Vikrant Arora, VP & CISO at Hospital for Special Surgery stops by to discuss the evolution of AI and ML making patient care better and the effects of cyber stress and burnout. Hope you enjoy.
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today we have another interview in action from the conferences that just happened down here in Miami and Orlando. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week health instead set of channels dedicated to keeping health it staff current and engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders, Gordian dynamics, Quill health tau site nuance, Canaan, medical, and current health.
Check them out at this week. health.com/today. Here we go. All right, here we are in interview and action. We, , did not get to do all the interviews that we wanted to do on the floor. And, , I'm finally catching up with, , Vikrant Aurora from hospital for special surgery. Thick. Welcome. Welcome to the show.
Thank you, bell. Hey, yeah, sorry. We didn't get to catch up. You were, , you were down at the HIMSS conference. There was there, there was a lot, a lot going on. So you, first of all, what'd you think of it? What'd you think of the conference?
I think the conference was very well structured. It did focus on items that are top of mind for a lot of healthcare executives.
And, I saw an evolution from using just the buzzwords of AI and ML to make patient care better and fix healthcare, , view actually saw some meat on the bones this time around.
Yeah. And that's, you know, that's one of the things that. I noticed as well. I saw some AI models that were being used by some health systems.
And I was actually kind of encouraged by the progress we're making to improve outcomes and to really improve the efficiency of, , of clinicians. You did you get to sit in the cybersecurity, , track that they had the day before the hymns county?
Yeah. It conflicted with the same with the executive tracks where I did half of the executive track and half cybersecurity track.
Well, hopefully you got the best, best of both tracks. What were they talking about at the at the cybersecurity track? What was the topic of conversation? Was I assume it's, it's finding good talent and the state of readiness that's going on, but what, what, what were the topics that you picked up on.
So the two things that I picked up on and that resonated the most with me, one was a positive thing. And the other was negative. I was start with the negative first, for lack of better words. It's the cyber stress and burnout that doesn't get talked about very frequently. And in my experience, it stems from two things.out the law for the vendor of:
And the other pieces are shortage of cyber. So these two items when combined lead to a lot of uncertainty, which in general causes stress. So I think I was, I was happy to hear that they were talking about it and I think, , more conversation needs to happen around that. And the positive thing that I took, , from the track was around, , cyber being used as an enabler for consumerism and digital transformation, all the.
Almost 10 years, as long as I've been a CSO, I've been trying to align cyber with the business. But I think the, the it's, the trend is reversing. The business needs to now along align with cyber because a customer cannot love an app that he or she cannot trust. And the only way you can build a trustworthy app is through an investment in cyber.
So I think. Reversing of trend was quite encouraging to see.
Yeah, that's really interesting, , digital bringing cyber alongside because we all, we all want the, the, the, , benefits that digital, that digital is going to bring to us that convenience factor and it's and all those other things. But in order to do that, first of all, I trust your hospital, right?
I mean, it's not foundations already said. But, you know, every breach or every incident that happens sort of chips away at that, at that trust. And so it is so important to put that, that foundation in place. I will say this, I talked to a handful of, of, , CSOs and I, I saw a couple of them that I didn't interview.
They look tired. Now you came on this call and you sounded so upbeat and excited. I was, I was kind of taken aback, but, , what, what can we do for our cyber professionals? It feels like we've been on a state of alert for the last. I don't know, it feels like two years and it, it, I'm not sure. I see the end in sight.
What, what can we do to keep our staff, , encouraged, energized and focused?
That's a loaded question. The reason. The way you described this because we just resumed our return to office just from last week. So it's a pleasant change of scenery. I'm back to seeing all my colleagues, things seem a little bit more normal than the past two years.
So I guess that explains why I look a little bit different from the rest of the folks. And, , but jokes apart, I think. From a cyber standpoint. That's what I tell them. First and foremost, there needs to be a lot of empathy for all the cybersecurity professionals. They are being held accountable for, , breaches and incidents.
When sometimes the teams are understaffed, the risks are not addressed in a timely manner. So trying to understand. And go a long way. It is an organizational function. It's not the function of the cybersecurity team, but specifically speaking. , I encourage my team and that's the philosophy. We follow that hospital for special surgery.
Continue to focus on cyber hygiene. I mean, if we start looking for a silver bullet every time there's a crisis, there is no. And you will feel like you're just spinning bills, but doubling down on cyber hygiene and building a program that is based on just two things, business, business objectives, and risks specific to your business, and then continuing on that bath rather than changing course, every time there's a news out there and it may or may not impact you. So those are the things I would say.
So you're, you're back to work in New York. , w w are you back full time then, or have you guys gone to a hybrid model of some kind?
We have a hybrid model.
Okay. And cause it's, it's, that's a, that's a big topic right now for a lot of different health systems, but in, , , in New York city, especially because, you know, without workers going into New York city, a lot of that.
, a lot of the, , other businesses that, that live in New York city ended up dying off the restaurants, the dry cleaning, they, all those things, if, if people aren't coming in coming to work. So there's that, that catch 22. , are you seeing more people on the streets of New York, more of the businesses coming back?
I think it has been, , picking up, , every week, there is slightly more people in the city, in the offices, and that has been going on ever since, , the fears from Omicron, , vanished for lack of better words. So we've seen a linear increase at least have seen more people in the subways, more in the buses, more across the bridge.
it's back to being almost as busy as it was before the pandemic. Not fully. So that's my benchmark of how much we have returned to normal, but it's
happening. Well, let me ask you this as a closing question, which is the, , cyber talent, the war for cyber. If people are wondering that when I have a CSOs on the, on the, on the show, , as a CIO, I had an internal auditor and the internal auditor wouldn't let me talk about security with anyone, or at least the specifics of our security.
So people who are tuning in are like, why don't you ask them about this specific of their security, because I know you're not allowed to talk about it anyway. So we'll, we'll stick with, stick with, , some of the things we can talk about. , you're, you're going to have to hide. My guess is you're going to have to hire over the next year or so, , talent for, , the cybersecurity space.
And there's, there's different levels of talent. Obviously you need some high level people who really understand it. , but what I'm hearing is a lot of people hiring and up-skilling, you know, they're hiring people from different, , domains within the it world and they're upskilling. That talent is, is that a, a strategy that you guys are looking at?
And if you're looking at that strategy, what does it look like to upskill people? How do you bring them up to speed very quickly?
So I'm glad you asked that question because we went through that. How do we address the cyber skills shortage? And we came up with four specific things. The first one. Using as much managed service as possible for level one level, two tasks, a lot of organizations are now offering.
Coupled with people and processes to solve basic or provide basic cybersecurity services. So there's no point hiring people to do level one level, two tasks. So that's one strategy. Again, it all has to be done on a spectrum. It's not like you can hire managed service for everything, but wherever possible, that's one, the second.
Automation and orchestration, but the advances in interoperability, automation, programming, and digital interfaces and APIs technologies previously, wouldn't talk to each other because of competitive and trust. But now that things have changed on cybersecurity technologies to some degree, it's like the EMR space as well, that now talk to each other.
Not very happily, but they do, but take advantage of automation and orchestration to reduce the amount of work for your workforce. The third is finding. Within the organization somewhat along with, to your point that hiring somebody and training them up because somebody on the inside, as long as they bring the right attitude, they also bring with them, , the business knowledge, the organizational knowledge and culture is something that we hold very dear to our heart.
So if I can find somebody who's culturally in tune with the organization, that's a big bin already. So hiring somebody from within the organization and then having. , a clear program for them to get basic certifications, such as CSSP or shadowing, a senior engineer would be the third thing. And the last thing is creating an intern pipeline.
We have a technology has been turned on its head with cloud and, , digital transformations. , we have a lot more need for programmers and developers than we had in the past. Everything is being sold, , as a service there's nobody's buying. Hardware servers anymore. They're all going to cloud and it's server less.
And it's all in code, which means the foundational people. You need a programmers, and if you can find good programmers and train them on cyber, , you kind of kill two birds with one stone. They're more aligned with the business objectives for the digital transformation, and that they've been trained on cyber.
They can prove to be an asset and they don't have to learn a lot of legacy technology that we're moving away from. On-prem so I know it was a lot of things, but those four are approaches we are taking, no,
that was gold. I'm going to, I'm going to clip that and that's going to be what I share with people.
That's that was that. That's a, that's a phenomenal answer. Fuck. I want to thank you for your time. And these are our short interviews. We'll have to do something a little longer later, but, , appreciate, , appreciate you taking the time to, , to spend.
Definitely appreciate the opportunity.
Another great interview. I want to thank everybody who spent time with us at the conferences. It is phenomenal that you shared your wisdom and your experience with the community, and it is greatly appreciated. We also want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, accordion dynamics, Quill health tau site nuance, Canon medical, and current health.
Check them out at this week. health.com/today. Thanks for listening. That's all for now.