1 00:00:00,515 --> 00:00:02,885 - This is Laura Dearer with the Becker's Healthcare Podcast. 2 00:00:03,545 --> 00:00:05,685 I'm thrilled today to be joined by Steven Ramirez, 3 00:00:05,735 --> 00:00:07,045 chief Information Security 4 00:00:07,065 --> 00:00:08,965 and Technology Officer for renowned health. 5 00:00:09,185 --> 00:00:11,445 Steven, it's a pleasure to have you on the podcast today. 6 00:00:12,105 --> 00:00:13,205 - Thanks for having me. 7 00:00:14,285 --> 00:00:15,505 - Now I'm, look, I'm looking forward 8 00:00:15,505 --> 00:00:16,705 to diving into this conversation 9 00:00:16,705 --> 00:00:18,865 because there's so much happening in the cybersecurity 10 00:00:18,865 --> 00:00:21,665 space, and I'm particularly in healthcare this year has been 11 00:00:21,935 --> 00:00:23,705 already a, a lot of action 12 00:00:23,705 --> 00:00:26,145 and movement, so I'm looking forward to your perspective. 13 00:00:26,245 --> 00:00:27,345 But before we dive in, 14 00:00:27,785 --> 00:00:29,425 I was wondering if you could tell us a little bit more 15 00:00:29,425 --> 00:00:30,665 about yourself and your background. 16 00:00:32,155 --> 00:00:34,365 - Yeah, definitely. So Steven Ramirez, 17 00:00:34,425 --> 00:00:35,925 I'm the Chief Information Security 18 00:00:35,945 --> 00:00:38,285 and Technology Officer for Renowned health. 19 00:00:38,745 --> 00:00:42,485 Um, I was originally hired as the CIO, um, 20 00:00:42,585 --> 00:00:44,885 but have been serving in the dual cs o 21 00:00:44,885 --> 00:00:48,425 and chief technology role for almost a year now. 22 00:00:48,645 --> 00:00:51,505 Um, so really excited on, you know, how that enables, 23 00:00:51,845 --> 00:00:55,985 you know, the ability to, um, influence security, um, 24 00:00:56,205 --> 00:00:57,665 you know, on, on both sides of the house 25 00:00:57,665 --> 00:00:58,985 to get a lot more things done. 26 00:00:59,245 --> 00:01:03,065 Um, so Renowned health is Reno, Nevada based, um, 27 00:01:03,295 --> 00:01:06,425 four hospital system, the area trauma center. 28 00:01:07,125 --> 00:01:09,225 Um, and we've just got a lot 29 00:01:09,225 --> 00:01:11,905 of exciting things going on out there, um, as part 30 00:01:11,905 --> 00:01:13,465 of our strategic initiatives. 31 00:01:13,465 --> 00:01:17,345 So I know technology and cybersecurity are on the forefront. 32 00:01:17,525 --> 00:01:20,945 So that's, that's really something that our executive team 33 00:01:20,945 --> 00:01:22,505 and end users take seriously. 34 00:01:22,685 --> 00:01:23,685 So 35 00:01:24,135 --> 00:01:25,135 - That's great to hear. 36 00:01:25,135 --> 00:01:26,835 And, you know, considering, um, 37 00:01:26,835 --> 00:01:28,915 your different responsibilities, what are some 38 00:01:28,915 --> 00:01:30,075 of the biggest issues that you're 39 00:01:30,075 --> 00:01:31,195 following in healthcare right now? 40 00:01:33,005 --> 00:01:35,495 - Well, obviously third party risk has been huge. 41 00:01:35,735 --> 00:01:37,735 I know everyone saw that with change Healthcare. 42 00:01:37,995 --> 00:01:39,735 Um, I think that really shows the importance 43 00:01:39,755 --> 00:01:43,855 of having a diverse background of vendor partners, that 44 00:01:43,885 --> 00:01:47,535 that really shows, um, you know, if you have a single point 45 00:01:47,535 --> 00:01:50,335 of failure vendor on how disruptive that can be 46 00:01:50,335 --> 00:01:51,855 to your organization, but also just how you 47 00:01:52,655 --> 00:01:56,255 holistically look at third party risk as an enterprise. 48 00:01:56,475 --> 00:01:57,975 So just, you know, going through 49 00:01:57,995 --> 00:02:00,855 and just the typical security assessments and, 50 00:02:01,035 --> 00:02:02,855 and looking at everything like that, it's, 51 00:02:02,855 --> 00:02:04,295 it's really important to also bake 52 00:02:04,295 --> 00:02:07,815 that into your overall enterprise risk management program 53 00:02:08,075 --> 00:02:09,855 and business continuity, disaster recovery. 54 00:02:09,875 --> 00:02:13,095 We saw how important that the BC side, 55 00:02:13,115 --> 00:02:14,975 so the business continuity side was 56 00:02:14,975 --> 00:02:16,815 during change healthcare, um, 57 00:02:16,995 --> 00:02:19,055 and there's been a lot more zero days. 58 00:02:19,395 --> 00:02:21,295 Um, we've seen as of late, we know 59 00:02:21,295 --> 00:02:23,295 that Palo Alto was the most recent one. 60 00:02:23,355 --> 00:02:25,895 So that took, um, you know, all industry, 61 00:02:25,895 --> 00:02:27,855 but especially within healthcare clients that had 62 00:02:27,855 --> 00:02:30,135 that technology to, you know, rush in 63 00:02:30,135 --> 00:02:32,895 and make sure that we're doing various patching to that. 64 00:02:32,995 --> 00:02:35,615 Um, 'cause you can be doing all things right 65 00:02:35,755 --> 00:02:37,735 and then it can be, you know, a third party and 66 00:02:37,755 --> 00:02:38,815 or a vulnerability. 67 00:02:38,995 --> 00:02:41,615 So it's really, again, important to get into the, 68 00:02:42,035 --> 00:02:46,485 the fundamentals, um, as we're looking into 2024. 69 00:02:46,625 --> 00:02:47,765 So especially as we're, you know, 70 00:02:47,765 --> 00:02:50,045 a lot more organizations are moving into the cloud, um, 71 00:02:50,185 --> 00:02:53,325 you know, I'm definitely interested to see how things like 72 00:02:53,325 --> 00:02:56,565 that, um, might have some additional emerging risk. 73 00:02:58,305 --> 00:02:59,655 - That definitely makes a lot of sense. 74 00:02:59,715 --> 00:03:01,935 And you know, it is so interesting to think about how 75 00:03:01,935 --> 00:03:04,495 that cybersecurity landscape has evolved 76 00:03:04,595 --> 00:03:07,535 and in particular, as you mentioned, the third party risk. 77 00:03:07,675 --> 00:03:09,615 And you know, from your perspective, 78 00:03:10,005 --> 00:03:12,735 what has been really important when you're thinking about 79 00:03:12,735 --> 00:03:15,255 third party partnerships, I know, you know, there, 80 00:03:15,255 --> 00:03:18,575 there's a rude mentor, um, just trying to kind of make sure 81 00:03:18,575 --> 00:03:20,615 that those partners are responsible 82 00:03:20,615 --> 00:03:22,695 and going to be responsible with, um, 83 00:03:22,795 --> 00:03:24,055 any information provided. 84 00:03:24,235 --> 00:03:27,695 But, um, and, and, and then too their their own operations. 85 00:03:27,795 --> 00:03:31,135 But since especially, um, change healthcare, what are some 86 00:03:31,135 --> 00:03:33,135 of the things that you're are planning 87 00:03:33,135 --> 00:03:34,415 to do differently potentially 88 00:03:34,435 --> 00:03:36,015 as you're approaching third party 89 00:03:36,135 --> 00:03:37,415 relationships in the future? 90 00:03:38,705 --> 00:03:41,615 - We're really looking at how your organization uses 91 00:03:42,045 --> 00:03:44,495 that partner and service. 92 00:03:44,835 --> 00:03:48,695 Um, and that gets more into, you know, data you're sending, 93 00:03:48,995 --> 00:03:50,215 you know, is there other ways we can 94 00:03:50,215 --> 00:03:51,335 look at how we send data? 95 00:03:51,435 --> 00:03:54,735 Can we send reports? Can we send more de-identified data? 96 00:03:54,835 --> 00:03:57,495 Do they need, you know, everything as they did before. 97 00:03:57,715 --> 00:04:00,495 Um, you know, the change healthcare instance that, you know, 98 00:04:00,495 --> 00:04:02,575 definitely was an anomaly on the amount of data 99 00:04:02,795 --> 00:04:06,545 and just kind of the, you know, magnitude of that event. 100 00:04:06,565 --> 00:04:09,945 But really just looking, you know, holistically overall at 101 00:04:09,965 --> 00:04:12,425 how you partner with that vendor, how they connect 102 00:04:12,965 --> 00:04:15,145 to your systems, again, how you send them data, 103 00:04:15,365 --> 00:04:16,385 as I had said to that. 104 00:04:16,525 --> 00:04:19,745 So really understand that if there was an interruption, how 105 00:04:19,745 --> 00:04:22,385 that impacts your business and is there a plan B? 106 00:04:22,725 --> 00:04:26,265 So when we're looking at plan B, is there, um, components 107 00:04:26,295 --> 00:04:27,705 that can be done as a workaround? 108 00:04:27,725 --> 00:04:29,145 You know, is this something we can do on paper? 109 00:04:29,525 --> 00:04:30,945 Um, do you need to have a, you know, 110 00:04:31,185 --> 00:04:34,505 separate vendor like an Equifax, you know, for example 111 00:04:34,775 --> 00:04:37,825 that if something like were like that were to go down 112 00:04:37,885 --> 00:04:39,625 or even have a plan C. 113 00:04:39,965 --> 00:04:42,465 Um, so that's really where we're looking at it just based on 114 00:04:42,465 --> 00:04:45,345 interruption that I think that's really changed the approach 115 00:04:45,345 --> 00:04:48,425 of how a lot of people look at business impact assessments. 116 00:04:48,485 --> 00:04:50,345 You know, we would look at various applications 117 00:04:50,485 --> 00:04:52,065 and then we look at important vendors, 118 00:04:52,205 --> 00:04:54,265 but I don't think that we really took 119 00:04:54,265 --> 00:04:58,025 that deep dive into looking at the overall magnitude 120 00:04:58,025 --> 00:04:59,985 of an impact to the organization. 121 00:05:00,285 --> 00:05:03,585 Um, but of course on the front end, you know, making sure 122 00:05:03,585 --> 00:05:06,865 that we are, um, being very diligent on, you know, 123 00:05:06,865 --> 00:05:10,545 the security posture of these organizations potentially 124 00:05:10,545 --> 00:05:12,625 collecting more information. 125 00:05:12,785 --> 00:05:15,025 I know that, you know, meeting with some other CISO 126 00:05:15,025 --> 00:05:17,065 colleagues, it's, you know, is it time 127 00:05:17,065 --> 00:05:19,705 that we start collecting types of security controls 128 00:05:19,705 --> 00:05:21,065 that some of these partners have? 129 00:05:21,165 --> 00:05:23,145 You know, we'll, we'll go through very high level on 130 00:05:23,345 --> 00:05:25,545 security posture, but if there's a zero day, you know, 131 00:05:25,585 --> 00:05:28,705 a partner has like Palo or there was the MoveIt breach 132 00:05:28,805 --> 00:05:30,385 and stuff like that, you have a little bit 133 00:05:30,385 --> 00:05:32,185 of this inte intelligence upfront. 134 00:05:32,645 --> 00:05:35,985 So I think that the third party vetting process is just now 135 00:05:36,265 --> 00:05:39,505 becoming, you know, starting to evolve, um, just from these, 136 00:05:40,125 --> 00:05:43,065 you know, big, um, high profile events that we've seen. 137 00:05:43,125 --> 00:05:44,625 So it's gonna be something that we'll continue 138 00:05:44,625 --> 00:05:45,785 to have to keep a pulse on. 139 00:05:45,785 --> 00:05:49,025 And I think that can be also something that I'm hoping 140 00:05:49,055 --> 00:05:52,825 that the, the feds start to crack down on, um, a lot. 141 00:05:52,885 --> 00:05:55,585 We know there's that new SEC rule of course, that, you know, 142 00:05:55,585 --> 00:05:57,225 from a reporting mandate standpoint, 143 00:05:57,425 --> 00:06:00,805 but just that's gonna be one of the ways too, to hold some 144 00:06:00,805 --> 00:06:02,645 of these, these vendors accountable. 145 00:06:04,065 --> 00:06:05,075 - That makes a lot of sense. 146 00:06:05,175 --> 00:06:06,795 You know, it's really helpful to kind 147 00:06:06,795 --> 00:06:09,315 of get a peek into those conversations and discussions 148 00:06:09,315 --> 00:06:11,115 and where things are headed now. 149 00:06:11,145 --> 00:06:12,875 When you look ahead, what are you most excited 150 00:06:12,875 --> 00:06:13,955 about and what makes you nervous? 151 00:06:15,785 --> 00:06:17,995 - Well, I'm, I'm really exci in healthcare. 152 00:06:18,195 --> 00:06:21,115 I think we do a very good job of information sharing. 153 00:06:21,455 --> 00:06:25,195 Um, I think that the new performance goals that came out, 154 00:06:25,255 --> 00:06:28,035 um, really helped boil the ocean down from, you know, 155 00:06:28,035 --> 00:06:30,235 like a lot of organizations use NCSF 156 00:06:30,235 --> 00:06:32,515 and other, um, frameworks that, 157 00:06:32,515 --> 00:06:35,475 that really helps make things more palatable 158 00:06:35,535 --> 00:06:39,195 and easy to understand for some of your non-technical 159 00:06:39,195 --> 00:06:41,075 and security partners internally. 160 00:06:41,695 --> 00:06:43,435 So I think that I'm excited about, you know, 161 00:06:43,435 --> 00:06:46,075 just the emphasis that, you know, the healthcare 162 00:06:46,855 --> 00:06:49,955 IT security industries putting on this for, you know, 163 00:06:49,955 --> 00:06:51,115 how we can better collaborate, 164 00:06:51,135 --> 00:06:53,755 how we can better partner together to information share. 165 00:06:53,945 --> 00:06:56,155 That was a great thing that came outta change healthcare 166 00:06:56,225 --> 00:06:59,835 that, you know, really the CIO community coming together to, 167 00:06:59,895 --> 00:07:02,275 you know, see how we can information share, et cetera. 168 00:07:02,655 --> 00:07:03,755 So I'm really excited about 169 00:07:03,755 --> 00:07:06,315 where we have come and where we're going. 170 00:07:06,615 --> 00:07:10,355 But still what makes me nervous is just, you know, 171 00:07:10,355 --> 00:07:13,895 the sophistication of attacks 172 00:07:14,115 --> 00:07:16,775 and then just the sheer number that seemed to be popping up. 173 00:07:16,875 --> 00:07:19,415 So it's like emerging risk still. 174 00:07:20,225 --> 00:07:22,125 That's really what keep me up at night, you know, 175 00:07:22,245 --> 00:07:24,685 'cause again, we can be doing everything correctly. 176 00:07:24,745 --> 00:07:26,725 You know, we've been making an emphasis on a lot 177 00:07:26,725 --> 00:07:29,725 of security hygiene that we should be doing from the 178 00:07:29,965 --> 00:07:32,525 security controls processes, access management. 179 00:07:33,225 --> 00:07:35,885 And then that can all crumble at the wayside just by, 180 00:07:35,945 --> 00:07:37,125 you know, either a vendor 181 00:07:37,505 --> 00:07:40,365 or just social engineering, social engineering's getting, 182 00:07:40,505 --> 00:07:42,565 you know, even more sophisticated. 183 00:07:42,655 --> 00:07:45,885 We're seeing, you know, extremely sophisticated attacks. 184 00:07:45,895 --> 00:07:48,205 We're seeing, you know, the service desk start to be, 185 00:07:48,345 --> 00:07:49,925 you know, more of a target to go 186 00:07:50,125 --> 00:07:51,805 after that varied type of access. 187 00:07:51,945 --> 00:07:54,085 So, you know, a lot of the emphasis 188 00:07:54,085 --> 00:07:56,805 that we had originally put on just access management 189 00:07:57,205 --> 00:07:58,405 continues to expand 190 00:07:58,425 --> 00:08:02,205 and become more, you know, Swiss cheese on, you know, 191 00:08:02,205 --> 00:08:05,205 additional holes on ways guys can get in. 192 00:08:05,265 --> 00:08:07,405 So I think that's something that we need to continue 193 00:08:07,425 --> 00:08:10,365 to get creative and training and awareness 194 00:08:10,825 --> 00:08:14,925 and yeah, just makes me nervous that once we start 195 00:08:14,945 --> 00:08:17,805 to utilize AI into this, 196 00:08:18,085 --> 00:08:21,045 'cause right now, you know, threat actors are doing the bare 197 00:08:21,045 --> 00:08:23,365 minimum basics, getting in through, you know, MFA 198 00:08:23,365 --> 00:08:24,405 or zero days, 199 00:08:24,425 --> 00:08:25,805 but you know, it's, people start 200 00:08:25,805 --> 00:08:27,165 to button down the hatches on that. 201 00:08:27,165 --> 00:08:29,125 We're gonna start to see them leverage, 202 00:08:29,345 --> 00:08:30,485 you know, components of that. 203 00:08:30,555 --> 00:08:33,285 It's gonna make it really hard for some 204 00:08:33,285 --> 00:08:37,245 of our security tools to, you know, tell the difference 205 00:08:37,245 --> 00:08:39,965 between, you know, what's a phishing email, what isn't maybe 206 00:08:39,965 --> 00:08:41,645 what is, is what is 207 00:08:41,645 --> 00:08:43,445 and isn't malicious activity in your system. 208 00:08:43,585 --> 00:08:46,805 So that's where, you know, we're gonna have to also evolve 209 00:08:46,865 --> 00:08:50,085 to how we can have AI on the good side to start 210 00:08:50,085 --> 00:08:51,965 to combat components of that moving forward. 211 00:08:53,445 --> 00:08:54,455 - That makes a lot of sense. 212 00:08:54,555 --> 00:08:57,165 You know, and is really fascinating to think about 213 00:08:57,305 --> 00:08:58,525 how cybersecurity 214 00:08:58,625 --> 00:09:01,125 and some of those different attacks are coming through. 215 00:09:01,265 --> 00:09:04,085 And like you mentioned, um, being able to connect 216 00:09:04,085 --> 00:09:06,805 with the other CISOs and the, um, out there and, 217 00:09:06,825 --> 00:09:08,485 and share information is 218 00:09:08,485 --> 00:09:11,325 so important when you have conversations with them 219 00:09:11,665 --> 00:09:15,605 and really, um, get an understanding of how, um, 220 00:09:15,675 --> 00:09:17,685 different leaders are thinking about things, 221 00:09:17,825 --> 00:09:18,925 you know, working on things. 222 00:09:19,395 --> 00:09:22,365 What are some of the big target areas that you're still, um, 223 00:09:22,425 --> 00:09:23,525 trying to solve for? 224 00:09:25,065 --> 00:09:28,835 - Well, just looking at tools, processes and procedures. 225 00:09:28,835 --> 00:09:32,235 So it's like we have, there's a few group chats that we, 226 00:09:32,815 --> 00:09:34,355 we have together and we'll, you know, 227 00:09:34,375 --> 00:09:36,755 ask about different services, different tools 228 00:09:36,755 --> 00:09:37,835 because again, as you know, 229 00:09:37,835 --> 00:09:40,075 we've talked about stuff like social engineering that, 230 00:09:40,175 --> 00:09:43,635 you know, my organization had to pivot phishing tools just 231 00:09:43,635 --> 00:09:46,195 because we saw the tool we had wasn't working. 232 00:09:46,295 --> 00:09:49,355 So this is where you have a, a platform to ask what other, 233 00:09:49,615 --> 00:09:51,755 you know, CISOs and the industry are doing, 234 00:09:52,135 --> 00:09:53,275 um, and vice versa. 235 00:09:53,295 --> 00:09:55,555 That's , we're looking at this technology 236 00:09:55,655 --> 00:09:59,115 or what do you guys use for um, SSO? 237 00:09:59,135 --> 00:10:00,755 Or what would you use as a SIM? 238 00:10:00,775 --> 00:10:02,395 Or what do you use as a third party risk? 239 00:10:02,455 --> 00:10:05,395 So it's just, you know, a way to bounce something off, um, 240 00:10:05,795 --> 00:10:07,475 a peer, um, and you know, 241 00:10:07,475 --> 00:10:09,515 just really share various information on if 242 00:10:09,675 --> 00:10:10,915 they're experiencing an event. 243 00:10:11,335 --> 00:10:13,035 Um, and you know, having that many eyes 244 00:10:13,035 --> 00:10:15,435 and ears out there too, if something does go bad. 245 00:10:15,555 --> 00:10:16,875 I think that group chat was 246 00:10:16,875 --> 00:10:19,035 where I found out about change healthcare 247 00:10:19,135 --> 00:10:21,195 before, you know, it was broken, the papers. 248 00:10:21,495 --> 00:10:23,995 So, you know, again, having those kind of relationships 249 00:10:24,015 --> 00:10:25,275 and people that are out there living 250 00:10:25,275 --> 00:10:27,995 and breathing with these various vendors will help get you 251 00:10:27,995 --> 00:10:29,315 some of that real time threat 252 00:10:29,315 --> 00:10:30,715 intelligence, you know, upfront. 253 00:10:30,935 --> 00:10:33,275 So, um, makes, that, makes 254 00:10:33,275 --> 00:10:35,355 that collaboration really impactful. 255 00:10:35,575 --> 00:10:40,035 And 4 0 5 DH isac, um, you name it, there's a lot 256 00:10:40,035 --> 00:10:42,755 of various organizations out there that really help, um, 257 00:10:42,895 --> 00:10:44,115 you know, healthcare come together, 258 00:10:44,265 --> 00:10:46,235 information share, um, in it. 259 00:10:46,375 --> 00:10:49,795 And I think that's really helping us move the needle, um, 260 00:10:49,795 --> 00:10:50,875 to where we need to go. 261 00:10:51,055 --> 00:10:53,875 Um, still a lot of work a lot of us need to do. 262 00:10:54,155 --> 00:10:55,315 'cause again, you know, healthcare is 263 00:10:55,315 --> 00:10:58,155 so dynamic in our overall ecosystem, but, 264 00:10:59,985 --> 00:11:00,985 - Got it. 265 00:11:00,985 --> 00:11:01,965 You know, that, that's really helpful and, 266 00:11:01,965 --> 00:11:03,685 and great to hear you have that as a resource. 267 00:11:03,945 --> 00:11:06,605 Now, uh, before we wrap up here, I'm wondering 268 00:11:06,635 --> 00:11:08,925 what will most effective healthcare leaders need in order 269 00:11:08,925 --> 00:11:10,885 to be successful over the next two to three years? 270 00:11:11,015 --> 00:11:14,245 Especially given how sophisticated, as you mentioned some 271 00:11:14,245 --> 00:11:15,445 of these cyber attacks are, 272 00:11:15,465 --> 00:11:18,165 and, um, then to looking at how AI 273 00:11:18,305 --> 00:11:20,125 and other technologies can make a difference. 274 00:11:21,735 --> 00:11:23,805 - Definitely knowing what's going on in the 275 00:11:23,805 --> 00:11:25,685 environment, super critical. 276 00:11:25,795 --> 00:11:26,965 What are today's risk 277 00:11:27,025 --> 00:11:30,765 and how can those morph into, you know, emerging risks? 278 00:11:31,575 --> 00:11:35,885 Um, being nimble, you know, it's, I have three year plans, 279 00:11:36,035 --> 00:11:37,365 five year plans, all of that. 280 00:11:37,835 --> 00:11:40,245 What we put together today might change tomorrow. 281 00:11:40,785 --> 00:11:43,845 So being able to, you know, make sure that you're keeping 282 00:11:43,915 --> 00:11:45,565 that pulse on what's going on, 283 00:11:45,565 --> 00:11:47,965 what's changing within your organization, um, 284 00:11:47,985 --> 00:11:50,965 so you can be adaptive in how you approach security. 285 00:11:51,425 --> 00:11:53,725 Um, because again, what you do today 286 00:11:54,115 --> 00:11:55,405 will likely change tomorrow. 287 00:11:55,435 --> 00:11:57,565 Just some these various sophistications or, 288 00:11:57,905 --> 00:11:59,165 or attacks that we're seeing. 289 00:11:59,545 --> 00:12:02,045 Um, but also being able to, you know, stretch, 290 00:12:02,825 --> 00:12:05,835 stretch a dollar and be, you know, fiscally sound 291 00:12:05,835 --> 00:12:08,555 because, you know, throwing money at an issue 292 00:12:08,565 --> 00:12:09,635 isn't always gonna fix it. 293 00:12:09,775 --> 00:12:11,035 As you can see, again, that a lot 294 00:12:11,035 --> 00:12:13,075 of organizations could be doing the right thing. 295 00:12:13,095 --> 00:12:15,315 And then it's pivoting to the importance 296 00:12:15,315 --> 00:12:16,915 of business continuity, you know, with 297 00:12:16,915 --> 00:12:18,195 what we saw with change healthcare. 298 00:12:18,415 --> 00:12:21,915 So again, it's all three of those kind of interconnect on 299 00:12:21,915 --> 00:12:25,475 that, that it's, you know, you need to just be smart 300 00:12:25,535 --> 00:12:27,595 and tactical with how we're looking at things. 301 00:12:27,735 --> 00:12:31,115 And really, I've always made a a focus on, you know, 302 00:12:31,435 --> 00:12:32,515 sticking to the fundamentals 303 00:12:32,515 --> 00:12:35,595 and doing the fundamentals very well, that if you do MFA, 304 00:12:35,695 --> 00:12:38,315 you know, you start to get an enhanced privilege access, 305 00:12:38,375 --> 00:12:40,275 you know, you do phishing training 306 00:12:40,295 --> 00:12:43,275 and awareness, you know, have some technologies behind that 307 00:12:43,375 --> 00:12:44,475 and, you know, go through a lot of 308 00:12:44,475 --> 00:12:45,875 what we see in the performance goals. 309 00:12:46,575 --> 00:12:49,355 Um, patching vulnerability management, you know, the, 310 00:12:49,535 --> 00:12:51,955 the importance of that stuff will really make sure that, 311 00:12:51,955 --> 00:12:54,835 you know, we are successful doing that very well will, 312 00:12:55,095 --> 00:12:59,235 you know, make you at the top, you know, one to 5% on that. 313 00:12:59,235 --> 00:13:01,835 Because again, threat actors want that easy, you know, 314 00:13:02,115 --> 00:13:04,635 lucrative target, um, that they don't want to have 315 00:13:04,635 --> 00:13:07,635 to put a lot of work into getting into your organization. 316 00:13:07,635 --> 00:13:09,155 So the more hurdles that are there, 317 00:13:09,585 --> 00:13:11,155 they'll hopefully just move on. 318 00:13:11,375 --> 00:13:14,675 So having that mindset I think will really take 319 00:13:14,675 --> 00:13:16,835 organizations, you know, be successful, 320 00:13:16,835 --> 00:13:18,275 but also understanding technology. 321 00:13:18,275 --> 00:13:21,155 There's so much new tech, um, coming in 322 00:13:21,155 --> 00:13:24,155 that's super exciting, but also scary, especially with ai. 323 00:13:24,255 --> 00:13:26,475 So making sure that, you know, again, 324 00:13:26,475 --> 00:13:28,115 that we're doing our due diligence on 325 00:13:28,115 --> 00:13:30,155 how our organization strategically wants 326 00:13:30,155 --> 00:13:32,995 to use these technologies so that we can come up 327 00:13:32,995 --> 00:13:35,075 with a defensive strategy on 328 00:13:35,075 --> 00:13:36,755 how we're gonna protect the organization 329 00:13:36,815 --> 00:13:39,075 and our patient's data as well 330 00:13:39,075 --> 00:13:40,515 as our operational continuity. 331 00:13:41,935 --> 00:13:42,995 - Steven, thank you so much 332 00:13:42,995 --> 00:13:44,555 for joining us on the podcast today. 333 00:13:44,585 --> 00:13:47,595 This has been a fantastic conversation, very informative, 334 00:13:47,595 --> 00:13:49,515 and I look forward to connecting with you again soon. 335 00:13:50,785 --> 00:13:52,295 - Appreciate it. Thanks for having me.