July 10, 2023: Drex DeFord, Executive Healthcare Strategist at CrowdStrike joins Bill for the news. What drives CrowdStrike's impressive presence in the cybersecurity landscape? How do healthcare cybersecurity trends shape the future of data protection? Are M&A deals the key to unlocking growth and innovation in the cybersecurity industry? What strategies can companies employ to successfully expand their product offerings? Is entering new markets the ultimate catalyst for business growth and global impact? How can economies of scale revolutionize the cybersecurity sector? Does reduced competition hinder or foster innovation in the industry? What challenges and opportunities arise when fundraising in the dynamic cybersecurity market?
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today on This Week Health.
we have to do something because I can't have this happen again next week or next month. Right. So it had the intended effect, which was don't take these things as individual. This is a systemic problem.
Welcome to Newsday A this week Health Newsroom Show. My name is Bill Russell. I'm a former C I O for a 16 hospital system and creator of this week health, A set of channels dedicated to keeping health IT staff current and engaged. For five years we've been making podcasts that amplify great thinking to propel healthcare forward.
Special thanks to our Newsday show partners and we have a lot of 'em this year, which I am really excited about. Cedar Sinai Accelerator. Clear sense crowd strike. Digital scientists, optimum Healthcare it, pure Storage Shore Test, Tao Site, Lumion and VMware. We appreciate them investing in our mission to develop the next generation of health leaders.
Now onto the show.
All right. It's Newsday and today we are joined by Drex de Ford with CrowdStrike. you're really showcasing the CrowdStrike stuff now. You got the, shirt on. You got the C R W D hat, right?
And I'm sure the two things hanging on the back of your door probably have CrowdStrike logos on 'em as
well. They probably do. So it's one of those things that you get into a bit of a cycle and then stuff kind of keeps coming and so you feel obligated to wear it.
Now this is your home office. If you were to go to my office when I was cio, I invariably always had like a full suit on for sure, back of my door. Cause yeah, I, on invariably it would happen. We had casual days in the office and I'd go in and somebody would call me up and say, Hey, board member wants to meet with you for lunch.
And I'd be like, yeah, I gotta change into the bat suit. And. Get out.
Get out. Yeah. For me I was a super clutch. I mean, and I still am. And so for me it was always like a clean shirt and maybe a couple of extra ties. And I always had a suit back there too. I mean, I pushed, I, for folks who have known me for a long time, I've always kind of pushed the envelope on, casual Friday.
Can we start that on Monday? But there are times you have to be in a suit and there's places you have to, you kinda have to at least get a sport coat on, and when you spill stuff on it, you need a backup. So, yeah,
backup. All right. Hey we've got a lot of news stories. You and I need to talk more so that we don't, try to catch up over the first five minutes of the show.
I know. This is a good one for you. I save certain stories just for you to have these conversations. This one is in Healthcare, digital Healthcare, cybersecurity 2023 Key m and a themes and future trends. Lemme give you a little bit of this. So there have been 49 healthcare, cybersecurity m and a deals this year, as of June 18th, 2023.
This number's up from 45 deals in 2022, the most active acquirers, and it talks about some of the active acquirers, the reason for healthcare, cybersecurity, m and a deals. In 23 include, and they have these four reasons to expand product or service offerings to enter new markets, to achieve economies of scale, to reduce competition.
It's interesting because I think those are the reasons people would publicly give. I think the other reason is economically it's been a very challenging time and fundraising has been hard for some companies. Therefore it's almost like a survival mechanism that has kicked in. And then you have key M and A themes, the rise of managed security service providers, the convergence of IT and OT security, the increasing focus of data privacy and security.
The growing importance of ai, the need for integrated solutions. And then they have some future trends, increasing sophistication of cyber attacks, growing importance of cloud security, increasing regulation of healthcare security. Since, I'm, you're not speaking on behalf of CrowdStrike, I just wanted that to be clear, but you know, CrowdStrike's one of the big players, I mean, you guys did a Super Bowl ad.
I think which puts you in that category of big players in this space. What are you seeing in the m and a areas, specifically around cybersecurity?
Yeah. We've done a fair amount of m and a since I've been here. And a lot of that is driven by customers who ask for particular capabilities that we may not have in our portfolio today.
And as we see that demand continue to grow, we're always sort of looking, right? We have our own investment fund. We make investments in other cybersecurity companies that we think have cool ideas and do interesting things that may not be things that we do today because we want to help make the entire environment more secure.
So we're always looking and we when we have the opportunity and a lot of it is a cultural fit between the companies that, you may be acquiring, you wanna make sure that you have. That it's not a night and day combination of two companies. Sometimes that can kind of blow up the whole thing.
It just doesn't. It doesn't work. You can do the acquisition, but you can never get anything to fit together. And so the investment winds up being a lot more expensive than you thought it was gonna be because of the cultural changes you have to go through. And then I think there's a whole spectrum of these things too, right?
We have a spot in our portfolio where we know we need to grow into. And so we could either build it or we can acquire somebody. But on the other end of that, you were talking about the economic, sort of downturn and the challenges there. It's I think still tough today to find a fire sale for a company that's primarily a cybersecurity company.
But you know, even in those cases where. You may be getting a deal. I think the challenge of, putting two companies together and it's like healthcare. Provider m and a. Sometimes you don't totally understand or totally know what you're, what you're buying.
Due diligence process can get you so far, but there's always things that can be surprising. So if it's an economic buy, you definitely have to think through the due diligence. Well,
So product fit client demand. There aren't really fire sales, but.
When I'm talking to pe. And venture capital. What they're looking for from their companies is different from what they used to look for. And so what they're looking for now is are you making progress in sales? Are you actually closing deals? What are the names, what are the badges that you're able to put on your website?
And is that number growing? There are also. Really looking at the use of capital and it's, are you progressing towards that break even profitability or even beyond. And so they are putting pressure on those companies to say, look, if you're not making this progress, you're gonna wanna partner with somebody who has made this progress.
So this is why CrowdStrike's such a good partner, cuz you're in. A lot. Not only healthcare, you're in a lot of companies. And so if somebody has a security product, they could be acquired by CrowdStrike and immediately gain access to a significant portfolio and client base which is, which, once you get to that scale, there's a lot of, there's a lot of benefit.
I don't wanna talk specifically about CrowdStrike though. Yeah. Yeah. Let's talk about these m and a themes, the rise of m MSPs. I would assume, I'm one of the CIOs that went to this direction way, way back because I just couldn't hire, I mean, I just couldn not keep up with Right.
The demand. Is that still the case? Are we still seeing mostly this direction?
Yeah, there's still, I'm trying to think. I've read something recently, but you know, a massive gap in cybersecurity professionals. With the skills that you need being available over the next several years between the demand and the availability of people who can come into those career fields.
So there's always, it feels like forever now there's going to be a gap. And so the challenge becomes and it's really complicated, right? There are a lot of other factors that kind of play into this. I'm doing a, I'm doing a board briefing this morning for a healthcare system and we're talking about the human capital shortage.
Challenges we're talking about how that contributes to the inability to execute the fundamentals, right? So patching and, all of this stuff that. Healthcare, cybersecurity teams have to do, there's just, there's a gap and then there's a whole bunch of projects that wind up being piled on that, right?
Including things like m and a which introduces a whole new level of complexity. So that would kind of be the third one, which is technology and environmental complexity. How we are in healthcare, we bought one of everything ever invented and we never turn it off. We never rotated out. We make investments in new technology.
With good intentions thinking that we're gonna roll old technology out. But the reality is because of the way that we bought it or the way that we installed it or implemented it, it never reaches the r o I that we expected. And so we can't turn the old system off, or we just have old equipment. Like medical equipment that requires old machines to be able to run that older medical equipment.
And so we have to continue to protect that. That creates really complex environments and really complex environments by their nature, or more prone to breaking down, which means that you can take yourself offline just because you have a really complex environment. But if you can reduce the complexity and simplify and standardize, this is my lean.
Production guy coming out, it's I say this all the time, right? But if you can simplify, simplified environments are easier to secure. So you get kind of a double benefit of this. If you can create a governance process that helps you drive through the, let's turn off old stuff, let's modernize, let's do the things that we can do to try to standardize.
You can create a better operating environment, which means it's easier to run. It's probably cheaper to run the resource issue, becomes less of a factor perhaps. And then it's easier to secure. But if you don't have the people to secure it, then yes, definitely we're going to mssp you see them going to, you
know, it's, it is interesting if I go back the CIO from
20 11, 20 16 roughly. And a majority of our outages were self-inflicted. Sure. It's so amazing how, and I thought, yeah, this is crazy. I wonder if the stats still show that they're self-inflicted. We turned this on when we shouldn't have turned this on. We did this, we did that.
have poor change control. There's a lot of things that happen in those complex environments. I mean, when I first went, I won't say where, The first couple of days, like every time there was an outage for some system in our environment, I got an email and so I would print.
I just decided, I'm gonna print this email, one first page of this email, and I'm gonna tape it up on the door, the main door where you first come into the office. I'm gonna tape it up on the wall outside that door, and so. Every day I taped more and more pieces of paper. And literally by the time we were at the 15th of the month, when you opened that door, the whole wall just fluttered at you to let you know how bad things were, why we were out all the time.
Right. And that created a couple of situations. One of them was just, Of the visual effect of like the visual. Every
time you open the door, people don't realize how bad it is until you, because
you only get it a drip at a time. You don't get to see it all at once. So it created that visual effect of like, oh, how many more of these things is he gonna tape up here?
And then the other one is like, The wall of shame effect of just like, we have to do something because I can't have this happen again next week or next month. Right. So it, it had a, it had the intended effect, which was don't take these things as individual. This is a systemic problem.
We apparently have that. We're gonna take ourselves down all the time. Yep. I we've gotta, we gotta figure it
out. See, Drex you're a lot smarter than me. And, lean really kicks in. I put a. TV as they were getting off the elevator and that, and we exposed those metrics and so you could see them.
It's almost like the signs on the. Shop room floor that says this many days since since the last accident. Since the last accident. And people would say like, that's not, I don't think that's having any impact. It's sort of demoralizing to see how many events we have.
I'm like, it won't be once we correct these problems. And sure enough, then it got to the point where, we were green for months and months at a time, and people were like, oh, I get it now. It's like, yeah. What we were doing before was not the norm. Like the every day there was a red event is,
and we've talked about this before, but I always had this thing that I did.
Talked to my teams about that was less Superman, more Clark Kent, right? Good old, reliable. Clark Kent shows up to work every day, does his job, does standard work, makes everything work, and never has like a fire that. He has to jump into and sort of save the day. So less Superman time, more Clark Kent time.
And if you can get more and more Clark Kent time, it turns out all that extra capacity can be used for all these other things that you have to do. But you have to figure out how to turn it around. And that's the hard part for a lot of places. Yeah. My
analogy on that was less Superman, more nasa.
Right. So, , it's a little different analogy, and we had a lot of super. heroes in it. I solved the whatever. Sure. People thrive on that. And what I wanted was nasa it's, I wanted a team of people working cohesively together to solve problems so that when somebody was I remember when we lost our our lead engineer to Amazon. They took my lead engineer and everyone's like, oh, this place is gonna shut down once he leaves. I'm like, it's not gonna, first of all, it's not gonna shut down, or that person is really not as good as you think that person is. But second of all, we're gonna replace that person with.
All of us, like with 20 of us, not just that one person. It's like, well, he knew things that we didn't know. It's like, well, let's identify what he knew that we don't know. Put that into our knowledge base, and if he had skills that we don't have, let's get contractors lined up. 📍 📍 We'll get back to our show in just a minute. Ever wonder how technology can reshape the patient experience? Join us for our next live webinar, the Patient Experience, a Technology Perspective on July 6th. At 1:00 PM Eastern Time, we're bringing together expert speakers to dive into the intersection of technology and healthcare.
We're gonna explore topics on digital health tools and the impact of ai, blockchain, and other things around this. Whether you're a CIO or part of a healthcare IT team, we think you will gain practical insights from this discussion. Uh, don't miss out on this conversation. Register today at this week, health.com.
We hope to see you there. Now, back to our show.
I wanna ask you about ai.
Okay. So one of the points they make is the growing importance of artificial intelligence. AI is increasingly being used in healthcare, cybersecurity. To automate tasks, detect threats, and respond to incidents. The third one is interesting to me. I'm curious where are you seeing AI make inroads in healthcare?
I mean, this is, and I don't really wanna do a CrowdStrike commercial, but this is part of the reason that I'm at CrowdStrike, right? CrowdStrike has been a machine learning AI company for 10 years, and so over 10 years, We've gathered hundreds of millions of data points into one of the world's largest graph databases, and we have machine learning algorithms that help us see.
Bad things happening in environments around the world before. Most people know that those things have even started, and once we see them, we can, immunize essentially the entire platform and all the customers from those bad things. So we've been using machine learning and artificial intelligence for 10 years to create the situation that allows us to find things that.
Tiny needle in a haystack that is the beginning of something bad at one particular customer, fix it at that customer back to the M S P kind of version of this manage detection and remediation. In our case, we can remediate that for the customer and then we can immunize everybody else in the family from that thing.
And so it's definitely in use. I think there are a lot of cybersecurity companies who are trying to do that kind of thing, but they don't have the. Kind of massive tenure plus experience that, we built out at CrowdStrike. I mean, reality is, CrowdStrike is a big data analytics company.
One of the leading machine learning artificial intelligence companies in the world. We just happen to focus on cybersecurity.
Yeah, let me I wanna have this conversation with you cause I think it's okay. I think it's fun and goofy. Epic, Cerner 2048, what will EHRs look like in 25 years?
So you're not the, you're not the first person I've had this conversation with, so I've got a little headstart. I'm gonna give you a little bit from the article. Becker's asked a bunch of CIOs what the EHR will look like in 25 years. Kaiser Edward Lee, MD Ccio Kaiser said, clinical decision support will be powered by evidence-based augmented intelligence tools and treatment recommendations.
We'll be specific for each individual patient. So he's talking about very personalized recommendations and diagnostics. These recommendations will be exquisitely precise, but not only using a patient's genomic data, but also through incorporation of their social determin of health. The combination of these factors will support the delivery of equitable care.
Let's see. ZFA Chaudry Seattle Children's says, artificial intelligence and machine learning with advanced data analytics will become standard practice. As providers continue to share data and work together on maximizing digital tools, CIOs predict interoperability challenges that have traditionally been the bane of EHRs and healthcare industry will fade away.
Let's see. Wow. Yeah. Bunch, bunch of friends. SFA also believes that AI could be used to enhance patient privacy and that regulatory frameworks and standards. You get the idea there, there was sort of this conversation, what will EHRs look like in 25 years? I, this is a fools errand, by the way.
What will technology look like in 25 years? That's a long ways away. It is. 25 years ago, the iPhone didn't exist 25 years ago. We were talking about y2k. I'm trying to think what else. I'm sure my laptop weighed like, 15 pounds for sure. It was a suitcase. Yeah. Yeah, so I mean, we're talking 25 years from now, the E H r, let's just say 20 20 48.
2048. 2050. What does the system of record. Managing a managing care look like in healthcare? What? What are your
mean, it's just, it's so far in the future it's really hard to predict that far out. I think there's a thing that, and I think, just conceptually, I would say there's a thing that we've worked on for a while that.
Kind of, got up and running at a couple of different places and then sort of fell by the wayside. And may maybe possibly is starting with, the idea of blockchain and other things could possibly make a comeback. And that's the idea of a personal health record and. I have control of my data in a personal health record, and that data gets fed from all the places that I've seen so that I am actually the system of record and I can then contribute all or part of that record to.
Lots of other AI things that are going on or preach it. Preach things that are going on. Preach, right. I can get paid for that, right? My data actually is valuable, so maybe I should be paid for some participation in some of those things, but I'll actually own the data. But this create, this sort of takes a, you have to.
You have to take everything you know about how we manage healthcare, information technology and electronic health records and kind of throw it away. And you have to sort of think about it as a completely different thing. We have, we may have in health systems, if health systems even exist in 25 years. Tools that we use to sort of treat patients and do those things, but the output of that won't go to some centralized database that we keep in our data center.
It will go to maybe the patient's record. I mean, I'm just thinking, for me it's just like that decentralization and proper ownership of the record seems to me to be a core thing, especially with all the privacy issues and privacy concerns and everything else that we see happening in the world today.
I think you have to figure out how you give control of that data to the individual and let them manage it more effectively. Now, that creates another whole situation too, like who's actually gonna be able to manage it. But I think the capability will be there that you won't have to be a super hardcore technical person to manage your own data.
It will be manageable.
It's interesting. The title thing is Epic Cerner 2048. What will EHR look like in 25 years? There's so many assumptions even in the statement. Epic and Cerner. Are they EHR providers in 25 years? Does the ehr, is it still the system of record? Are, is our healthcare organized around hospitals and health systems, or is it more organized around payers?
And pharmacies that have partnered, cuz you have, Amazon will eventually become a payer. I predicted that five years ago apple will become a payer. You have CVS Aetna, you have Optum and United Healthcare will be, will we be more organized around payers in including the federal government, cms?
Does the system change altogether? Right. Cause we certainly see, the winds of. Potential change coming and then
the question becomes if we're automating all sorts of things in cybersecurity with AI in 25 years, for sure, we're gonna have all sorts of new methods and approaches to meeting people where they are with, in, in terms of their needs.
And so, I had this conversation with Taylor Davis around, 50% of all primary care. Being provided by silicon based workforce in the, and he's saying like, Five years,
right? I mean, there's that other problem of like there aren't enough healthcare providers, so go back to this P H R idea, personal health record idea.
You have all your medical data, but imagine also that one of the things you have are lots of other systems that feed data to that personal health record that are social determinants of health kind of systems. Like there's work going on in my neighborhood and they're building a building and it's creating dust, and the dust is going to affect me because I have emphas emphysema, and so, My medical, my AI medical assistant is telling me, Hey, before you leave the house today, make sure you put on a mask or make sure that you have the air filter turned on in the house, or it just turns the air filter on in your house automatically and leaves a mask for you by the front door.
There's all these. I mean, it's 25 years. It's kind of, it's 25 years. You can't even imagine what it might really look like. How
far will robotics have come in that timeframe? How many fewer accidents are we gonna have on the road if there is at 25 years autonomous driving? If we're not doing autonomous driving in 25 years?
I will be the most disappointed person on this planet. I,
I, I just, well, I'm still looking for my Jetson's car, so, we don't have flying cars yet. I'm disappointed about that. And I have been for years,
so, oh, au autonomous flying cars. That's whew. A little scary. The but yeah I think healthcare will look dramatically different in 25 years, and this is why I think it's so important to have the right leadership at health systems.
Because, you have that age old thing where you know if up and the Santa Fe had realized they were in the transportation business, we'd be flying up airlines and the Santa Fe Airlines, but instead they saw themselves in the railroad business and we had new airlines sort of pop up. That's the age old thing they talk about in business school.
And I think healthcare is in that same boat right now. I think they, like, we do these things. It's like you do those things today, but what business are you really in? And the business you're really in that I want from you is health. Yeah. And yeah if you're not gonna get into the health space, everybody else is going to get there, and you're like, well, nobody's willing to pay for it yet because insurance doesn't pay for it.
Well become an insurer cuz insurers are willing to pay for it for the people they cover because they know it keeps 'em outta the hospital. And if it keeps 'em outta the hospital, they make more money. Less
money. Right. There's a great book by a guy named Jay Sam, it's called Disrupt You. And it really goes through a lot of these same.
Kind of examples of companies who got comfortable doing what they're doing and didn't disrupt themselves. And then there's the Uber example, there's a SpaceX example. There's tons of examples of like companies who came in and just decided, we're gonna do this a different way, and.
The old guys sort of fell by the wayside, but the book is also about individual disruption and reinventing yourself and not being comfortable with where you are personally so that you continue to grow and change and expand and become a new and different, kind of person over time.
It's a great book
and that's a great segue to our next conversation, which is gonna happen off the air, which is you and I are gonna talk about. You're gonna gimme five minutes to talk about my business and how we can disrupt. What we're currently doing today, unfortunately. We're gonna turn off the recorder now, so nobody's gonna get to hear this, but Drex, I want to thank you for coming on the show again.
Oh, thank you. It's always a good time. We always have a great conversation and I look forward to the next one.
And that is the news. If I were a CIO today, I think what I would do is I'd have every team member listening to a show just like this one, and trying to have conversations with them after the show about what they've learned.
and what we can apply to our health system. If you wanna support this week Health, one of the ways you can do that is you can recommend our channels to a peer or to one of your staff members. We have two channels this week, health Newsroom, and this week Health Conference. You can check them out anywhere you listen to podcasts, which is a lot of places apple, Google, , overcast, Spotify, you name it, you could find it there. You could also find us on. And of course you could go to our website this week, health.com, and we want to thank our new state partners again, a lot of 'em, and we appreciate their participation in this show.
Cedar Sinai Accelerator Clearsense, CrowdStrike, digital Scientists, optimum, Pure Storage, Suretest, tausight, Lumeon, and VMware who have 📍 invested in our mission to develop the next generation of health leaders. Thanks for listening. That's all for now.