an IT, a biomed, or even the clinical care team. So when we think about that cyber resilient digital health, it really does run the gamut of the entire [00:12:00] ecosystem for healthcare.

And so as long as you are, Meeting monthly with your department leads and weekly with some of the senior leadership team members. It's got to be a trickle down effect that everybody is constantly thinking about cyber health, cyber security, and overall cyber hygiene. It has to be top of mind for everybody.

Bill Russell: so there are CIOs, I think that suffer from a disease. I'm going to call the disease like tool disease. If we just, if we could just afford that one tool, we would be, but I hear you talking about process, transparency, education baselining. I hear you talking about all these things.

I haven't really heard you talk about specific tools as much as and cybersecurity, it would appear to me, from your perspective, is much more than a toolset.

Kerri Gallagher: Much more than a toolset. That's why here at First Health, we're always talking about the fact that we're vendor agnostic and tool agnostic because The tool is only as good as how much you invest [00:13:00] people, time, and energy into it to be able to best utilize it and optimize it, right?

You can give Bryce Harper a wiffle ball bat and he's going to still go yard, all right? It's it's really not about the tool. It's about the person and the people and the processes behind the tool help driving it to ensure that you're reaching and looking for certain metrics of security.

Whatever your secure appetite might be. So it's more about whatever tool you buy. And this goes back to, there are some healthcare entities out there that have a massive budget to invest in all the tools and all the things, but some rural hospitals who don't have those big wallets, if they invest in a tool that may not have the big name brand recognition as some of the big five out there.

If they have the right people that are utilizing that tool, looking at the dashboard metrics and being able to assist with the ME machine learning that tool is based on, or some of the AI techniques that are built into them, they can [00:14:00] be just as effective and just as secure as some of the larger healthcare entities out there that have the biggest and deepest wallets.

Bill Russell: Yeah that's a huge message to get across The other thing I will say is. I remember interviewing one of the health systems that was breached. And it was a great interview because they shared a ton of, Hey, this is what we went through and this is what it was like. But when he was talking about their implementation of one of the tools, they had misconfigured it across the entire enterprise.

And it's one thing to be able to buy the tool. It's another thing to. Know how to use the tool. You could give me that wiffle ball that I'm not going to hit any major league pitcher.

Kerri Gallagher: know, Bill you hit the nail on the head with that. I think that's why it's so important that when you do buy a certain tool, you are partnered with the best advisory firm out there to ensure that the implementation goes smoothly and you can do that hand holding with the team.

So that when the tool is implemented and it's up and running, you have that cross [00:15:00] knowledge and that knowledge transfer from a company like mine that understands what you need to get out of it. And when we step away, your team will be left being able to utilize that tool to the best of its ability and actually.

have workable, manageable, consumable data that individuals are going to be able to report up to senior leadership and say, Hey, because we have this tool, XYZ was uncovered. We found an MRI machine that wasn't properly networked. Or segmented properly. And it was a massive risk and we were able to identify and pull it down off the network or at least segment it properly.

So again, it's just ensuring that whatever tool you are investing in, you have the right people that understand how to implement it and use it, and if you don't, in your dollar will go so far investing in the right advisory firm to ensure that cyber resilient digital health is met.

Thank you. through these tools that you're investing in.

Bill Russell: How do people engage FIRST [00:16:00] Health? Where do they find more information? How do they engage with you?

Kerri Gallagher: Oh my gosh, great question. So we're always going to be at the top industry events that are going on. So that's first and foremost, if you want to see us face to face, you can always reach out to our marketing and communications team that's led by Jessica Davis and David Finn.

And just to understand what we do and what we offer. Our classic website and LinkedIn. We have a massive presence on LinkedIn. There are constantly webinars that we are focused on for educating, not only just some of the individuals in healthcare IT that are working. A lot of analysts find our webinars really thought provoking and educational, but it also gives anybody that would like to partner with us insight as to what we do from an enterprise As well as clinical and operational. So those would probably be the key places. See us in person at all the major events. And then of course our LinkedIn and our website as well. Firsthealthadvisory. com.

Bill Russell: Firsthealthadvisory. com. Awesome. [00:17:00] And if they can't get ahold of anybody, Carrie Gallagher, you can find her on the website and on LinkedIn as well and reach out there what's the conversation.

If you were just having their first conversation with somebody. What's the discussion you want to have with them?

Kerri Gallagher: I want to hear what they need help with. Where do you feel like your gaps are? Where do you feel like. You've got some key initiatives that you need to meet from a cyber security standpoint, and you don't know where to start.

That's where we want to come in. When you don't know where to start, bring us in, and we can help at least get a plan in place together, help you prioritize, and that would be our goal. We want to hear where your gaps are. And how we can get you forward and meet some of those KPIs. Everyone's under the gun.

We get that. Everyone's got metrics to meet. You've got stakeholders to report to. We want to be by you in those boardrooms, making sure that you have what you need to feel confident to present and that we've got your back.

Bill Russell: Fantastic. [00:18:00] Carrie, thanks for your time today. Really appreciate it.

Kerri Gallagher: Thank you, Bill. Appreciate it.

Bill Russell: Thanks for listening . If you found value, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. it if you could do that. Thanks for listening. That's all for now..

Contributors

Thank You to Our Show Partners

Our Shows

Related Content

1 2 3 290
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved