This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 This episode is brought to you by Rubrik. Together with Microsoft, Rubrik works with you to better understand your data and workflow so they can help you build a better security solution that's just for you. A solution that not only secures your data, but puts you in the best possible position to recover faster from a ransomware attack.

So reduce complexity, with Rubrik. And make sure your data is protected no matter what cloud provider you're using or how bad the cyber landscape looks. Find out more on how the Rubrik plus Microsoft Alliance can help you elevate your cyber security game. Check it out at thisweekhealth. com slash Rubrik.

That's R U B R I K thisweekhealth. com slash Rubrik.

  📍 📍   📍 Hey everyone, I'm Drex. I'm a longtime recovering healthcare, CIO and the cyber guy now at this week, health and the 2 29 Project. Thanks for listening. Thanks for being here. This is gonna be a really interesting solution, showcase.

I have a couple of great partners that we work with here. They have a really good, better together story, and it's not really just a story, it's actually. You guys are doing this stuff now, but health systems across the country. So a great place to kind of start off here PV and Todd is to actually let you guys introduce yourself.

So Todd, why don't you go first? Sure. Yeah. Tell us a little bit about yourself.

Sure. Thanks Drex. So, my name is Todd Barton and I lead the Americas Solution architect team for Rubrik. And we cover the healthcare space. The thing that we're asking CIOs and healthcare organizations, we're asking them one fundamental question, how long will it take to recover from a cyber event?

And that usually kicks off some great conversations.

I'm sure we'll cover some of those today. But PV, it's always good to see you. It's always good. We always have a fun time when we're together. Introduce yourself, tell folks about yourself.

Absolutely Drex glad to be here. And thanks for being here with Todd.

And it's been incredible journey that we've been working together for past couple of years. I'm PV Subra responsible for healthcare life senses globally, and we are working with various health systems and terms of looking at what their true challenges are and one of the biggest challenges how do they improve their cybersecurity posture and which means that they just open so many conversations in terms of.

It is not about whether or not it's about when. How are you prepared?

Well, what are you seeing when attacks happen? What's the real sort of like core problem of when they're attacked? It. What do you see as you guys look across the country and talk to Don Chapman?

Yeah I'll, I'll kick things off.

I'm sure you'll have a great opinion as well. The number one challenge we see is how do we deal with the pressures of time? Because when these systems are offline it means healthcare patient care is compromised. There's that aspect of it. The second aspect is, of course, financial. You know, money is not coming into the healthcare organization, so.

Those are probably two of the most fundamental challenging questions that these organizations are dealing with. And so, you know, we're partnering with, our friends at Rackspace to give them an answer to that question.

There's this really interesting it feels like today the cycle is ransomware hits organizations down for 30 days or more.

I mean, still kind of limping along sometimes at 30 days. guys are working with them to kind of break that cycle, right pV?

Yeah, that's right. When you start looking at what the implications are it's about the number of days it takes to restore and recover the amount of change that they have to go through once the incident really occurs.

As much as they're dealing with financial implications that Todd mentioned about, and the reputational damage that they're trying to recover from, that's only about you know, 10% of the problem that they're solving, but after the incident. So the 90% of the impact that they're gonna see is going to be even more.

And that's about like, analyzing and looking at what the implications of change and how much of, you know, penalties that they have too for regulatory authorities, right. As well as for impacted consumer base as much as what their overall reimbursement rates are going to go down.

So, you know, part of being on the other side of the table with a lot of the health systems. Everybody is forced to do more with less. And in the midst of all of this, if this particular impact, one is to recover from how quickly you're doing, maybe two weeks, three weeks, or 30 days, but after the fact, the implications and the changes that they have to go through is such a painful exercise that 90% of that particular impact actually makes them go sideways.

Yeah. I mean, it really is ultimately all about resilience,

right? Right, right. It is resilience and the problem's not getting easier. What we're finding is that 90% of organizations are facing attack leaks once a year. About 20% of those same organizations are facing an attack almost every other week.

So the problem is persistent. It's ongoing, the tactics are changing and so they have to be able to adapt to these ongoing attacks as well. And then you have to do with all the implications that PV just laid out.

Yeah. After the fact. All of the class action lawsuits and That's right. Stuff that happens.

That's right. With the government coming to Right. Inspect and investigate and drag you through the mud for the next however many months or years in some cases. That's right.

It takes a couple of years. You know, some of them are still reeling from what happened a few years ago. And to the extent of, what you have to go through for remediating your systems and your entire posture. So which actually goes back, not just your infrastructure that you are, you know, really catering to the business, but think about like your met devices, , that are actually in the, , endpoint locations connected to care delivery ecosystem.

