May 9, 2022: Drex DeFord, Executive Healthcare Strategist at CrowdStrike and Lee Milligan, CIO for Asante Health join Bill for the news. Saint Louis University Hospital nurses target administration in no-confidence vote. UnityPoint Health opens $38.4M hospital. WHO says Elon Musk has a “huge responsibility” to fight health misinformation on Twitter. In 2020 we saw a historical $14.9B invested into digital health companies. In 2021, those investments made history again, nearly doubling 2020’s record. Is this Hype or Bubble?
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today on This Week Health.
I think smaller hospital systems are just trying to survive. I don't think they're trying to innovate and transform healthcare. I think some academic medical centers have done some really good, innovative stuff, and many of them have stood up innovation centers, incubator funds, et cetera. I think some good ideas have rolled out of that. I don't think any of them are going to be transformational to the system. This will sound a little bit heretical, but I'm going to say it anyways. I think transformation is going to happen outside of healthcare. I think it's going to be folks on the outside, looking in, who are able to accomplish what we accomplish for less cost and better outcomes and more efficient and a better experience for the end user.
📍 📍 It's Newsday. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, 📍 a channel dedicated to keeping health IT staff current and engaged. Special thanks to CrowdStrike, Proofpoint, Clearsense, MEDITECH, Cedars-Sinai Accelerator, Talkdesk and DrFirst who are our Newsday show sponsors for investing in our mission to develop the next generation of health 📍 leaders.
All it's news day and today, since I am recovering from COVID, I don't have as many words as I usually do. I've called in the reinforcements. And Dr. Lee Milligan has joined us as well as Drex DeFord. And I can't think of a more fun group. But here's what I'm going to do.
I'm just going to tee up the stories today and you guys are going to go back and forth. I'm going to try to keep my opinions to myself so that I don't have to use all my words. Welcome back to the show. Thank you.
Glad to be here.
All right. We do have some interesting w we're going to talk Twitter. We're going to talk some cybersecurity. Anytime Drex is in the house. We'll talk the, health tech bubble a little bit, but I wanted to start with the nurse shortage that's going on. And the story I'm going to reference is I think a proxy into what's going on across the country. And that is St. Louis university hospital. Nurses targeted administration in a no confidence vote. And one of the things they note in there is that they've given the administration lots of strategies and ideas, and they don't feel like they're implementing them. And one of the things they note specifically is that there's a significant number of openings for nurses at the hospital.
And that number has not gone down in a signal. Period of time. And they don't have confidence that the administration is doing what they need on that nursing front. And I'm using it as a proxy. I, based on the conversations I'm having, I feel like this is a, common theme. I guess the question I will tee up to you guys is what strategies are we seeing done out there and what, is the mood amongst the nurses and the clinicians at this point to initiate any it projects? Lee, we'll start with you. You're you're sitting in the chair right now,
so it's a great question to ask. I think in general, the nursing staff are exhausted. There emotionally spent because of what they've just gone through, but they're also, in many cases they're exhausted from change from different change that's happened. So this, this is a real problem. And I think in some ways it's either the number one or number two risk to each healthcare organization across the country because the numbers are staggering. And if you look at the, expense for traveling nurses compared to FTE nurses, it can be four times the expense. And if you look at the number of nurses necessary to run a health system, you times that increased, enhanced, hourly rate times that number of individuals, and you can break a health system very quickly.
And so this is a real problem. The number one problem, I think for many health system across the country, in terms of the solution. No, we haven't implemented everything. We, need to moving forward. We're working on a plan, but I, in my mind, I'm kind of breaking it up into three main components. The first of course is we have to shorten that Delta between what we need and what we have by virtue of hiring more FTE nurses. And that. includes Doing things that we haven't done before, or haven't done in a long time. So for example, many new nurses coming out of school, they need practical solutions to their work-life balance. So childcare. We used to have childcare here at a Asante And that was taken away about 10 years ago, 15 years ago.
And that was a really beneficial thing for our organization, not just for nursing staff, but for others as well. know, Right think about housing housing prices is really high in our area, surprisingly. And so are we going to be work with our community leaders to be able to do. Add more space for folks.
So we need to work on that whole hiring component, It's not just about the dollars per hour, it's really about enhancing that whole experience of living here and working here. But then the other piece I think, needs to be looked at in addition is our workflows. So we need to really pick apart our workflows to identify which pieces can be done or have to be done by a RN and which pieces are appropriate for a different level of credentialing. And I don't know that we've fully pulled that apart, but I think it's an important element to look at. And then lastly, technology, of course, is there a way to. Leverage technology to pull things off. The plates of nursing staff, our current ratios are set at their normal historical workflows, which includes tons of documentation, manual documentation.
If there are ways to pull that off their plate, that could really be helpful. The other piece that's huge of course, is patient. sitting So frequently across America, when somebody gets admitted to the hospital, sometimes they need to have a nurse sitting there with them while they're hospitalized. Maybe there are fall risks, maybe there's suicidality and some places have instituted Tele-sitting.
So that's really where you have one person who can look at 17 different individuals and communicate effectively with nursing staff. If there's something that happens, plus there's two way audio as well. So there are technological solutions that I think can bring to bear good solutions for this issue, but it's on a case by case basis.
Yeah. I mean, I couldn't agree more. Look, I'm married to an ICU nurse. And so I hear the stories. Every day they are super burned out. They're burned out on the emotional toll that COVID. Taken on them. And the sort of general purpose feeling that the world doesn't care about us because they're not doing the things that they should do to try to keep people from getting into the hospital, which creates another whole sort of set of emotional pressures on them.
And then, like you said, there is a lot of change and and unfortunately it's not a thing where we can help them. Say well, since we have, we don't have enough nurses, we're going to turn down the number of patients that we bring in. Right? There's no management. I mean, there's no real way to manage that. If people are sick, they're coming to the hospital, they're getting admitted. Nurses are going to have to take care of them who would like to figure out how to have ratios that that make sense. But unfortunately I think in a lot of cases, ratios are right. Hi. And as Lee sort of says the, ability to find and hire traveler nurses, sometimes who kind of, there's always a learning curve for them, too.
Right? So even adding resources creates an additional burden for the existing nurses to help get those folks up to speed. And running. I love the idea of sitting, right. I think it stored healthcare when I was a CIO there. This has been several years ago now, but we had tele sitting program, which which made a lot of sense and, and allowed us to sort of take things off nurses plates.
The other thing I was kind of thinking about the other day, I went to see my doc, my doc had a scribe working with them and I'm wondering. There isn't li I'd like to kind of hear your thoughts about this. Is there some version of like a nurse scribe or something that could take some of that load off nurses so that they could actually focus more on doing what they do and not the documentation.
Yeah. I, there, there are solutions that are coming out in this space. Exactly. In fact, I, I believe, I don't know if I could mention individual companies here, but
you can mention whoever you'd like.
Is doing this, this element right now. And they're ramping it up pretty effectively. And they've looked at the data to determine that a large percentage of nursing workflow has to do with documentation and not a surprise, something like 30%.
And so they're looking at pulling that off their play. Of course, there's a lot of regulatory and compliance issues associated with that that have to be addressed. I did want to go back to something you said about traveler nurses. In addition to the cost associated with this, the quality initiatives the previously had been at the heart of a lot of these hospital systems they're taking. They're taking a big hit because in order to have effective quality program, you have to have a team that knows one another that understands what the actual workflows and expectations are. When people come in from outside, they may not know those things and they may not be trained that way. And so I can tell you, our system has taken a hit on that.
Yeah, those policies and procedures that are kind of written and built in become cultural sort of norms of the way that we do things. And then a new person comes in and this is the way they were trained to do it at the last place they were at. That's how they do it, but it flies in the face of some of the, some of the real major quality initiatives that have,
let me ask you the exit question here, which is as an it leader. there's a potential to create a death spiral here, which is to fix the financial problem instead of fixing the underlying worker satisfaction problem. First, we saw this in the steel industry. We see this play out in history over, over time. There probably a huge appetite in the boardroom for helping the financial challenges cause there's financial challenges going on with the increased wages and those kinds of things. But the reality is you almost have to take care of the staff first because there's no margin. There's no margin for that staff to take on a, a new system-wide project and those kinds of things. How do you, a it leader, how do you approach. Drex we'll, we'll start with you.
Sure. Yeah. I mean I'm a big Toyota production guy. I have been for years and years and a lot of us gets into the asking five why's and what's really the problem. And I haven't really done that, but my initial thinking around that is exactly what you said. If you get to the staff, especially as the it team, as you get to the nursing staff. And you ask a lot of those questions and you figure out where the biggest irritants are, and then you try to figure out and collaboration, how do you do what are the projects we should do? And how should we prioritize them to help take pressure off those nurses in a way that is the least disruptive to the care that they provide to patients and families. And I think if we sort of think about it like that, understand what they're up against. Ask a lot of questions. A lot of this isn't necessarily technology solutions. I mean, heard us talk about like sitting in scribes and things like that. There are people process parts of this people process technology cycle that we, we really, I mean, listening just becomes critically important in all of this to make sure that we're hitting on the right mark.
One of the things that we're doing here that we haven't done as a system really ever is we're establishing senior leader rounding. And to address this point, really understanding where frontline staff are at, I think it was, I can't remember who it was that said the, the initial goal of a leader I'm paraphrasing here is to establish reality what's current state let's really understand that on a deep level. And then from that, let's try to improve on that. And I feel like it's unfortunate that it took this series of events to get to this point, but it's the right thing to do. And so we're starting that right now. It's actually very complex because we're having each corporate leader, senior, senior leader meet with every department in our entire system. And we're splitting that up. It's a lot of. It's a lot of meetings, but I do think it's important in order to be able to establish what's current state.
📍 📍 We'll get to our show in just a minute. As you've probably heard, we've launched a new show TownHall on our Community channel. This Week Health community. And it airs on Tuesdays and Thursdays. I'll be taking a back seat to some of these people who are on the front lines. TownHall is hosted by an array of talented healthcare leaders who are facing today's challenges head-on. We're going to hear from professionals and their networks on hot button issues, technical deep dives, and the tactical challenges that healthcare faces. We have some great hosts on this. We have Charles Boicey and Angelique Russell, Data Scientist, Craig richard v ille, Lee Milligan, Reid, Stephan, who are all CIOs. We have Jake Lancaster and Brett Oliver who are CMIOs and Matt Sickles, a Cybersecurity first responder. I'd love to have you listen to these episodes. You can subscribe on our Community channel. This Week Health Community, wherever you find and listen to podcasts. Now let's get to the show. 📍 📍
All right. We're going to take advantage of the fact that Lee is here and there's a new building right behind your office that sprung up out of the ground. I talked to you a bunch during the building of this thing. But I, one of the stories is unity point health opens a $38 million hospital. I thought we were going to see a lot less hospitals during the ground.
And then I go to the Scottsdale Institute and talk to two health systems that are popping hospitals into the ground. Big, big buildings. I saw a story about the Walton foundation standing up new facilities in Northwest Arkansas and partnership. With Cleveland clinic and others, I took a drive across from Cincinnati to Columbus.
I saw two significant hospitals going hospital buildings, going to the ground. I thought we were going more ambulatory and we're going in the home, but it seems like we're going in this direction. I don't want to really, really want to talk about the strategy of it. I want to talk about the. What do we have to get, right when doing a new book Drex, did you ever do a new building in your car? For sure. All right. So Lee, this is fresh in your mind. What, what are we doing? Right? What did we get wrong in these things?
Well, first here, to your point about. We're going to have less hospitals or less of these buildings. I file this under the category of the disillusionment of population health. So seven years ago I drank the Kool-Aid that if we got this right, that we wouldn't have as much acute care and therefore we wouldn't need as much of these big buildings in order to accomplish care. And the reality has been exactly the. It's been moving ahead. We're busting at the seams. I was in our ER three times last week once for my son who had influence a, a and I was in there and just lined with patients up and down the hallways.
And this is a community. Regional referral center, very, very busy scenario. And we have to reject patients from the coast and other places because we are so full. So I think this model that was conceived a long time ago has elements that have played out as planned. But there's a lot that hasn't played out as planned.
What I will say about building a building when you're dealing with the architect and the construction folks. They speak a different language. Well, it's still English, but it's very different and they have a different approach to how they, how they get the job done. And so it's really important. I think number one, to establish relationships effectively with these individuals, identify the key players and spend time with them and learn their world.
And what's important to them because ultimately you'll have to connect with them to be able to be effective in the role. The other piece is walk the grounds. I would say one piece of advice, what you see in a two dimensional architectural drawing or emails and discussions around things is often very different from what you perceive when you actually walk through the grounds.
So take advantage of that. Get your hard hat, get to meet those folks and see what's actually happening from an it perspective. There is so much you could do in a new space. My biggest fear on the outset of this was to open a brand new. Old building. And so I wanted to make sure that the technology that was there really met our current needs and some element of our future needs.
So whether it's drop points or ethernet plugs, or they, the capability of our cat fiber, all that stuff has to really meet our current and our future needs. And I'll tell ya, a lot of it was a dog fight because. Right though, the higher up you go on that, the more they want to push back and say, no. The other piece that I think is really, really important is to make sure that you have a healthy contingency despite great planning and thinking through this, there are always things that are going to come up from an it perspective that were unexpected and make sure that you hold onto that contingencies. You can leverage that.
Yeah, totally. Don't don't spend all the money that you have planned for the building, because there will be something that happens. I mean, who knows what it can be, but I definitely have seen every time. There's always contingencies. I wonder if part of the issue too, like if you go in any hospital today, you can tell that there was an original building and then there've been like twenty-five ever tried to do just like wayfinding in a current hospital, it's completely bizarre. And there's places where some floors don't match the next floor section floor, and you have to go uphill or down here, there's all these weird things. So there's a lot of inefficiency built into our existing buildings, which were built for a model of care that isn't necessarily the model of care that we do today.
So some of this is just, I think, There's only so much you can do with the buildings that you have today. And some of them are 40 years old and they don't meet other requirements for earthquakes standards and other things. And so it's just time to build a new building. I, I would also agree with Lee in the idea of walk the space, but I would say walk the space before you build it. Right? So at Seattle children's, when we built one of our buildings there, we actually rented a warehouse downtown and stripped out the inside of the warehouse, brought in some construction workers and actually had them build out, like, what do units look like?
Where are the walls and the doors? Where would the windows be to look into the room? How, what is the nursing station nursing station look like? And then bring staff over to. Run sort of fake partial shifts to in there so that you can actually see how patients flow in the room. How do you get them out to the elevator or to the stairs or all the other parts of this? Because as Lee says, sometimes things do not look well. They look perfectly fine in architecture diagrams and they do not look, they do not work when you when you look at
the things that surprised me was the number of technology to say. The architect and construction companies were making without ever consulting with my team. Was that the case for you?
Yeah, for me, it was, I mean, we had to really early on set a cadence of like I think we started off early with a call every month and then it became sort of a call every couple of weeks. And then we got together literally every week as we got closer and closer and closer to the start of the building. And a lot of that was because of. Things that they would say are fine. Like the square footage of an MDF, the square footage of a data closet was not fine. And so while they had some standard to do that, we had to review all of those opportunities and entrance and exit points for internet broadband connection to the building and secondary entrance and exit points, which they may not have considered or built into the plans. And so there are a lot of things your chief architect, your chief technology officer need to be really involved in these new building constructions, because if you don't get it right back to the contingency dollars, it's super expensive to go back and redo these things.
Yeah, I would just add to that, that I got burned on this for a prior building scenario. So before we started the pavilion, which is adding a lot of space, it's 350,000 square feet, big building, or big addition. We put in place a decision-making framework that basically starts at my manager within infrastructure cause that's the director level. And then myself before the architects are allowed to put it into the finalized drawing. And that's been really huge because we've picked up on a lot of things before ultimately was included. Hey Drex, I was going to say quickly, we did the cheaper version of what you described with the warehouse.
We had just built a new parking structure. And so we basically put in two by fours and drywall. And it said the whole thing, just like that multiple rooms or rooms, regular rooms and practice exactly what you were saying. So I, a hundred percent agree.
It only works. We had places where we put blue tape on the floor, like any existing units to kind of try to show comparisons from old, to new, all those, what feel like kind of stupid techniques really can make a world of difference.
All right. Let's do the tech bubble. So recent article, essentially talking about the the tech bubble global digital health funding falls 36% to a 10.4 billion in Q1 of 2022. And interestingly enough, the people over at Providence wrote an article. Sarah Viasi who took Aaron Martin's role. title is called dig this hype or bubble. Let me just give you a little bit of the thing at the end. How much and why health systems care about this various, depending on their vantage point, the digital health boom has given consumers a taste of what is possible, regardless of the headwinds. Many digital health companies are facing health systems must catch up given the evolution in consumer and clinician expectations. The on-demand. Technology driven life that most consumers have led for over a decade has become the practice practical reality in healthcare in the last two years and consumers, aren't going back.
It's too late to be proactive, but it's not too late to take action. I give you that sentence. I think it's interesting. Anytime I hear somebody talk about. Health tech. I always have to ask myself, what is their perspective and where are they coming from? Keep in mind that Providence is a significant investor in health tech startups.
So they definitely don't want it to be a bubble. So this article, as you would imagine, Talks about the nest necessity for this change is happening. It's going to happen. And it's going to come from this investment that's going on right now? I guess that's my question to you guys. Is this, is this a bubble or is this just a cautionary reaction to the current economy, the current state of our world, and what's going on and, and the Ukraine and other places or is this directly a result of some of the things that are going on in health tech and companies taking a step back and saying, Hey, look, this $3 trillion market isn't getting any better.
So unless the story gets really solid of what part of this $3 trillion market, this company is going to get. We're going to pull back from investing as much in these companies and I'll, I'll I'll end with this, the one other article I read wasn't articles there, there earnings report was Teladoc writing down about $6 billion of the acquisition of Livango. And we all thought that acquisition price for Livango was a little over the top and this writing down sort of short sort of shows that they paid more than let's just call it market value for Lavango and there's a case to be made for doing that. So is this a bubble? Is this caution what's what's going on here at Drexel? We'll give you the first word on this.
So I would say. we definitely go through cycles in this venture investment process game. I'm not exactly sure what to call it, and sometimes it's super crowded and so people they have money and I got to get in and I got to get it right now. I'll pay a premium for it because I don't want to get left out. And so a lot of money comes in. Of the PowerPoint deck ideas are funded and they wind up going nowhere or folks overpay for a, maybe a company that they feel like they need to get their hands on sooner rather than later. And then other things happen in the world.
And folks we retract from that and pull back, I think in the spirit of everything's connected to everything else, right. In the beginning of the pandemic, it looked a lot like. Sure. We're going to be really busy in healthcare systems, but they're going to need a lot of technology now because patients are going to stay away and all those things are gonna happen.
And so there was a lot of investment in that cycle. Now, two years later back to our earlier conversation, nurses are burned out and doctors are burned out and there was a lot of sort of rethinking. The theory that we had about a lot of stuff at the beginning of the pandemic. And I think investors now are starting to take a step back and saying, maybe I ought to let this shake out a little bit before I take another run at it.
So that's kind of my initial thinking on that story. It's not I don't think it's that we're out of ideas. And so there's not any, there's nothing left to invest in. There seems to be a ton of ideas out there. I think it's just where where and how are investors going to place their bets?
Yeah. We're not at a loss for ideas. Are we Lee? What are your thoughts?
I think Drex is spot on. I would just add that. We don't know whether this is a bubble or not yet. It will only know in hindsight whether this was a blip or bubble. And I think it may go back to know, you've heard the term FOMO miss fear of missing out this may in part be a little bit of FL BI fear of being in and so hard to say yet how that's gonna play out.
I do think good ideas are going to exist, but I also think. Going back to the population health discussion and the Lavango scenario Lavango is perfect for population health, right? As long as population health actually works the way it was intended. Right. Is that the idea here is that we identify who's at risk.
We do things to reach out and to prevent that risk and that that enhanced scenario then provides value to the. And to the system that's providing that. And it's been so clunky based on a number of governmental regulations and other aspects of this that has been really hard as a country, in my opinion, to really drive value along these lines.
And so some of these really great ideas work best within a population. Realm and have had difficult to come into fully to fruition. The other piece I think is really important is that despite having good ideas and there are a ton of good ideas out there, there has to be a direct pathway in my opinion, to reimbursement.
And I've seen a lot of good ideas that happen, that don't go all the way, translate all the way operationally and from a financial and a business perspective into how is this reimbursed and why would anybody ever pay for this? And so I think that's the piece that I've seen being missing. Sometimes
at the, conference I was recently at one of the CIO has asked the question, where's disruption going to come from? I'm not going to say where's the shrubs and going to come from. I am going to say where's transformation going to come from. We're a three, $3 trillion industry right now. I hope we're not going to be talking about a $4 trillion industry in three years in a $5 trillion industry in 10 years. Otherwise other things are going to break pretty significantly across the board. So, where does transformation come from? Where do you have all the things you're looking at? You can look at big tech. You can look at new partnerships, you can look at population health models. You could look at government oversight and those kinds of things. Maybe some change there. Where do you think the transformation is going to come from? Lee Lee, we'll start with you.
I think smaller hospital systems are just trying to survive. I don't think they're trying to innovate and transform healthcare. I think they're, trying to keep their nose above the water.
I think some academic medical centers have done some really good, innovative stuff, and many of them have stood up innovation centers, incubator funds, et cetera. I think some good ideas have rolled out. of that I don't think any of them are going to be transformational to the system. This will sound a little bit heretical, but I'm going to say it anyways. I think transformation is going to happen outside of healthcare. I think it's going to be folks on the outside, looking in, who are able to accomplish what we accomplish for less cost and better outcomes and more efficient and a better experience for the end user. To date there's been several attempts to do that, that have failed but they're learning And they're getting better at it. So in my opinion, it's going to happen from outside healthcare.
I think it's not, not just from outside healthcare and it won't be sort of like. One day we wake up and healthcare is transformed. I think that outsiders will find niche-y places where they can transform the service and the care delivery for particular kinds of patients or particular categories of patients. And then that ultimately will wind up being. Man, we lost part of our, the people who does do business with a regular healthcare systems. And so those things will slowly get sliced away from the healthcare delivery model that we have today. I, I if you think of. Kind of what we've done in the last several years, we've undergone a lot of transformation.
If you think about 2008, 2009 ARA, we implemented electronic health records. I mean, they're pretty short period of time. We all implemented electronic health records. Now there were a bunch of unintended consequences that came with that. Not the least of which was we did it really fast. And so we wound up in installing networks and doing a bunch of other stuffs that created cybersecurity exposure.
The bad guys then were super innovative because they figured out how to take advantage of that with ransomware and. And data exfiltration and all of that. So the other part, I mean, this is me selfishly as a cybersecurity guy, kind of talking about this, but the other part of transformation that we have to do is ultimately cybersecurity transformation and making sure that we can protect the investments that we've made, no matter how big or smaller systems are because we're making huge bets.
On, not just the electronic health records that we implemented, but lots and lots of digital health and other business clinical research systems. And we have to protect them because patients are depending on them and we've become incredibly reliant on them to provide modern health care to patients and families today.
So when those systems go down for whatever, the reason, like we really almost have to stop doing business with them. Hours or a day because we can't provide good, safe, reliable care to patients and family. So transformation comes in a lot of forms. And I can tell you back to this whole conversation about investments, those investments and implementations come with great ideas and a whole set of unintended consequences.
It always happens every time. And we don't know what those unintended consequences are until after we've gone down that road.
All right. Drex we will finish this conversation on cybersecurity, mostly because you're wearing a really cool CrowdStrike shirt. And cause your posts have been provocative this week. Let's start with the first one, which I thought was really interesting question, which is who in your organization has the authority to cut the health system off from the internet? Push that button that says OK all communication outside this building shut off now. Right, right. Shut off the router or whatever you're going to shut off.
There's a lot of ways to do it, but you posted that and I posted, that's a really good question. if I thought back again, I haven't been a CIO since 2016, I think. I was the only one that could do. I mean, I would be the, I mean, I guess my people could have done it and then told me about it, but we didn't really have a policy per se, around that back in 2016. But today I would imagine you do so Lee, you probably have a policy around that.
Yeah. Lee actually commented on the post too. I mean, I really post that sort of in the spirit of incident response is incredibly important at this point and doing those exercises and doing that training and figuring out what are all the scenarios that you, that might come up and then who has the authority to do really radical things, like say, we're going to cut ourselves off from the internet. Is that written down somewhere? Have we sort of practice, like we call this person, if we don't hear back from them in two minutes, then we call the next person. And if we don't hear back from them in two minutes, we call the next person or we just go, yeah. I find somebody in that chain who has the authority to, to sort of turn it off.
And it's not a thing you want to figure out in the heat of the battle. You want to know what that process is in advance. And it came up because of a French hospital who kind of cut themselves off from the internet. A lot of people thought that was really radical. And I was like, but you have a plan for that. Right. That's why I asked the question. And then Lee answered.
Yeah, it used to be at a kind of an unwritten rule here that it was our CEO actually, who had to endorse that. By the time I came into this role three and a half years ago now it was the CIO where that capacity, we recently rewrote our policy and procedure associated with this after the attack to our neighbor.
And so now we push it down to our CISO. Who's a director as first-line and then below that supervisor, if he's not available, we haven't gone to the point. You're talking about tracks about kind of having a timeframe so shared with each or even practicing. I really like that. I'm going to take some notes on that.
there's a lot of different ways that you can skin the cat, no, no offense to cat people, but it's just something you should think about, right? It's something that should be in your plan and.
we love the free consulting. So that's what we, you also have another post here that I think it was with regard to the tenant healthcare, cybersecurity outage. But you put we think about the hierarchy of technology to be protect, keeping the bad actors out, of course, detect making sure that you have mechanisms to understand if they get a foothold somewhere contained, that's making sure that the bad actor should get in that you have protection for them being able to spread and restore when you have something that has gone bad and you've been compromised. How fast can you turn around and get back in a secure way? I like that framework. I've heard that from you. I mean, that's a common framework. We've heard that from several leaders. I'll start with you on this one. what area do you think the best at, in healthcare. And what areas do you think we need a little help in?
so I kind of go back to the cybersecurity transformation idea, right? We have at CrowdStrike, an army of people who spend their days and nights on the dark web. Figuring out who the bad guys are, how they work, what tools they use, how fast they move from one tool to the next, all those kinds of things. And we do tons of incident responses for companies who are not customers until they have their most worst day ever. And they call us and we come and help them with an incident response.
So we gather a bunch of forensics. And in all of that, what we've sort of figured out is from the time the first machine is compromised. On an organization's network to the time that bad guy is able to move to the next machine, we call that breakout time or moving laterally. That's about an hour and 38 minutes in, in sort of generally speaking, right?
Sometimes it's slower. It's usually not faster. That's kind of like the bed about the best they can do an hour and 38 minutes. So what you have to do is figure out from a cybersecurity transformation. Sort of model, how do I get to the point that I can detect that they're there. I can do an investigation to make sure that that's actually a bad thing that's happening and then I can kill off the bad guy or isolate the machine or do whatever I'm going to do to.
The bad guy from being able to move laterally in less than an hour. And we talk about that as 1, 10 61 minute, to detect 10 minutes to investigate, kill off the bad guys and under 60 minutes. And if you can do that, then you stay inside that hour and 38 minutes, lateral movement window, and you have a program that's sort of devastatingly effective against ransomware and data exfiltration.
And so this is the for me, it's the not necessarily. Is there one place where we're doing poorly. It's more about, again, kind of thinking about how do you build a program that puts you in a position to be able to hit that goal of staying ahead of the bad guys, because deeper moats and taller castle walls the old model of sort of like keeping the bad guys out that works for a lot of stuff, but clearly it doesn't work all the time now, bad guys often get in and then it becomes just how do we find them and kill them fast. And if you can do that, All the time, 24 hours a day, you have a transformed cybersecurity program that can actually keep you from getting into trouble.
You know what? My greatest concern is the security. It is that we wrote software for years, for decades. And then said, oh yeah, we got to do security when we were done writing this after the fact. Right. Yeah. It's like the internet. Yeah. And a lot of that software is still in play in healthcare and modern architecture. Has you, I mean, essentially integrating security mechanisms into the architecture as you go along, for example the, the ability to detect an anomaly. Kill off that, that virtual machine spin up a new virtual machine so that they may have hacked a machine that doesn't exist anymore.
I mean, you're essentially spinning things up and down. Now, when I say that architecture and healthcare people look at me like, huh, but if you see that architecture in finance, they're like, oh, absolutely. I can't believe you wouldn't do anything. Other than that we have so far to go with regard to architecture and I had 900 applications.
This is where I sorta, I come back to 900 applications. How many of those were written to modern architectural standards and security models that are in place today in finance, in FinTech and other places? And the answer is, I don't think anything. Like it's
a fraction compared to probably other industries. Most other industries have kind of gone to this cloud native model of like they're building things and they're running things in the cloud and they they, they just have a, a much different view of the world about how they're doing Software development, operations, and how that stuff winds up, being built in as part of that process, compared to a lot of legacy systems.
I mean, a lot of our stuff, we make big investments. We like to keep it and hang on to it forever. We have systems that have been running for five or eight or 10 years, same with medical equipment. We buy the stuff, it keeps working. I don't want to replace it just because. I could buy something more secure. And so that's why we wind up stuck in some of, some of the challenges we have around legacy.
