April 16, 2020: The current climate requires flexible, agile systems to respond to ever-changing needs. While this is hugely positive in multiple ways, some security concerns come with this. In today’s field report, Drex DeFord talks with Karl West, CISO of Intermountain Healthcare. In this episode, Karl sheds some light on some of the issues that they have been seeing in light of the pandemic. From an increase in phishing to having caregivers move to the cloud, these threats stand in the way of giving predictive care promptly. We also discuss how cybersecurity is not a barrier at Intermountain, but rather acts as an enabler and adds to a better product overall. Along with this, Karl touches on their work with their partners, how this time of crisis has shown him the power of intentional communication, and his hope for the systems moving forward. Be sure to tune in today!
Key Points From This Episode:
Field Report with Karl West, CISO of Intermountain Healthcare
Episode 227: Transcript – April 16, 2020
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[0:00:04.5] DD: Welcome to This Week in Health IT news where we look at the news which will impact health IT. This is another field report where we talk to leaders in health systems on the front lines. My name is Bill Russell, healthcare CIO coach and creator of This Week in Health IT a set of podcasts, videos and collaboration events dedicated to developing the next generation of health leaders.
As you know, we’ve been producing a lot of shows over the last three weeks and Sirius Healthcare has stepped up to sponsor and support This Week in Health IT and I want to thank them for giving us the opportunity to capture and share the experience, stories and wisdom of the industry during this crisis.
Today, Drex DeFord conducts the field report for This Week in Health IT. Special thanks to Drex for helping us cover more ground during this time. If your system would like to participate in the field report, it’s really easy, just shoot me an email at [email protected] Now, on to today’s report.
[0:00:57.8] DD: Hello, everyone and thanks for joining This Week in Health IT. I’m Drex DeFord, CI Security’s Chief Healthcare Strategist and President of Drexio Innovation Network. Today, we welcome Karl West, CIO of Intermountain Healthcare to This Week in Health IT.
Thanks for being with us today, Karl. I know that you’re super crazy busy, let’s start off with just give us a little bit of overview of Intermountain, the organization, your team, anything else that you would just sort of want to tell us generally about the work you’re doing.
[0:01:31.7] KW: Thanks, Drex. Happy to chat with you today. Intermountain is an integrative delivery system in a multi-state area centered around Utah. We have the 24 hospitals. We have hundreds of clinics. We have a home care hospice and insurance. So, we are an integrated delivery system. And that’s a little bit about intermountain.
[0:01:58.6] DD: Yeah, thank you. Given everything that’s going on right now, obviously the pandemic is sort of top of everyone’s mind right now. What are you saying from the perspective of threat activity during the pandemic?
[0:02:17.6] KW: Well, I think a few things. Significant increases in phishing attacks, social engineering that are focused just on phishing and malware. And as well, focused on COVID and government stimulus topics and things like that. We’re also seeing zero-day attacks and known vulnerabilities. And then just in general, we’re seeing a number of issues associated with the fact that healthcare has been built inside of the perimeter and while most of us have moved to the cloud with our data, moving our caregivers outside the perimeter’s a new experience.
And so, we’re seeing issues associated with that motion of our equipment and protection and what kinds of capacities and issues, those are threats to us because it threatens availability and reliability, the ability to give predictive care in timely fashion when needed. And so, those are things that are pretty significant.
We’re also seeing a lot of uptick in network scans, people looking, scanning, probing, what’s going on inside of our environment.
[0:03:41.8] DD: You know, one of the things that I realized right when we first started, I asked you if you were going to be able to go on video with me and you said no. Do you want to talk more about that?
[0:03:55.1] KW: You know what? Normally, under normal circumstance, I would. But there is such an amount of threat and risk to go around the different technologies that are out there that were being very careful to use things that we’ve been able to get security controls around and to make sure that’s safe for managing healthcare and healthcare information.
So, there’s some tools, there’s a lot that are out there we’re using quite a few. In fact, we’ve got six or eight products that we’re offering inside Intermountain. But we just haven’t been able to keep up with everything and so blocking preventing lots of things that we don’t have PHI protections in place in certain environments.
[0:04:47.4] DD: Got it, that totally makes sense. Given you know, the amount of activity that’s happening right now, you talked about the incredible sort of ramp up for both telehealth and I’m sure you’re like everyone else, you sent a bunch of people home to work from home. Have you been able to sort of figure out the balance there between supporting the mission and maintaining security?
I know that you have a great relationship with your CIO. I know you have an awesome relationship with your compliance folks. I’ve been to Intermountain and met with you and some of the team there. But it’s always interesting to sort of think through or hear from somebody who does this, I think pretty well, how you wind up managing to sort of balance this world that you live in?
[0:05:35.5] KW: I think right now, and at all times, the cyber security has to be a partner with the business. And I share with my team and all the leaders that we are about being an enabler and not a barrier. And in many instances, there are things that we have to score and assess risk. But the best way I think to facilitate all that’s going on and staying integrated in the process is not not only deliver care but to deliver in the midst of the pandemic. It just means us being involved upfront with key leaders, understanding what they need to do and then helping them in the process to find how to solve the problem with them as supposed to becoming a barrier to them.
[0:06:29.2] DD: Is a lot of the time – does it turn out to be offering options, not necessarily the thing that they’ve come to the table with but something maybe as good or better or at least nearly as good?
[0:06:43.9] KW: I think I always encourage my team, Drex to say, “Let’s take a look at what they have found. Let’s not try to bait and switch and tell them, ‘Why don’t you try blue instead of red that you like?’” Oftentimes, there are reasons that the caregivers have selected the particular product. But at the same time, I think it’s incumbent upon us, as supporting member of the caregiving environment to come back and say, “Did you know, that we have two of us, three of this very same product that someone is looking at another product for which we’ve already paid a million dollars?”
I want my team to be able to point out and say, “Did you know we had this product and we also have a contract and protect the information. Is it something that could work?” And if not, then we try to understand that we don’t make it our role to go out and to try to select the products. We try to support what gets selected and then try to advocate for the lowest appropriate cost for our members and our patients.
And that lowest appropriate cost mean, we have to take some initiative to point out if there’s duplicative solutions and can we not leverage? And we find that resonates in our environment that part of our mission is about delivering best care at the lowest appropriate cost. So, if we can point out here is an alternative because it truly is an alternative, we find our caregivers willing to participate and have a conversation with us about other technology that may solve the problem.
[0:08:26.1] DD: It’s amazing the amount of this drill that turns out to be listening right? Listening to the request or listening to the patients. Listening to the rest of the department about things that are available. It is not – I think you put it nicely not wanting to be a roadblock. But that requires a lot of paying attention and being empathetic and listening.
[0:08:54.5] KW: Yeah, no question. Understanding the business, I think is at the heart of what all of IT and cyber is about. Understanding the business. Understanding the problem. And I think we have to you know, we have to strive to understand before we try to be understood and that becomes a difficult thing because we all have the answer and seldom do we want to hear what someone else is needing.
[0:09:23.7] DD: Yeah and our own perspective depending on our own previous experiences. I want to ask you one last thing and then I’ll go ahead and come maybe just a little bit of a closing question. But in the last three weeks everybody’s hair is on fire. We have done a bunch of new, cool interesting stuff. Any best practices that you would like to share with viewers, listeners on the work that you’ve done that you think everybody should be doing this?
[0:09:57.4] KW: There are lots of new things that are coming out. I think the thing that we’re excited about, not so much about a particular thing but about processes and agile processes and tools that are helping.
And I wouldn’t want to be an advertisement, but there are some great tools with for example in Microsoft and an Apple have enabled the world that we’re in. And so, the thing that we have learned quite a bit and felt was important to us was finding new ways to communicate in environments where we are all sitting in our homes with stay at home restrictions and our partners are in the same kind of an environment.
And so, as we found ways to use things like teams and found how we can make that more a part of everything we do in terms of sharing and exchanging documents. And that is not a new process for us. We’ve had those tools into place. But being remote, we’ve been able to leverage it in a very new way and that’s probably been one of the most powerful experiences for us in this environment. And caused us all to think would it be a little better when we go back into an environment where we are sitting in the same office because of some things that we have learned about how better to share to communicate to exchange with some different tools and processes.
So that is something I’d encourage people. Take a look right now while we are having these opportunities to be sequestered and look at the technologies that are out there that make this and facilitate this type of learning environment.
Our COVID command center huddle runs every day. And 30 to 40 of the top leaders in the company got together. Were shifted after the first few weeks into teams and so we have two or three meetings a day, we are using Teams. We are using all of the features and tools and processes that are there to make it a much richer experience in my own teams in their huddles, in their daily meetings. They are starting to leverage different types of technology to be able to share and exchange information quicker and faster in an environment where we are not able to do drive by’s, walk up to a cubicle, go into an office. These are things that have really made a difference for us, Drex.
[0:12:32.8] DD: Yeah, I mean I love it you know and somebody said you know never waste a good crisis. And it sounds like you guys are taking every possible advantage to not only do the right thing in the heat of the moment but to prepare yourselves to land well once this all settles down. You’ll have learned a lot of lessons you can repurpose for the rest of the care delivery process.
[0:13:00.1] KW: Yep. I think, Drex one other thing I’d add is and the curse to me and to my team because of our roles bad actors who are also sequestered at home are finding more time to work on their ware and their tools. And so I think my advice is we need to be more vigilant. Right now, I know there is some relaxations that have come down in terms of privacy and security. But I think we have to be, even in that relaxed environment, we have to be more vigilant than ever.
We got to be very careful about the threats that are and those actors who are having more time to prey upon us.
[0:13:49.7] DD: Hey, we’re out of time and I know that you are super crazy busy. I really appreciate you being on with us Karl West from Intermountain and any final words before we break?
[0:14:01.9] KW: No, I encourage and hope that all will be safe at home. Take care of your families, those important things and we’ll be back to normal just very soon. We are just so optimistic here as we watch the trends and see what is happening. We think it will be a quicker return than many have forecast. So, stay safe and healthy.
[0:14:26.5] DD: Thank you Karl. We’ll talk to you soon.
[0:14:31.6] KW: Thanks, Drex.
[END OF INTERVIEW]
[0:14:32.6] BR: That is all for this show. Special thanks to our sponsors, VMware, StarBridge Advisors, Galen Healthcare, Health Lyrics and Pro Talent Advisors for choosing to invest in developing the next generation of health leaders.
If you want to support the fastest growing podcast in the health IT space, the best way to do that is to share with a peer. Send an email, DM whatever you do. You could also follow us on social media, subscribe to our YouTube channel. There is a lot of different ways you can support us but sharing it with a peer is the best.
Please check back often as we would be dropping many more shows until we flatten the curve across the country. Thanks for listening. That is all for now.