So you have to take a holistic approach, that holistic approach and how you really drive this, in a concise fashion will take about a few years.

When we talked ahead of this, you guys talked about this concept of Todd, we talked about a preemptive recovery engine.

Yeah. And generally we talked about cyber recovery preparedness. This is kind of like making sure you're ready to go and when and if that thing happens to you instead of just. Trying to deal with it

right on the

fly when it happens.

So I think it's a good opportunity to talk about definitions because often these organizations have planned for disaster recovery.

So a site outage a fiber optic cable being cut. And in those incidents, once the event is over, you can start moving toward operational recovery. It's predictive. But in a cyber event, the first thing you lose is trust in everything. Do I trust my backups? Do I know when the event occurred? Yeah. Do I trust the people that are in my system right now?

And so one of the things that we've been focusing on is to help with the data investigation part of it, and to reinstill trust. And so if you move that part, if you will provide the answers to the decision makers even before the event begins, they can then move to the recovery.

Part of those steps. And so that's sort of the preemptive part. If we can provide answers prior to the event so they then know when to take actions, that's a real value add.

I can move through the plan and confidently know when I'm at the next step, like restoration, that my backups are in good shape.

I don't have to investigate my backups, which may take. Days, bingo, or weeks. That's, it's sort of a math problem that

emerges. So if you have so many workloads and so many retention copies, well then you're scanning for that clean restore point. Well, how long does it take to scan for a clean restore point?

It could be. Literally days, if not weeks. And so if we can preemptively demonstrate this is the known good restore point that you can recover back to clean, that really moves the ball forward. Takes a

lot of

time

out. PV? Todd you mentioned about the recover point that is sound and safe for you to at least restore to and get the business going.

But in the midst of all of this, you still have to do forensics and support. You know, that particular, you know, a effort exactly. That the organization has to go through. What do you see as a balancing between while you do this and how do you do you know, really support the it f force to restore?

So where is that balance that you see in from some of the customers that you've been working on?

Right. So you do need that clean recovery point so you can begin the steps of moving back to production, but you need to be able to keep forensically, uhhuh those copies of the data and then store that into a vaulted section, a scanning room, or a forensic room so you can begin to look at what exactly happened.

And that's where the regulatory desires, and that's honestly where. Organizations really struggle with that because how do I maintain that sort of environment over time? And so trying to figure out, crack that code of what is the IRE, what is the scanning room, what is the vault that I need to be able to perform both of those functions all under the pressure of time to recovery, right?

So that's how we partner with our friends of Rackspace. Because they can answer those tough questions.

I love that. I mean, that is the pressure, right? The pressure that comes from the patients, the pressure that comes from the community, from the CEO, from other people in the organization. Your clinicians, what are we gonna be back up?

We need to get back up. We have to get patients back in surgery, back into the flow of things. That's right. So that's a super stressful situation. How are you guys working on that? How are you making that happen?

This is a constant work of effort that goes into different solutions and different efforts in terms of understanding where the customers are in the journey of cyber recovery.

And you have to make the solution in a manner that actually fits into the ecosystem of where they are today, you know, current state to future state, but at the same time make sure that it is effective. So one is, you know, obviously Rubriks platform is extremely compelling in terms of the value proposition.

And we can look at using that in terms of making sure that we design the architecture, create all of the, you know, backup in an ecosystem that can be relied upon. You know, safe and sound that we can restore to. But there are many other tracks that you have to be familiar with most of the times.

The overall workflow in which the organization need to take steps from a governance perspective. Do they have that playbook? If this happens, do they really have the playbook or not? If so, where do you start? Right? And which means that is your network that you are currently using is something that you want to, you know, rely on.

You want to have something different. So, right. So most of the times you may feel that you have safe backup, but that backup may not be in a position to really restore just because you don't have the underlying infrastructure underlying network, which means going back to the powerful word that Todd used, the trust.

So what are you trusting your people, your process, your underlying technology? And when you're replacing all of it, where will you restore to? And how do you really bring that up in a cyber incident? And that's where we start the journey. That's where essentially we look at it. So we use a powerful technology and solution, but how do we put this into the overall ecosystem of the current state of process?

And what it should be in the event. If it happens, how should that work? Right? So that's where we came out with something called Minimum Viable Hospital. And and we felt like that should actually address most of this. And how can we make that to, you know, really bring it up into life And creating that true IRE as an offering combined with Rubrik and that's what we are excited about and what we are

really able to create something that the industry doesn't have fully defined, but for us is to, you know, get that to forefront of creating that value. /

/ 📍 📍

/   📍 📍 📍 📍 📍 📍 This episode is brought to you 📍 by Rackspace. The cloud is revolutionizing the way that healthcare organizations operate while delivering improved patient care, increased efficiency, and cost reductions. Cloud based healthcare solutions from Rackspace technology makes it easy for your organization to access patient and research data, collaborate with others on the continuum of care, and scale up or down as needed.

Rackspace Healthcare Cloud allows your organization to securely store, process, share, and analyze clinical information. Let their experts help you determine which private cloud or public cloud is ideal for your workloads. Check them out at ThisWeekHealth. com slash Rackspace.

/ 📍 📍

  📍 So you both used this term, IRE.

So I want you to take a moment and explain what IRE is and what it means, and then.

We'll talk more about minimum viable hospital. Sure. Because we just had a CISO event in Boston. There was a lot of conversation about their sort of the struggle of like minimum viable hospital. I mean, you can't push people to paper forever, right. And you know, when it stretches on over time, it just gets worse and worse.

The operation just continues to degrade. And so they're talking about how do we do something that is just sort of like the very bare minimum basic that we need from an EHR perspective to suboptimal, but we can continue to operate. So start with IRE and then we'll talk about that. Yeah I'll let you kick off

the IRE and then I'll add on now.

So give it some color.

Yeah. From a, from traditional approach, we've taken yeah, we've gone through how you can make sure that core systems have backups and you have backups and, you know, are they actually air gap backup? Are they traditional backups and are they cyber recovery? So, they sort of actually gives you a sense of comfort that I have a means to restore from.

But in the event, you don't know where you're restoring to. So it is important that we have those independent solutions that we work through the process with many customers, but even if you have a backup that you can restore to, but where do you restore to? So that presents a new problem.

This recovery environment is something what we have come out with in partnership with Rubrik. Is to ensure that it is safe and sound that you will be able to really confidently be able to put most critical business facing applications and systems up and running so that you can get your entire responsibilities of what you're doing and core functions up and running.

That you are not taking a major hit in terms of you know, financials, in terms of operations, in terms of reliability, in terms of reputation, everything that you have to go through. And that becomes like you will support all the forensics and other efforts, but what you will really do it's continuing business as usual and pretty much gives you.

A major advantage without having to worry about losing the 30 days and weeks and months. And going through, you know, rest of the other process. Right? Right. So

you can you've got the data you need for the forensics. Correct. That's safe and sound right. You've cut out a bunch of time that you need to do investigations to decide what your restoration point is.

because you know you have good, safe and sound. Right. Backups that you're ready to restore on.

Right, right.

What's next?

Yeah, so I, it's been interesting on the technology side to see this approach evolve over time. Because originally it was sort of, I just needed to secure isolated copy of my data.

Yeah. And I put it in this secure location. Restrict the access, no inbound traffic, only outbound traffic. And, only credentialized folks could get access to it. But then the question, well, that doesn't help me in the event of a cyber attack because I need to activate that data

to something, right.

That I can also

trust

that I trust and that we can get the minimal viable hospital, which we'll get to in a second. Okay. I can get those services up and running to get production back online. So that's, we're getting back to time. So the conversations we're having with these CIOs and CDOs is around that activation and how do we define the, that copy and how quickly do we need to recover it?

So that becomes that really interesting critical part of the conversation where technology process and people all come together. So

this is the conversation then about the minimum viable hospital and what you need and how much you need and all of that.

And that's evolved over time as well. becuase you talk to different CIOs and they're getting better at this.

This is the good news is through efforts like this. They're being educated and through the conversations with the other stakeholders within the healthcare systems, they're figuring this out. So for example, some organizations will originally would say, well, what do you bring up? Email systems collaboration tools.

Well, that's great, but if you're communicating in your EMR systems, not up and running, kind of who cares? And then in order to get EMR up, you need kind of the dirty infrastructure, right? AD, DNS, SNTP, these sort of core infrastructure services all have to come up first, so there is a priority and an ordering.

That once you get into the details, those details matter. because ultimately leading to the outcome that you're looking for.

One data point that I wanna highlight here from an isolated recovery environment perspective. It's about you have the underlying data in terms of whatever systems and technology that you chose to, you know, Rubrik is giving you that particular advantage, but the choice becomes, I need to invest in infrastructure, you know, for where I'm restoring to.

And by the way, this is like an insurance policy. Should I invest, should I not? And how should I really be, you know, giving a priority within my overall plan. And that requires you in a manner that I don't want to invest right away because it's like it's sitting idle in terms of whatever. You have earmark for. And how should I make sure that this is still an on demand type of an experience for me? If this happens, how do you do this? This is really where Rackspace plays, right? Exactly. Exactly. And that the

trusted environment, correct? Correct. You can activate quickly Correct. That you know is clean.

Correct? Correct. And that's the place you restore to. That's right.

Right. And what we have done by collaborating with Rubrik so historically that if the systems are running in Aspace environment, so you have a third copy or however you really create an independent copy for you to have an isolated recovery environment to be, you know, brought up.

But most of the times you don't have to really change much. You know, you may be running your own in our data centers wherever they are. But what you need is like peace of mind. Peace of mind that you are prepared, which means that traditionally you have RPOs RTOs. But what we are actually saying is you have cyber RTO, right?

Do you have cyber recovery time objective? And can you tell your board that, hey, you know, I'm not just operating with traditional RTO, I'm able to bring cyber recovery time objective as a forcing function for how we are prepared and this is how we are doing it and this is how I can rely. And you're making sure that the solution itself is technically.

Operationally more important, financially viable for you. And that's where the togetherness and the power of what we brought out is really driving that kind of advantage.

You guys made an announcement at RSA, is this kind of where this all started, this announcement that you made together at RSA about this relationship?

Exactly right. It was through that partnership and realizing that there's a huge need for these types of solutions. It's a very difficult problem to go solve for. And so through joint partnership and being at RSA, it was a great place to launch that announcement and kick off our partnership.

So what we saw as an opportunity is not just about technology in terms of how and where it plugs into, we wanted to do what is real problem that is impacting the industry today. You've seen us in terms of our play in EMR and what we are doing with you know, some of the health systems with respect to, you know, epic infrastructure managed services and everything else that we are doing in the data center role and trying to create infrastructure as a service and many other things. But what we saw with Rubrik is an opportunity for where are they actually seeing some gaps or some challenges, but they've got a great technology and deployed it.

But the question here is that when it happens, the operational element of, you know, how can you launch a recovery environment, right? So it's like that is something that you can scale as things are actually demanded by the business, right? And that requires an operating model. The DNA, the core DNA, Rackspace fits into very well.

So we've been in collaboration with Rubrik for a while, trying to make sure that where and how we create a unique. Partnership and that sort of amplifies how we can drive the success. And that's what was formally launched. And we are super excited there's so many things that have come out since RSA in terms very quickly of you know, opportunities that we are having, real conversation.

Put together some solid solutions that we are actually, you know, having some interesting discussions.

It's interesting to kind of see this progression too, because you guys have done this right. The way this happens. Is that when you are a really good, trusted partner, customers come to you with other problems that aren't traditionally the problem necessarily that you're solving today.

Right? Or a problem that's bigger than the problem you can solve alone or that you can solve alone, and they kind of task you with, I have this thing, we're really worried about this. Can you help us? That's right. And that's really what you all have done. Bingo. So

What we, in fact, this is so integral part of the value realization for what health systems are looking for.

So all the CXOs, what I see as there are three emerging things obviously cyber topic of the day, so. How do you really drive improved posture, but the two other things tracks What is happening is, I think we use this term, do more with less. That's right. Right. So they're really trying to figure out what are the areas that you can be able to understand their core challenges?

How do you drive? And there is a unique thing that we are doing to sort of, you know, help customers in terms of how they can, drive some savings. Use the savings to actually invest into the business for, you know, doing some advanced things like AI and human things. Yes.

That is actually my next question.

I really wanna understand that. So, I mean, this sounds like it could be really complicated and expensive, but you've come up with a model to help them Correct. Not make it so complicated and not make it so expensive. Yeah, tell me more about that.

Yeah. We use something called cost and productivity optimization.

So we work with health systems to sort of understand where they're today, you know, what is happening in the entire ecosystem of health systems. We sort of look at their you know, overall effort and spend across CapEx and opex elements. We look at labor and non-labor and in terms of what is happening.

So you see, everything from the lens of applications, data security, infrastructures, everything where they are today. And it sort of gives us in terms of what we've been doing at scale and labor Plus and labor minus type of models, we amalgamated our operating model for What we brought out was when you actually look at your current state and put a, you know, future state and architecture, and then how you can put that operating model.

In a manner that drives consistency. So we were able to give anywhere from 20 to 25% savings from their current spend. And that savings is very important and very important in today's times, right? So it addresses that particular challenge of, Hey, I need to do more with less. We put that to not just like driving that savings, but how do you operationalize this?

How do you put that into an operational exercise of driving that transition from where they are at times like, Hey, you know, we will actually be able to shoulder some responsibility of where you're today.

And you're working with them, helping them Correct. Have this conversation Correct. Like as you go through it.

Yes. Like not everybody's in the same place. Correct. A lot of investigation you're doing.

Yes. And it. It requires you to integrate into where they're today. You know, understand at the finance level, technical level, operational level, architecture, you know, governance, all of these functions need to be part and parcel of it.

You engage them in a organizational change management effort and help them understand that, hey, this is what you are, this is what we can do, unlock this particular potential, drive that particular transition. That saving will actually give them a greater degree of freedom for where they can invest.

So one of the health system that we've been working on so they, we went through this exercise and then, and for you, you have to do in a progressive manner. So you know, you can do everything at once. So you actually do what is core. So we start with code like epic, you know, pretty much take care of, you know, what you're doing with core systems and then expand to how you can drive this.

And once you operationalize this Drex, what happens is that they look at, wow, so I have something, so, which means I can work on some newer initiatives. So one customer is looking at, Hey, can I do some genomics research from a AI deployment perspective? So what it means, and there are a lot of AI use cases that they are, you know, contemplating on.

And which means that if you start taking those use cases and you start using some of the industry proven models. And those models will give you an idea about, Hey, you know, I went through this. It's actually able to create some sort of a value for me. Now how do I bring that into my operational workflow integration model?

It changes operation.

Right? So it changes the whole way you think about operat.

Yes. So, so the AI has so much of a credential as to where it is, which means that in the operations, you know, clinical, technical and nonclinical operations. And everything that you can, you know, really use it for massive prudential, massive opportunity, which means you're training the models with some technology, you're referencing the model somewhere.

And it sort of gives you an idea about constantly you have to pay attention to, cost of what you are actually bringing into the business. And that cost in optimization constantly be front and center of it. What you're doing to train what you're doing to inference how do you put that operational workflows.

So, and the moment you do one or two, then it becomes rin and repeatability of how you can exercise. So we've done that particular exercise and that's really helping us. Now, what is important is that this is the topic, topic of the day for cyber recovery is still not, you know, completely understood, in terms of how they should embrace this change and what they need to be prepared for.

And most of the customers are like really excited about our together story, that's a gap, that's a wide space, you know, come and help us in terms of, what is your solution? How can I really take a benefit out of

saving money, improving operations. Speed. Speed of recovery, getting back on your feet quicker, all of that.

Yeah. So, PV just laid out the advantages of what having a proper cyber resiliency and cyber recovery plan can take. And there's always that, how do I start?

And so one of the things that Rubrik helps our partners in healthcare do is we start off with what we call a save the data.

And so it's an immersion experience of going through an outage due to a cyber event. And it's great when you bring all the critical stakeholders inside the organization, not only from IT and security, but legal and HR and supply chain and the business. When you bring them all into a room and you realize what the impact of this.

And so everybody gets sort of a startling realization, oh no, what would I do in this event? So. We simulate this with them, we pull them through this sort of exercise, a little bit of a painful realization of what could happen. We call it save the data. It's something we offer up to our customers, followed up by a business impact analysis.

So once you put these systems under stress, what would be the cost of not doing something that to then sets them on that journey where they're then coming to us and say, how do I answer these questions? That helps

drive the business plan. Bingo, correct. Gives you the data that you need to make the case for.

Savings and operational improvement and speed. I love it. It's great.

It's exactly the same exercise, you know, from a business case, do nothing scenario, where are you gonna be? If you do what we are recommending, where will you be? What are the type of advantages? Right? So package the business case and go through what you will have to secure alignment and drive the journey.

Right? That's right. Yeah.

Thank you guys for doing this today. Yeah, I really appreciate it. Pleasure, Drex. It a good conversation. If you wanna know more about Minimum Viable Hospital or Ires or all the other things that we were talking about today we're gonna put a link in the comments.

It's to a document that has been created that will give you some more insight and how to make the right contacts to pull this off. Thanks for being here. Really appreciate it. I'm Drex DeFord from this week Health and the 229 project. If you wanna know more about what we are doing it's easy to do.

You can go to this week, health.com/subscribe. You can sign up for all the stuff, including the cybersecurity stuff. And we'll keep you up to date on all the travels that Bill and Sarah and I are doing as we kind of barnstorm the country. Going to city tour dinners and summits, and these guys are with us sometimes and all the other good stuff that we have going on here.

Thanks for being here. Cybersecurity. Stay a little paranoid. We'll see you around campus.

Super excited to be with you, Drex. Thanks. Thank you, Dr. Thank you. Thank you. Yes, thank you. Thank you to awesome,

  📍 📍 Thanks

for listening to this Interview in Action episode. If you found value in this, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that would be great, thanks for listening. That's all for now. 📍