November 29, 2021: Rick McElroy, Principal Cyber Security Strategist for VMware and Bill look at cybersecurity from the year behind us and the year forward. A subcommittee has sounded the alarm on the VA’s EHR modernization citing patient safety concerns, cybersecurity issues and the cost of the program. Bloomberg reports that the pandemic blew up old business habits and opened the path to a boom. Companies are finding new ways to match staff, tech and customer demands and U.S. productivity and profits have hit record highs. Plus the Mayo Clinic’s strategic partnership with Google will “transform healthcare”.
00:00:00 - Intro
00:19:20 - The pandemic drove businesses to remote work. Productivity shot through the roof. And profits shot through the roof.
00:24:30 - The battle for labor is going to continue and cause us to be incredibly creative going into 2022
00:27:30 - There's been so many missteps with Big Tech in healthcare. They don't understand healthcare but they do understand data
Newsday - Labor shortages, Pandemic-driven innovation, and a Reflection on Cybersecurity,:
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.Bill Russell: [:now going to see a much more [:
Bill Russell: It's Newsday. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week in health IT. A channel dedicated to keeping health IT staff current and engaged.velop the next generation of [:eek in Health IT. Starting in:d Insights and the show will [:
Finally, this channel, the one you're listening to right now will become our Conference channel. The same great content you travel across the country to receive. We're going to be bringing to you right on this channel. This show will become Keynote, where we do our long form 50 minute interviews with industry leaders.ugmenting that with Solution [:
Rick McElroy: Yeah, thanks for having me.Bill Russell: This, this [:to the defensive side of the [:
Bill Russell: They really do get in a hundred percent of the, this is the unspoken thing that goes on the, you know, every time we had an internal audit and they said, all right, we're gonna do some kind of penetration testing or we're going to do some sort of attack, simulated attacks come in onto your system.were spending millions every [:
Rick McElroy: I think it's a combination of both, right? So, so I mean, on the innovation and smartness scale, of course you have, you know, cyber warfare, which is occurring, which is really driving innovation in spaces and blind spots.y inside of healthcare to be [:
And so largely buying technology takes a little bit longer implementing technology takes a little bit longer and then of course doing the maintenance phase does as well. All with the right purpose in mind, by the way, which is patient safety and you know, driving those better outcomes. But that's the reality of what folks who are defending, you know, healthcare entities have to deal with.forward from a cybersecurity [:
We had the Scripp's breach, but that wasn't the only one. We had several breaches. I don't know if it was solar winds in this calendar year or was that the previous calendar?prior to actually launching [:his year. As you look back on:
Rick McElroy: Yeah, I think, you know, if I was going to put everything in a nutshell that the attackers were doing, they're attempting to skate upstream of our supply system, right?inside of an environment to [:
Bill Russell: You mean the 25 page document that I had to fill out?s. Right. And look, there is [:t this year from an attacker [:e models that you've seen in [:
Bill Russell: Wow. So we're looking at some challenging times even into next year. This is one of those things that it is vigilance. It is continuing increased sophistication over time.
And we're just gonna have to get sophisticated on the other side as well. Is there any way we could work better together? It seems like the cyber criminals are starting to work together or can we work better together?
Rick McElroy: Yeah, absolutely. I mean, look, I talked to Earl over it you know, Health ISAC all the time.h care survey. You know, the [:
Yeah, so, so lots of movement. I think there, there is some good news. But we're going to have to look on the back end of all of that, about how we're doing this exchange in real time. And and ensuring that you know, patient information isn't being transmitted as part of those workflows and that type of thing. But I think I'm looking forward to what comes out of that cause I think it'll benefit everybody in this sector.the conversations I had with [:nstruction veteran's affairs [:Wasserman Schultz. She cited [:
Let's see, VA Deputy Secretary, Donald Remi took a determined stance ensuring and legislatures that he was taking responsibility for the progress, the success or failure of the program boils down to a partnership he said. Our handling of E H R M to date has failed to live up to the program's promise for our veterans and our providers.ong I've been here. I'm here [:ntation, identity referrals, [:
When concerns arise, Remi said the agency categorizes them, examines them and make sure that they don't reoccur. And then Washington Schultz goes on to say, well, okay, but really how did this happen? Washington Schultz said, what specifically are you doing to prevent this in the future? You know, I'm going to let you go first. Cause I mean, I'm afraid I could go on a rant for 10 minutes, so I'll let you go first.ow, I'm a customer of the VA [:years in the, [:y around how to do this in a [:
And yes, to your point, we still have things that occur inside of healthcare. You know, lots of times records are mishandled. We're making a lot of mistakes in how we're doing that. We're sending data to the wrong entities. But encryption is in use right? Defense in-depth is in use at a minimum. Zero trust you know, it's become to shore.r. That they're asking those [:
Bill Russell: Yeah, I'll tell you EHR implementation is a massive change management effort and you are moving everybody's cheese. It's not, you're not just moving the clinician's cheese in the patient's shoes. You're moving the administrators and HIM and you're, you're moving everybody's cheese, including the check-in you name it, everybody's getting.ng down this process to say, [:a thousand people that want [:
And so you sit down with one doctor and you say, okay, How would you like this to go? And they say, we want it to go this way, this way, this is what's in best interest of the patient. And then you go to another doctor and he essentially says the exact opposite, maybe not the exact opposite, but the opposite.andards across the entire VA [:istened to the physician and [:
Like they know anything about medicine. They should've listened to me cause I went to this school, which is much more prestigious than we know about med. I mean, yeah. I mean, this is, this is what, this is what is sort of at play here. So at the end of the day, the other reason they're behind the legislature slowed them down., you're behind. Well, yeah, [:into what it takes to run a [:breakage, some failure, you [:because these questions did [:
I don't really have a question. That was it. That's just my, the end of my rant.