All right. we gotta end somehow hopeful here. So let's see. How could we end hopeful here? Hey, Elon Musk bought Twitter. I want to talk about Twitter a little bit. It's there. Isn't our hope here out of actually here's the interesting thing. So who posts? Hey, Elon Musk has a huge responsibility to fight misinformation on Twitter. What do you think this is going to look like? He says, oh, we're gonna open up the algorithm. And let people look at the algorithm. I don't know about you, but when I look at algorithms, I don't, like go, oh, that's going to do this and that's going to do this. I don't know how he's going to publish the algorithms. Then I'm going to know if it's a bias one way or another. So that that'll be pretty interesting, but does this have any impact on healthcare? Do you guys think.
I just hope the edit feature actually makes its way into the platform at some point.
no, that's totally. I mean, I'm with you. Yeah. I I can't tell you how many times I post something and then I'd go back and read it and I'm like, ah, and then I have to delete the tweet and retweet it after two or three people have already liked it.
So I don't know Twitter's sort of evolved into this weird public stage on which we debate things and policy is developed. And sometimes even with folks from the government policy is almost created sometimes by some of the things that they say on Twitter.
So with the company going with no one actually having control over anything in this company when Musk takes it private, except for mosque, it definitely creates also a huge, it does create a huge amount of responsibility for him to do the right thing. But in the end it's a private company and you don't have to participate in twitter, if you don't want to, and you don't have to read Twitter if you don't want to. And so it'll be interesting to see where he goes. There's a lot of things he does. I'm a big fan of a lot of his stuff, but there are a lot of things that concern me about so much power from so many industries being in one person's hands. Right. So some of the other. He could either be a superhero or supervillain. And I think no one actually knows, which is, oh, the,
the, the funniest thing I saw was the Washington post writing an article about Elon Musk, the billionaires taking over media and how detrimental that is to everythingand I'm like, Y you you're owned by Jeff Bezos. What, what, what are you thinking? What are you writing that article for? Anyway? Let me tell you what I hope happens to Twitter. Yeah. Have you guys seen Hamilton the musical? I heard about, gosh, you guys, I'm going to have to take you to Hamilton. It's worth seeing plus it's on HBO max or something.
Just, just go watch it. It's worth watching, but it's playing out the founding fathers and there's a great scene in the beginning or actually a couple scenes where they have cabinet meetings and in the cabinet meetings, you have Hamilton get up and go head to head with Jefferson and you have these two great minds going at it, but they're doing it with like rap and that kind of stuff. So it's, it's really entertaining, but they, I mean, they're really going at it on policy and that kind of stuff. I hope Elon Musk figures out a way to put two people into a, a Twitter. Bout where they just go back and forth on ideas and they're forced to have it with each other Not with the echo chamber.
Like I love when people post and they feel so good about themselves because all the people that agree with them say, yeah, you're right. Yeah. Let's put, I don't know. Let's put whoever and whoever in a room. I'm not going to say two names. Cause I don't want to offend anybody, but let's put them in a room and have them debate healthcare.
And just watch the arguments play out. Let's have the Harvard professor and the whatever, just put their arguments in play and say, Hey I see what they're saying. I see what they're saying. Let's create that public venue where we can see the battle of ideas play out right in front of us without the the slurs the name calling and the you're an idiot kind of stuff. Cause as my parents told me, there's a lot of truth on both sides of every argument.
so like a really smart Twitter Thunderdome is what you're asking. Exactly,
exactly. Thunderdome. That's that? That's a great idea. That's what I would like to see if anyone else would like to see that, please send me a note I'm tweeting it later
And then I'm going to see if we can get it up,
get it over get it over to Elon Gentlemen, thank you for being on the show and coming. And saying most of the words on the show, I really do appreciate it. Lee and Drex thanks for your time.
Hope you feel better. Feel better. Take care.
What a great discussion. If you know someone that might benefit from our channel, from these kinds of discussions, please forward them a note, perhaps your team, your staff. I know if I were a CIO today, I would have every one of my team members listening to show just like this one. It's conference level value every week. They can subscribe on our website thisweekhealth.com. They can also subscribe wherever they listen to podcasts. Apple, Google, Overcast. You get the picture. We are everywhere. Go ahead. Subscribe today. We want to thank our news day sponsors who are investing in our mission to develop the next generation of health leaders. Those are CrowdStrike, Proofpoint, 📍 Clearsense, MEDITECH, Cedars-Sinai Accelerator, Talkdesk and DrFirst. Thanks for listening. That's all for now.