Rick McElroy: That was a good one.
Bill Russell: Thanks. Thanks. I appreciate it. Let's see, what do we, what do you want to do next? We can do the future of work or we can do the Mayo Clinic Google partnership, which what's direction? I'll let you choose.
Rick McElroy: The future of work.How have you worked over the [:
Rick McElroy: Yeah, I've been remote for seven years, but really in airports for five of those and then at home for two yeah, so largely I Zoom away and, and do those things.
Recently got started getting back together with people in person, which is my preferred method of comms. Yeah. So I think from a family perspective I've really enjoyed the time home. I think from a professional's perspective we all seem a little burned out on Zoom. So I think people are looking, looking forward to getting back togetherstill maintain an office for [:
Rick McElroy: We have hotel officing, like in different cities. And then in Palo Alto, they have hotel offices for us if we need them.y shot through the roof. And [:ngs I have heard from people [:% pay increase. Yeah. [:
You know, it's very difficult to build a culture. I mean, have you seen people build culture remotely well?
Rick McElroy: That's an interesting question. I mean, I've certainly had a lot of conversations around teams that have pivoted and tried to keep that culture. Right. Who felt like they had a strong culture.We happened to be aligned on [:
And then of course the world changes around us. And, and so I think we've put some some stuff in place to try to keep the culture, right? Like, you know, whether it's painting sessions. You know, different sessions that are non-work related, right. And that type of stuff. So, so I think a strong culture can maintain it. Building and instilling that remotely is interesting.I think you, you [:
Bill Russell: They go on to talk about the labor shortage. I assume in the space that you're in you're seeing the labor shortage?globe, you know, folks like [:
So they're importing a lot of their cyber talent. The UK the same way. So, so I think there's a lot of initiatives globally to grow you know our own cyber professionals and get those in. And then certainly I think the US government has recognized that as well. You see grant money coming to underserved communities to try to get them into cyber lots of programs that transitioned veterans who were maybe in some other roles inside of the military and, and bring those folks in.aigns to look everywhere for [:
So to your point, very easy if I'm just switching a four by four square on a laptop to another four by four square at another company with a, with another logo. And so I think all of that stuff has created a little bit of soup of why some of the employees are leaving. And then why retention numbers are down too.just heard of a, a company. [:y do a cycle and I guess the [:orers is pretty interesting. [:up, hang it up for the next [:me a little bit about, about [:n the problem through things [:nd sort of provided, I think [:
And so I think secondarily, I would say in some ways, the transition and the cyber is a lot easier because the language remains the same. If I say to someone in the military red team, they know exactly, but that's the adversary. Word adversary and emulation, and me just say, blue team. They, they know what that means.So, [:
Those types of things, I think people just get practiced in the military. And so that's why you see so many of us, I think.let's head over to our last [:
Rick McElroy: Yes. Yes. Simpler. Yeah.But it's interesting because [:after detailed process, the [:and have constructed an AI. [:then we're going to build a [:
Rick McElroy: It's brutal and look you know, my technologist hat says, this is really cool and I bet you, there's a bunch of things we don't even know. We're going to be able to see from those datasets and bring an AI to bear on it.ight? The ability to look at [:ic platform discover product [:ing to figure things out. It [:
And this is, I'm wondering if, I know that a lot of the cyber security issues for us are manmade. So it's human error ends up being a significant portion of them. You know, phishing attacks, those kinds of things. Misconfigurations and whatnot. But I'm wondering how much of it is, is architectural related.itudinally across the entire [:
Rick McElroy: Oh, absolutely. I mean, look, look, the technology exists to do it. Process exists to do it. Companies for ransomware attacks on a, on a daily basis and don't get hit. Some do. So it's so to your point are there a fundamental architecture? Yeah, absolutely. I mean, and I would comment and I hope no one in the audience takes offense to this.ust the way I speak. I think [:ent, I think, look you know, [:
Like that's a much better model, right? Because even if an attacker subverts the human that has access to the trans mutated data, that's non-production anyway, or somehow got access to the results of that data analysis. Well, they still don't have access to the data themselves because the humans don't, that's a much better way to architect a solution for misuse in mind, which I think is something that we missed during the application design phase.bring somebody in to really [:m looking at you. I'm, I'm a [:
Rick McElroy: That's perfect. Just a little, just a little, and then I smile and make jokes that.
Bill Russell: Yeah, I'll tell you it's not an exaggeration. Every time I was CIO and I had a conversation with somebody, they said, we're bringing in our experts.rom the NSA was just make me [:
What can we do because of the the story. I mean, there's stories that we hear and then there's stories that we don't hear and you're just, you just sort of shake your head like, wow. There are so many ways into, our network and we have to, and I remember the day that that they looked at me and said your thought process is wrong.eady on your network, you'll [:
I need to know if they're moving data. I need to know, you know, they're like, yeah, now you're asking the right questions because this whole idea of we're going to build a castle, keep them out is that's kind of archaic at this point. They're going to find a way in.
Rick McElroy: Yep. Well, I think you've got some good advice.
Bill Russell: Yeah. Well, Hey, thank you. Thank you again for your time. Really appreciate it. And look forward to catching up again next year.What a great [: