1
00:00:00,719 --> 00:00:04,000
Exciting things are happening at Becker's Healthcare. Stay

2
00:00:04,000 --> 00:00:06,240
ahead of industry trends with the new Becker's

3
00:00:06,240 --> 00:00:08,500
CFO plus Revenue Cycle podcast,

4
00:00:08,800 --> 00:00:11,119
your go to source for insights from top

5
00:00:11,119 --> 00:00:14,224
healthcare finance leaders. Tune in wherever you get

6
00:00:14,224 --> 00:00:14,964
your podcasts.

7
00:00:15,904 --> 00:00:18,464
And don't miss the tenth annual Health IT

8
00:00:18,464 --> 00:00:22,155
plus Digital Health plus RCM conference, happening September

9
00:00:22,155 --> 00:00:24,464
30 to 10/03/2025

10
00:00:24,464 --> 00:00:25,204
in Chicago.

11
00:00:25,664 --> 00:00:27,125
Join thousands of executives,

12
00:00:27,469 --> 00:00:30,429
engage with industry leaders, and explore the future

13
00:00:30,429 --> 00:00:31,649
of health care innovation.

14
00:00:32,270 --> 00:00:36,750
Learn more about our upcoming events at beckershospitalreview.com.

15
00:00:36,750 --> 00:00:37,570
See you there.

16
00:00:38,429 --> 00:00:40,590
This is Laura Dierda with the Becker's Healthcare

17
00:00:40,590 --> 00:00:42,655
podcast. I'm thrilled today to be joined by

18
00:00:42,655 --> 00:00:46,335
Steven Ramirez, chief information security and technology officer

19
00:00:46,335 --> 00:00:48,174
at Renown Health. Steven, it's a pleasure to

20
00:00:48,174 --> 00:00:49,634
have you on the podcast today.

21
00:00:50,015 --> 00:00:52,034
Good morning, Laura. Great to be with you.

22
00:00:53,214 --> 00:00:54,975
Now I'm excited to have you here because

23
00:00:54,975 --> 00:00:57,609
I know you've got a really wide, background

24
00:00:57,609 --> 00:01:00,250
in information technology, security, and a lot of

25
00:01:00,250 --> 00:01:01,690
things that you're doing at renowned are are

26
00:01:01,690 --> 00:01:03,289
really cutting edge in terms of how you're

27
00:01:03,289 --> 00:01:05,310
thinking about AI technology

28
00:01:05,609 --> 00:01:06,650
and keeping things,

29
00:01:07,290 --> 00:01:09,450
secure as well as transforming the health care

30
00:01:09,450 --> 00:01:11,585
and health care delivery system. And

31
00:01:12,204 --> 00:01:13,444
so I'm looking forward to learning more about

32
00:01:13,444 --> 00:01:14,924
what you're doing now and and how you're

33
00:01:14,924 --> 00:01:17,085
thinking about the future. But before we dive

34
00:01:17,085 --> 00:01:18,365
into that, can you tell us a little

35
00:01:18,365 --> 00:01:19,885
bit more about Renown and what makes it

36
00:01:19,885 --> 00:01:23,325
unique? Yeah. Definitely. So, again, good morning. I'm

37
00:01:23,325 --> 00:01:24,924
excited to be with you and, you know,

38
00:01:24,924 --> 00:01:27,590
share the journey that, we're partaking here at

39
00:01:27,590 --> 00:01:28,650
Renown. So,

40
00:01:29,750 --> 00:01:31,750
something really cool and something that we really

41
00:01:31,750 --> 00:01:33,590
kicked off end of last year going into

42
00:01:33,590 --> 00:01:35,510
this year was our CEO made a big

43
00:01:35,510 --> 00:01:38,390
focus on, you know, rebranding our mission, vision,

44
00:01:38,390 --> 00:01:41,405
and value statement. So what's unique about Renown

45
00:01:41,405 --> 00:01:43,484
is that we were actually the first hospital

46
00:01:43,484 --> 00:01:44,145
in Nevada,

47
00:01:44,605 --> 00:01:47,185
which was founded in 1864.

48
00:01:48,045 --> 00:01:50,125
Since then, you know, we've been serving, you

49
00:01:50,125 --> 00:01:51,344
know, the great community,

50
00:01:51,725 --> 00:01:53,590
of Northern Nevada, California,

51
00:01:54,210 --> 00:01:57,090
in that outreaching area. So we serve over

52
00:01:57,090 --> 00:01:59,990
a million people, and cover a hundred square,

53
00:02:00,530 --> 00:02:03,250
mile reach, just from what our services, you

54
00:02:03,250 --> 00:02:05,109
know, reach out to. We're the only regional

55
00:02:05,474 --> 00:02:08,055
level two trauma center. We have an affiliation

56
00:02:08,115 --> 00:02:10,594
with UNR. So really, you know, embracing that

57
00:02:10,594 --> 00:02:12,914
academic medicine and really looking to grow that

58
00:02:12,914 --> 00:02:13,414
partnership,

59
00:02:14,275 --> 00:02:16,775
from the clinical research side to really just,

60
00:02:16,834 --> 00:02:18,754
you know, help us grow our mission to

61
00:02:18,754 --> 00:02:19,655
serve the community.

62
00:02:20,114 --> 00:02:22,520
We've recently rolled out transplant, you know, and

63
00:02:22,520 --> 00:02:23,340
other specialties,

64
00:02:24,040 --> 00:02:25,400
so that people can just really have the

65
00:02:25,400 --> 00:02:27,000
care they need at home. So we're really

66
00:02:27,000 --> 00:02:27,500
excited,

67
00:02:28,760 --> 00:02:30,439
to what you touched on, to really see

68
00:02:30,439 --> 00:02:33,400
how tech can help enable that, across the

69
00:02:33,400 --> 00:02:35,960
organization. So, you know, we've done a lot

70
00:02:35,960 --> 00:02:37,965
of lot of cool things and we're really

71
00:02:37,965 --> 00:02:40,844
kicking off year one of our, strategic plan.

72
00:02:40,844 --> 00:02:43,665
So, you know, working closely with our CIO,

73
00:02:44,444 --> 00:02:46,844
and other executive leaders to really, you know,

74
00:02:46,844 --> 00:02:48,865
execute on that over the coming years.

75
00:02:51,680 --> 00:02:53,620
That's really great to hear. And, you know,

76
00:02:53,919 --> 00:02:56,080
cool to have that opportunity to be right

77
00:02:56,080 --> 00:02:58,419
on the forefront of this type of,

78
00:02:58,879 --> 00:02:59,939
digital transformation.

79
00:03:00,400 --> 00:03:01,840
Now when you look at the last year

80
00:03:01,840 --> 00:03:03,680
or so, can you tell us a little

81
00:03:03,680 --> 00:03:05,439
bit about what you're most proud of? What

82
00:03:05,439 --> 00:03:06,555
project initiative

83
00:03:06,855 --> 00:03:08,215
or or really the things that,

84
00:03:09,014 --> 00:03:11,175
had the most impact on the health system

85
00:03:11,175 --> 00:03:11,675
overall?

86
00:03:12,775 --> 00:03:14,775
Yeah. So I've been at Renown, just a

87
00:03:14,775 --> 00:03:16,935
little over three years now. So when we

88
00:03:16,935 --> 00:03:17,415
came in,

89
00:03:18,215 --> 00:03:20,920
it was really doing a big effort to,

90
00:03:20,920 --> 00:03:23,020
you know, just look at our technical landscape.

91
00:03:23,159 --> 00:03:25,080
I think we were spending a lot of

92
00:03:25,080 --> 00:03:27,080
money in areas that needed to have some

93
00:03:27,080 --> 00:03:29,800
refocus on. So I know under the direction

94
00:03:29,800 --> 00:03:30,939
of our CIO,

95
00:03:31,319 --> 00:03:33,794
and, you know, executive team, Really, we did

96
00:03:33,794 --> 00:03:35,655
a phased approach to stabilization.

97
00:03:36,275 --> 00:03:38,675
So really what was working well, what wasn't,

98
00:03:38,675 --> 00:03:40,435
you know, areas that we needed to focus

99
00:03:40,435 --> 00:03:42,754
on, you know, cybersecurity being a big focus

100
00:03:42,754 --> 00:03:44,534
of that as well as tech debt.

101
00:03:44,995 --> 00:03:46,694
I know a lot of health care organizations

102
00:03:46,835 --> 00:03:48,579
are really looking at how, you know, they

103
00:03:48,579 --> 00:03:50,919
can balance the cost to, you know,

104
00:03:51,539 --> 00:03:52,840
the digital transformation,

105
00:03:53,620 --> 00:03:55,219
in a meaningful way to have what we

106
00:03:55,219 --> 00:03:57,379
need to support, you know, the clinical growth

107
00:03:57,379 --> 00:03:58,739
in a lot of these cool tech, you

108
00:03:58,739 --> 00:04:00,900
know. AI is definitely a big buzzword on,

109
00:04:00,900 --> 00:04:02,485
you know, areas on that that, you know,

110
00:04:02,485 --> 00:04:04,745
we'll share more. So, you know, the stabilization,

111
00:04:05,525 --> 00:04:06,025
modernization,

112
00:04:06,405 --> 00:04:08,965
and then the optimization. So we really tried

113
00:04:08,965 --> 00:04:09,465
to

114
00:04:09,925 --> 00:04:12,724
adhere to those three pillars. So really the

115
00:04:12,724 --> 00:04:14,405
first few years was really looking at, you

116
00:04:14,405 --> 00:04:16,165
know, how can we stabilize things, you know.

117
00:04:16,165 --> 00:04:18,560
Do we have the right people process technology?

118
00:04:19,339 --> 00:04:20,779
And then where do we really need to

119
00:04:20,779 --> 00:04:24,000
strategically focus and modernize our infrastructure,

120
00:04:24,540 --> 00:04:27,439
as well as cybersecurity stack? And then obviously,

121
00:04:27,660 --> 00:04:28,160
optimization.

122
00:04:28,460 --> 00:04:30,194
Like, once we get that, it's, you know,

123
00:04:30,274 --> 00:04:32,615
that ongoing life cycle management. So

124
00:04:32,995 --> 00:04:34,435
as far as what I'm most proud of

125
00:04:34,435 --> 00:04:36,595
is that, you know, through that journey, you

126
00:04:36,595 --> 00:04:38,615
know, I originally started as our chief information

127
00:04:38,675 --> 00:04:41,714
security officer and then that evolved into being

128
00:04:41,714 --> 00:04:44,835
the CISO. So, the chief information security and

129
00:04:44,835 --> 00:04:46,220
technology officer. So,

130
00:04:46,920 --> 00:04:48,839
my CIO tasked me to go through and

131
00:04:48,839 --> 00:04:50,439
really, you know, take a deep dive with

132
00:04:50,439 --> 00:04:52,220
the team to look at everything holistically.

133
00:04:52,759 --> 00:04:54,120
So, you know, really proud of, you know,

134
00:04:54,120 --> 00:04:55,100
where we've come,

135
00:04:55,480 --> 00:04:57,399
over the past three years, you know, as

136
00:04:57,399 --> 00:04:58,060
an organization

137
00:04:58,439 --> 00:04:58,939
culturally.

138
00:04:59,480 --> 00:05:01,944
I mean, really coming up with our IT

139
00:05:01,944 --> 00:05:04,745
tactical and strategic plan to align really where

140
00:05:04,745 --> 00:05:06,664
our CIO wanted us to go as well

141
00:05:06,664 --> 00:05:08,664
as our executive team to, you know, better

142
00:05:08,664 --> 00:05:10,584
support the business. So I think a lot

143
00:05:10,584 --> 00:05:12,524
of the success to that was our governance

144
00:05:12,664 --> 00:05:15,050
strategy. So, again, when you're looking at a

145
00:05:15,050 --> 00:05:17,610
lot of, you know, investment opportunities, you need

146
00:05:17,610 --> 00:05:19,610
to really first hone in on your, you

147
00:05:19,610 --> 00:05:20,430
know, governance.

148
00:05:21,129 --> 00:05:23,289
So we set up a GRC, our governance

149
00:05:23,289 --> 00:05:24,189
risk and compliance

150
00:05:24,649 --> 00:05:27,084
committee, which is co chaired by me and

151
00:05:27,084 --> 00:05:28,925
my compliance officer and then have all of

152
00:05:28,925 --> 00:05:31,564
those key stakeholders across the organization. So we're

153
00:05:31,564 --> 00:05:34,444
able to look at all risk throughout the

154
00:05:34,444 --> 00:05:36,625
organization, which, you know, very, very important,

155
00:05:37,004 --> 00:05:39,324
and, you know, really tied into my CISO

156
00:05:39,324 --> 00:05:40,709
role. But also,

157
00:05:41,089 --> 00:05:43,269
you know, in working with our CIO, they

158
00:05:43,970 --> 00:05:46,370
he set up, you know, with his other

159
00:05:46,370 --> 00:05:49,189
partners on our president's council and SBAR process

160
00:05:49,649 --> 00:05:52,209
to really govern any net new technology and

161
00:05:52,209 --> 00:05:54,230
projects coming into our organization.

162
00:05:54,975 --> 00:05:56,735
So that really, you know, tied into third

163
00:05:56,735 --> 00:05:58,735
party risk management as well. So that, you

164
00:05:58,735 --> 00:06:01,295
know, we had different checks and balances for,

165
00:06:01,295 --> 00:06:03,055
you know, new tech we were gonna look

166
00:06:03,055 --> 00:06:04,895
at that would then, you know, work through

167
00:06:04,895 --> 00:06:06,274
our application rationalization,

168
00:06:07,375 --> 00:06:09,134
you know, going through our intake with our

169
00:06:09,134 --> 00:06:11,660
TMO, PMO office. So really making sure we

170
00:06:11,660 --> 00:06:14,139
had all the the right eyes on any

171
00:06:14,139 --> 00:06:15,279
net new technology,

172
00:06:16,139 --> 00:06:17,199
projects, etcetera,

173
00:06:17,660 --> 00:06:19,819
that to really ensure that success and making

174
00:06:19,819 --> 00:06:21,360
sure that, you know, we're able to,

175
00:06:21,819 --> 00:06:22,319
properly,

176
00:06:23,115 --> 00:06:25,214
you know, roll that out across the organization.

177
00:06:25,435 --> 00:06:27,854
So that governance strategy, you know, is,

178
00:06:28,235 --> 00:06:29,435
super critical to that,

179
00:06:29,995 --> 00:06:30,735
but also

180
00:06:31,514 --> 00:06:33,454
implementing and adhering to various

181
00:06:34,235 --> 00:06:37,194
frameworks. So, you know, really a subset of

182
00:06:37,194 --> 00:06:38,095
overall governance,

183
00:06:39,250 --> 00:06:40,550
that we're a NIST

184
00:06:41,330 --> 00:06:43,730
shop, NIST CSF. We just recently did our

185
00:06:43,730 --> 00:06:44,230
NIST

186
00:06:44,610 --> 00:06:46,230
CSF two point o.

187
00:06:47,009 --> 00:06:49,509
Obviously, do our HIPAA, and we're also,

188
00:06:50,370 --> 00:06:52,290
really starting to take a deeper dive into

189
00:06:52,290 --> 00:06:53,595
the I triple E,

190
00:06:53,995 --> 00:06:56,574
twenty nine thirty three for AI governance.

191
00:06:57,035 --> 00:06:58,714
So, again, that's where,

192
00:06:59,194 --> 00:07:01,274
why governance is so important because there's a

193
00:07:01,274 --> 00:07:02,014
lot of,

194
00:07:02,475 --> 00:07:05,115
my CIO will, you know, famously say shiny

195
00:07:05,115 --> 00:07:07,035
bright objects out there. So really making sure

196
00:07:07,035 --> 00:07:09,500
that, you know, we're we as an organization

197
00:07:09,720 --> 00:07:11,500
make sure that if there is a technology

198
00:07:11,639 --> 00:07:13,180
that makes sense to really supplement

199
00:07:13,560 --> 00:07:15,720
what we're doing, we're able to properly secure

200
00:07:15,720 --> 00:07:18,759
it or roll it out and support it,

201
00:07:19,080 --> 00:07:21,480
and then the business actually gets true value

202
00:07:21,480 --> 00:07:22,454
out of that. So,

203
00:07:22,935 --> 00:07:24,294
I think we've done a good job of,

204
00:07:24,294 --> 00:07:26,055
you know, using that from a governance and

205
00:07:26,055 --> 00:07:27,894
intake process to really make sure that we're

206
00:07:27,894 --> 00:07:30,055
getting the most bang for our buck for

207
00:07:30,055 --> 00:07:31,274
any proposed technology.

208
00:07:33,574 --> 00:07:35,514
That's really helpful to know. And I appreciate

209
00:07:35,574 --> 00:07:38,069
the deep dive into your governance strategy because

210
00:07:38,069 --> 00:07:40,050
I know that's something that health systems

211
00:07:40,430 --> 00:07:42,269
in general are are trying to stand up

212
00:07:42,269 --> 00:07:45,410
and figure out, especially as technology is rapidly

213
00:07:45,470 --> 00:07:47,250
evolving and and truly

214
00:07:47,790 --> 00:07:49,389
wanting to make sure that things are secure,

215
00:07:49,389 --> 00:07:51,329
but also not being left behind

216
00:07:52,245 --> 00:07:54,725
in the AI space and more. So, you

217
00:07:54,725 --> 00:07:56,645
know, this has been a a really helpful,

218
00:07:57,045 --> 00:07:59,205
understanding of what that process looks like for

219
00:07:59,205 --> 00:08:01,524
you. And I'm curious, as you mentioned, you

220
00:08:01,524 --> 00:08:02,904
know, elevating into the

221
00:08:03,205 --> 00:08:05,680
CStow role, I I know the team is

222
00:08:05,680 --> 00:08:07,680
being built up around you. What does that

223
00:08:07,680 --> 00:08:09,759
look like? How are you hoping to continue

224
00:08:09,759 --> 00:08:11,839
to evolve the team that you work with,

225
00:08:11,839 --> 00:08:14,480
your leadership team as well, to make sure

226
00:08:14,480 --> 00:08:17,120
that, you know, it's, prepared and ready to

227
00:08:17,120 --> 00:08:19,379
deliver on the transformation that's occurring?

228
00:08:20,115 --> 00:08:23,394
So yeah. No. That great question. So, again,

229
00:08:23,394 --> 00:08:25,795
my role, again, evolved just, you know, with

230
00:08:25,795 --> 00:08:27,495
the natural synergies between,

231
00:08:28,035 --> 00:08:28,535
cybersecurity

232
00:08:29,074 --> 00:08:31,095
and the technology space. So, again,

233
00:08:31,634 --> 00:08:33,360
we just had so much tech debt and

234
00:08:33,360 --> 00:08:34,580
a lot of just modernization

235
00:08:34,960 --> 00:08:36,480
efforts that we needed to go that it

236
00:08:36,480 --> 00:08:38,019
just made sense to combine,

237
00:08:38,960 --> 00:08:39,779
the technology

238
00:08:40,160 --> 00:08:42,240
group as well as security team. We had

239
00:08:42,240 --> 00:08:43,379
a lot of managed services,

240
00:08:44,160 --> 00:08:46,000
out there. So really looking at, you know,

241
00:08:46,000 --> 00:08:47,600
where we are today and where we wanted

242
00:08:47,600 --> 00:08:48,259
to go,

243
00:08:48,764 --> 00:08:51,184
with a security focus really made that helpful.

244
00:08:51,964 --> 00:08:55,324
And security really helped drive some modernization efforts

245
00:08:55,324 --> 00:08:57,504
on the infrastructure side. So, you know, really

246
00:08:57,804 --> 00:08:58,865
from the identity,

247
00:08:59,404 --> 00:09:00,544
two factor authentication,

248
00:09:01,164 --> 00:09:03,699
you know, driving more single sign on, and

249
00:09:03,699 --> 00:09:05,480
then looking at a lot more of these

250
00:09:05,940 --> 00:09:08,339
zero trust based tools to really enable, like,

251
00:09:08,339 --> 00:09:08,839
a

252
00:09:09,220 --> 00:09:10,199
on the go workforce.

253
00:09:10,579 --> 00:09:11,079
So,

254
00:09:11,860 --> 00:09:14,500
you know, typical VPN and solutions like that

255
00:09:14,500 --> 00:09:16,740
are a little clunky for our end users.

256
00:09:16,740 --> 00:09:19,054
So again, you know, looking at that holistically

257
00:09:19,195 --> 00:09:21,115
and seeing how we can better support our

258
00:09:21,115 --> 00:09:23,695
end users and making a big focus on,

259
00:09:24,394 --> 00:09:26,154
you know, the end user experience. You know,

260
00:09:26,154 --> 00:09:28,315
we're just really scratching the surface on that.

261
00:09:28,315 --> 00:09:30,315
So obviously, that that made a lot of

262
00:09:30,315 --> 00:09:32,235
sense. But again, as we're growing and kicking

263
00:09:32,235 --> 00:09:35,450
off our strategic plan and working with our

264
00:09:35,450 --> 00:09:38,409
CIO, it really made sense to help branch

265
00:09:38,409 --> 00:09:40,970
off my current role. So we're in the

266
00:09:40,970 --> 00:09:43,789
process of bringing on a new VP of,

267
00:09:45,049 --> 00:09:45,549
infrastructure,

268
00:09:46,735 --> 00:09:47,875
data center network,

269
00:09:48,575 --> 00:09:49,875
to really help really,

270
00:09:51,054 --> 00:09:52,654
take us on that journey over the next

271
00:09:52,654 --> 00:09:54,335
few years as part of our strategic plan

272
00:09:54,335 --> 00:09:56,195
because it's a little too much for one

273
00:09:56,495 --> 00:09:58,415
person. So a lot of what we're gonna

274
00:09:58,415 --> 00:10:00,970
focus on in kind of this IT reorg

275
00:10:00,970 --> 00:10:02,990
is gonna be, like, front end technology

276
00:10:03,610 --> 00:10:04,990
versus back end technology,

277
00:10:06,089 --> 00:10:08,169
and then really having those more focus points

278
00:10:08,169 --> 00:10:10,009
so we can better align and support the

279
00:10:10,009 --> 00:10:11,789
business on a lot of our modernization

280
00:10:12,250 --> 00:10:15,445
and and tech debt efforts across the organization.

281
00:10:15,665 --> 00:10:16,165
So,

282
00:10:16,785 --> 00:10:18,384
definitely can use the help on that and,

283
00:10:18,384 --> 00:10:20,545
you know, have an additional partner to really

284
00:10:20,545 --> 00:10:22,144
ensure the success of what we need to

285
00:10:22,144 --> 00:10:25,845
do, you know, sticking to that stabilization, modernization,

286
00:10:26,625 --> 00:10:28,404
and optimization to really help

287
00:10:29,029 --> 00:10:32,250
set ourselves up for the future on technologies

288
00:10:32,389 --> 00:10:33,129
like AI,

289
00:10:33,830 --> 00:10:34,870
etcetera. So

290
00:10:36,470 --> 00:10:38,309
No. It's helpful to know. Thank you so

291
00:10:38,309 --> 00:10:40,149
much, Steven, for digging a little bit deeper

292
00:10:40,149 --> 00:10:42,414
there. Now when you look into the future,

293
00:10:42,414 --> 00:10:43,774
the next twelve months or so, where do

294
00:10:43,774 --> 00:10:45,154
you see the big growth opportunities,

295
00:10:45,934 --> 00:10:48,034
for renowned and your team in general?

296
00:10:49,054 --> 00:10:50,735
So, you know, just starting on the the

297
00:10:50,735 --> 00:10:52,735
cybersecurity side, I think we've done a a

298
00:10:52,735 --> 00:10:54,254
great job, and I touched on that, you

299
00:10:54,254 --> 00:10:57,149
know, a little bit before that, the cybersecurity

300
00:10:57,290 --> 00:10:59,230
side helped drive some modernization

301
00:10:59,610 --> 00:11:00,509
efforts on

302
00:11:00,970 --> 00:11:02,889
the technology side. So, you know, I'm really

303
00:11:02,889 --> 00:11:04,750
proud of the cybersecurity program,

304
00:11:05,850 --> 00:11:07,610
that we built, the team that I have,

305
00:11:07,610 --> 00:11:09,769
and really where we're going. We're just kicking

306
00:11:09,769 --> 00:11:10,365
off our,

307
00:11:10,924 --> 00:11:12,544
three year road map. So,

308
00:11:13,325 --> 00:11:15,725
successfully completed phase one of that and now

309
00:11:15,725 --> 00:11:17,325
really getting into more of the, you know,

310
00:11:17,325 --> 00:11:20,445
fun maturity efforts associated with that. So we

311
00:11:20,445 --> 00:11:22,304
really started with, you know, articulating

312
00:11:22,684 --> 00:11:24,950
risk with the organization, and I think that

313
00:11:24,950 --> 00:11:27,049
helped drive the understanding and importance,

314
00:11:27,750 --> 00:11:29,370
and which in turn drove

315
00:11:29,750 --> 00:11:31,669
the investment. So we got a very big

316
00:11:31,669 --> 00:11:33,590
investment over the next three years. So now

317
00:11:33,590 --> 00:11:34,570
it's about delivering.

318
00:11:35,190 --> 00:11:36,809
And we took a very, you know, simplistic

319
00:11:36,870 --> 00:11:39,264
approach to, you know, we know ransomware is

320
00:11:39,264 --> 00:11:41,105
a problem. We know phishing is a problem.

321
00:11:41,105 --> 00:11:43,504
So what is the core fundamental reason on

322
00:11:43,504 --> 00:11:46,065
why organizations are at risk to that? And

323
00:11:46,065 --> 00:11:48,465
then how do we address that from people

324
00:11:48,465 --> 00:11:51,504
process and technology standpoint? So we put together

325
00:11:51,504 --> 00:11:53,125
a road map and, SBAR,

326
00:11:54,679 --> 00:11:56,440
that we then went up through our various,

327
00:11:56,440 --> 00:11:59,320
you know, governance process. Our CIO took that

328
00:11:59,320 --> 00:12:01,500
up to the board and executive

329
00:12:02,040 --> 00:12:03,799
team to really get the buy off on

330
00:12:03,799 --> 00:12:05,799
that. And, you know, that's really encompassing a

331
00:12:05,799 --> 00:12:06,940
lot of what we're doing.

332
00:12:07,934 --> 00:12:09,855
And, you know, really excited to really be

333
00:12:09,855 --> 00:12:12,735
focusing on identity, you know, really scratching the

334
00:12:12,735 --> 00:12:14,735
surface on that in our first initial plan

335
00:12:14,735 --> 00:12:17,054
that, you know, what makes up identity, getting

336
00:12:17,054 --> 00:12:19,375
those core fundamentals together that really set us

337
00:12:19,375 --> 00:12:21,795
up to then start to do these enhanced

338
00:12:22,509 --> 00:12:23,009
security

339
00:12:23,389 --> 00:12:25,490
practices of, like, zero trust,

340
00:12:26,990 --> 00:12:27,490
and,

341
00:12:28,350 --> 00:12:29,409
enhanced DLP,

342
00:12:29,950 --> 00:12:32,269
and other components to that as well as

343
00:12:32,269 --> 00:12:35,549
deception technology, different automations, and pieces like that.

344
00:12:35,549 --> 00:12:37,089
If you don't have the core framework,

345
00:12:38,245 --> 00:12:40,324
and foundation in place, it's really hard to,

346
00:12:40,324 --> 00:12:42,245
you know, be successful and do some of

347
00:12:42,245 --> 00:12:42,725
those,

348
00:12:43,125 --> 00:12:45,524
level up activities, you know, I'd like to

349
00:12:45,524 --> 00:12:47,524
call it. So really looking forward to doing

350
00:12:47,524 --> 00:12:48,725
a lot of that. And I think that

351
00:12:48,725 --> 00:12:50,485
all goes back to, you know, the ability

352
00:12:50,485 --> 00:12:50,985
to

353
00:12:51,419 --> 00:12:54,080
articulate risk. We have a great security culture

354
00:12:54,220 --> 00:12:56,940
across the organization that our team is very

355
00:12:56,940 --> 00:12:59,019
risk adverse. So I have, you know that

356
00:12:59,019 --> 00:13:01,259
makes my job very easy, and we're able

357
00:13:01,259 --> 00:13:03,100
to execute a lot quicker kind of having

358
00:13:03,100 --> 00:13:04,159
that dual role,

359
00:13:05,084 --> 00:13:07,664
of the c you know, CISO and CTO

360
00:13:07,725 --> 00:13:09,565
role. And I know we're gonna continue to

361
00:13:09,565 --> 00:13:10,945
build off of that momentum

362
00:13:11,565 --> 00:13:13,325
across across the board,

363
00:13:14,284 --> 00:13:16,544
and are really excited to see that. And

364
00:13:16,684 --> 00:13:17,584
also to,

365
00:13:18,365 --> 00:13:20,600
see how we, you know, again, use our

366
00:13:20,600 --> 00:13:23,639
frameworks like IEEE twenty nine thirty three for,

367
00:13:23,639 --> 00:13:25,980
you know, AI, bed device security,

368
00:13:27,159 --> 00:13:28,840
and really just to make sure that we're

369
00:13:28,840 --> 00:13:30,059
being risk agnostic

370
00:13:30,840 --> 00:13:32,200
to a lot of these things, doing the

371
00:13:32,200 --> 00:13:35,159
fundamentals very well. We have the organizational culture.

372
00:13:35,159 --> 00:13:36,285
And then, you know, with a lot of

373
00:13:36,285 --> 00:13:38,684
the geopolitical things going on, the importance of

374
00:13:38,684 --> 00:13:41,565
self governance that Renown and our executives are

375
00:13:42,445 --> 00:13:44,764
you know, we're full steam ahead on, you

376
00:13:44,764 --> 00:13:46,524
know, doing the right thing from a a

377
00:13:46,524 --> 00:13:49,679
cybersecurity and technology standpoint regardless of what's going

378
00:13:49,679 --> 00:13:51,679
on because, you know, our goal is to,

379
00:13:51,679 --> 00:13:54,080
you know, be successful, adhere to our mission,

380
00:13:54,080 --> 00:13:56,240
and really support our end users as we

381
00:13:56,240 --> 00:13:57,299
move forward. So,

382
00:13:57,759 --> 00:14:00,000
cybersecurity is a big focal point to that.

383
00:14:00,000 --> 00:14:02,740
And then, you know, obviously, having the technology,

384
00:14:03,934 --> 00:14:05,534
to really go where we need to to

385
00:14:05,534 --> 00:14:07,375
support a lot of these cool new clinical

386
00:14:07,375 --> 00:14:11,475
innovations across across the, board on that. So,

387
00:14:11,695 --> 00:14:13,235
we're really getting to the

388
00:14:13,695 --> 00:14:15,554
to the point, you know, from a cybersecurity

389
00:14:15,855 --> 00:14:18,335
perspective that, you know, I told my team

390
00:14:18,335 --> 00:14:20,389
that we don't wanna tell people our house

391
00:14:20,389 --> 00:14:22,629
is on fire. That's really have a strategy

392
00:14:22,629 --> 00:14:24,629
to put it out. So I like to

393
00:14:24,629 --> 00:14:27,190
say, like, our smoke detectors are alerting. So

394
00:14:27,190 --> 00:14:29,269
that's what a lot of cybersecurity shops, you

395
00:14:29,269 --> 00:14:30,789
know, will go through and we know something

396
00:14:30,789 --> 00:14:31,690
bad's happening.

397
00:14:32,549 --> 00:14:34,089
But how can we be more

398
00:14:34,605 --> 00:14:37,004
tactical at, you know, automating and getting things

399
00:14:37,004 --> 00:14:39,804
done like fire suppression, for example? Why can't

400
00:14:39,804 --> 00:14:41,485
we have we know something's going on, so

401
00:14:41,485 --> 00:14:43,325
let's put it out as quickly as possible

402
00:14:43,325 --> 00:14:45,904
and isolate it. And then have that incident

403
00:14:45,964 --> 00:14:48,690
response. It's like the firefighters showing up to

404
00:14:48,690 --> 00:14:50,049
that. And then, you know, if there's any

405
00:14:50,049 --> 00:14:52,710
kind of restoration efforts, do we have Servpro?

406
00:14:52,769 --> 00:14:54,290
How quickly can they be there and help

407
00:14:54,290 --> 00:14:56,470
us clean up components of that? So really

408
00:14:56,529 --> 00:14:58,450
hoping tell that story to the business and

409
00:14:58,450 --> 00:15:00,690
making sure again that we're able to not

410
00:15:00,690 --> 00:15:02,850
only know something's going on, but being able

411
00:15:02,850 --> 00:15:05,955
to react quickly. But that also translates into,

412
00:15:05,955 --> 00:15:06,995
you know, what a lot of what we've

413
00:15:06,995 --> 00:15:09,154
been talking about the importance of that close

414
00:15:09,154 --> 00:15:10,534
relationship with the technology

415
00:15:11,315 --> 00:15:11,815
enablement,

416
00:15:12,754 --> 00:15:14,054
to have, you know,

417
00:15:14,434 --> 00:15:15,095
a resilient

418
00:15:15,394 --> 00:15:17,720
infrastructure. So no single points of failure. We

419
00:15:17,720 --> 00:15:20,940
know, you know, inevitably technology fails and or

420
00:15:21,040 --> 00:15:23,480
you know, in the unfortunate event we have

421
00:15:23,480 --> 00:15:24,540
any kind of cybersecurity

422
00:15:25,000 --> 00:15:27,799
event that how quickly can we, you know,

423
00:15:27,799 --> 00:15:29,480
come back. So that's really been a big

424
00:15:29,480 --> 00:15:31,340
focus on, you know, how we architect

425
00:15:31,664 --> 00:15:32,804
and are building out,

426
00:15:33,424 --> 00:15:35,424
and investing in a lot of our core

427
00:15:35,424 --> 00:15:38,464
infrastructure for that modernization effort to really make

428
00:15:38,464 --> 00:15:41,044
sure that, you know, we're we're planning for

429
00:15:41,264 --> 00:15:43,345
any kind of risk that comes, you know,

430
00:15:43,345 --> 00:15:46,200
at us and really embedding that into our,

431
00:15:46,759 --> 00:15:47,899
go forward strategy.

432
00:15:51,639 --> 00:15:52,379
I appreciate,

433
00:15:52,759 --> 00:15:54,840
your insight here. And definitely, you know, it

434
00:15:54,840 --> 00:15:57,480
seems like a lot of opportunity to bring

435
00:15:57,480 --> 00:15:59,414
in new technologies, make sure they're safe. You

436
00:15:59,414 --> 00:16:00,875
have a a great playbook,

437
00:16:01,335 --> 00:16:03,174
in looking at those things and and then

438
00:16:03,174 --> 00:16:05,335
executing on them. You touched on this a

439
00:16:05,335 --> 00:16:06,794
little bit as some of the challenges,

440
00:16:07,575 --> 00:16:10,615
happening in geopolitical landscape as well as, you

441
00:16:10,615 --> 00:16:13,230
know, for for technology evolution. Could you dig

442
00:16:13,230 --> 00:16:14,710
a little bit deeper in there? What are

443
00:16:14,710 --> 00:16:16,789
are the biggest challenges, I guess, as you're

444
00:16:16,789 --> 00:16:19,110
looking ahead? What do you anticipate and and

445
00:16:19,110 --> 00:16:20,009
how are you preparing?

446
00:16:20,789 --> 00:16:22,730
Well, definitely, you know, geopolitical.

447
00:16:23,029 --> 00:16:25,129
So, you know, starting with the cybersecurity

448
00:16:26,070 --> 00:16:28,125
side of the house that, you know, there's

449
00:16:28,125 --> 00:16:30,605
a lot of effort on, you know, ending

450
00:16:30,605 --> 00:16:33,504
the conflict between Russia and Ukraine.

451
00:16:34,044 --> 00:16:37,085
So I actually saw some information yesterday on,

452
00:16:37,085 --> 00:16:39,165
you know, different threat intelligence that some of

453
00:16:39,165 --> 00:16:40,945
the threat actors are now using

454
00:16:41,379 --> 00:16:44,019
countries that are more western friendly like the

455
00:16:44,019 --> 00:16:46,819
Germany's and and others to really start to,

456
00:16:48,419 --> 00:16:50,259
spawn their attacks from there. So, like, our

457
00:16:50,259 --> 00:16:51,159
whole geofencing

458
00:16:51,699 --> 00:16:55,139
and, external blocking strategies have to really be

459
00:16:55,139 --> 00:16:56,279
a little bit more,

460
00:16:56,914 --> 00:16:58,214
strategic on,

461
00:16:58,914 --> 00:17:01,235
you know, people taking advantage of the the

462
00:17:01,235 --> 00:17:02,454
old ways to,

463
00:17:02,754 --> 00:17:04,194
you know, make sure that we're doing right

464
00:17:04,194 --> 00:17:06,355
by the organization and staying up on those,

465
00:17:06,835 --> 00:17:07,335
conflicts.

466
00:17:07,954 --> 00:17:09,174
As well as, you know,

467
00:17:09,500 --> 00:17:11,740
the HIPAA security rule, which is, you know,

468
00:17:11,740 --> 00:17:14,160
out there for, you know, comment, etcetera.

469
00:17:14,460 --> 00:17:16,539
With the new administration, what will that look

470
00:17:16,539 --> 00:17:17,039
like?

471
00:17:17,820 --> 00:17:19,980
As well as, you know, some funding changes

472
00:17:19,980 --> 00:17:21,820
that are are out there on Capitol Hill.

473
00:17:21,820 --> 00:17:23,340
So that's, you know, really why I touched

474
00:17:23,340 --> 00:17:25,485
on, you know, self governance that, you know,

475
00:17:25,485 --> 00:17:27,965
we have these industry frameworks that we're gonna

476
00:17:27,965 --> 00:17:31,005
adhere to regardless of that to really protect

477
00:17:31,005 --> 00:17:31,985
the mission and,

478
00:17:33,325 --> 00:17:35,244
really stick to the fundamentals on what we

479
00:17:35,244 --> 00:17:36,065
need to do,

480
00:17:36,559 --> 00:17:38,319
moving forward. So I think those will be

481
00:17:38,319 --> 00:17:40,319
some of the the biggest challenges as well

482
00:17:40,319 --> 00:17:43,279
as, you know, our continued dependence on third

483
00:17:43,279 --> 00:17:44,179
party partners,

484
00:17:45,519 --> 00:17:46,900
and fourth party partners.

485
00:17:47,279 --> 00:17:49,519
You know, Change Healthcare was the one that,

486
00:17:49,519 --> 00:17:51,554
you know, really burnt in our minds and

487
00:17:51,554 --> 00:17:53,554
memories on, you know, what can happen from

488
00:17:53,554 --> 00:17:55,394
that. So just how we better protect our

489
00:17:55,394 --> 00:17:56,615
organization on,

490
00:17:57,554 --> 00:17:58,694
looking at partnerships

491
00:17:59,234 --> 00:18:01,075
like that and then having backups to a

492
00:18:01,075 --> 00:18:02,515
lot of that. So I think that's gonna

493
00:18:02,515 --> 00:18:04,950
be the biggest challenges as well as just,

494
00:18:04,950 --> 00:18:07,269
you know, cost controls and, you know, making

495
00:18:07,269 --> 00:18:09,769
sure that we stay the course. Because, again,

496
00:18:10,150 --> 00:18:11,990
there's a ton of shiny bright objects and

497
00:18:11,990 --> 00:18:13,430
things that you need, you know, that are

498
00:18:13,430 --> 00:18:15,750
coming out and, you know, people are pitching

499
00:18:15,750 --> 00:18:18,150
that, you know, will fix burnout, will fix,

500
00:18:18,150 --> 00:18:20,755
you know, solve world hunger. But again, there's

501
00:18:20,755 --> 00:18:22,355
a lot of these pieces that you need

502
00:18:22,355 --> 00:18:24,674
to have foundationally in place from, you know,

503
00:18:24,674 --> 00:18:25,335
an infrastructure,

504
00:18:26,035 --> 00:18:27,414
security, and data,

505
00:18:28,115 --> 00:18:30,434
perspective, or you're never gonna be successful in

506
00:18:30,434 --> 00:18:32,055
using some of these more modernized

507
00:18:32,549 --> 00:18:33,049
technologies

508
00:18:33,350 --> 00:18:35,210
and kinda similar to what we did with

509
00:18:35,590 --> 00:18:37,990
security. We have to have those foundational elements

510
00:18:37,990 --> 00:18:38,570
in place,

511
00:18:39,269 --> 00:18:41,509
on the technology side, on the data side

512
00:18:41,509 --> 00:18:43,269
to then, you know, enable some of these

513
00:18:43,269 --> 00:18:44,809
cooler advanced technologies.

514
00:18:45,269 --> 00:18:45,769
So

515
00:18:46,355 --> 00:18:48,295
That's amazing to hear. You know? And certainly,

516
00:18:48,595 --> 00:18:51,555
fascinating to understand everything you have to keep

517
00:18:51,555 --> 00:18:53,555
your finger on the pulse on and learn

518
00:18:53,555 --> 00:18:54,775
about and know about,

519
00:18:55,555 --> 00:18:57,634
in your role as the, you know, chief

520
00:18:57,634 --> 00:19:00,275
information security as well as technology officer at

521
00:19:00,275 --> 00:19:00,775
Renown.

522
00:19:01,539 --> 00:19:02,279
Just fascinating.

523
00:19:02,900 --> 00:19:04,900
I'm curious before we wrap up here, what

524
00:19:04,900 --> 00:19:06,900
is the number one most important thing that

525
00:19:06,900 --> 00:19:08,740
you're doing right now to set up Renown

526
00:19:08,740 --> 00:19:09,960
for long term success?

527
00:19:10,900 --> 00:19:13,140
I think being risk agnostic, you know, which

528
00:19:13,140 --> 00:19:15,079
I spoke to, sticking to the fundamentals,

529
00:19:16,339 --> 00:19:17,855
having that organizational

530
00:19:18,154 --> 00:19:20,315
culture and buy in as well as self

531
00:19:20,315 --> 00:19:23,134
governance. So from an IT perspective, you know,

532
00:19:23,835 --> 00:19:25,755
doing what we say and and saying what

533
00:19:25,755 --> 00:19:27,755
we do, you know, so delivering and being

534
00:19:27,755 --> 00:19:29,130
good partners to the business.

535
00:19:29,769 --> 00:19:32,009
So I think those are really fundamental. And

536
00:19:32,009 --> 00:19:34,009
something that, you know, I'm really excited that

537
00:19:34,009 --> 00:19:35,369
we're kicking off this year is, you know,

538
00:19:35,369 --> 00:19:36,910
we always talk about the cybersecurity

539
00:19:37,289 --> 00:19:37,789
shortage,

540
00:19:38,490 --> 00:19:40,009
that we have, but we have the great

541
00:19:40,009 --> 00:19:40,509
opportunity

542
00:19:40,890 --> 00:19:42,750
with, you know, being partnered with,

543
00:19:43,210 --> 00:19:43,710
UNR,

544
00:19:45,075 --> 00:19:47,494
to kick off an internship for a pipeline

545
00:19:47,634 --> 00:19:48,134
with,

546
00:19:48,835 --> 00:19:49,335
cybersecurity

547
00:19:49,634 --> 00:19:51,335
talent that they have there. So,

548
00:19:51,954 --> 00:19:53,394
this is the first year that we're gonna

549
00:19:53,394 --> 00:19:54,774
start to have an internship

550
00:19:55,154 --> 00:19:58,294
program with, their cyber program over there.

551
00:19:58,710 --> 00:20:00,549
So really gonna see how that can not

552
00:20:00,549 --> 00:20:03,130
only benefit the up and coming talent,

553
00:20:03,829 --> 00:20:05,669
out there, but also benefit, you know, our

554
00:20:05,669 --> 00:20:07,109
team from a lot of what we're trying

555
00:20:07,109 --> 00:20:08,970
to do. So really building

556
00:20:09,349 --> 00:20:11,325
for the future on what we can do,

557
00:20:11,724 --> 00:20:12,544
with cybersecurity

558
00:20:12,845 --> 00:20:14,924
shortages and knowing that, you know, those kinds

559
00:20:14,924 --> 00:20:17,724
of risks aren't gonna go away anywhere. And

560
00:20:17,724 --> 00:20:19,804
again, you know, there's just so much going

561
00:20:19,804 --> 00:20:21,565
on to just really stay in touch with

562
00:20:21,565 --> 00:20:23,884
our business and our strategic plan to really

563
00:20:23,884 --> 00:20:26,069
give us that road map to making sure

564
00:20:26,069 --> 00:20:26,809
we're delivering,

565
00:20:27,509 --> 00:20:29,910
and not getting off track, on where we

566
00:20:29,910 --> 00:20:31,450
need to go as an organization.

567
00:20:33,509 --> 00:20:35,349
That makes a lot of sense. Steven, thank

568
00:20:35,349 --> 00:20:36,630
you so much for joining us on the

569
00:20:36,630 --> 00:20:38,994
podcast today. This has been a fascinating conversation,

570
00:20:38,994 --> 00:20:40,434
and I look forward to connecting with you

571
00:20:40,434 --> 00:20:42,275
again soon as well as seeing you at

572
00:20:42,275 --> 00:20:44,515
our health IT, digital health, and revenue cycle

573
00:20:44,515 --> 00:20:46,434
event in October. I know you'll be speaking,

574
00:20:46,674 --> 00:20:49,234
on cybersecurity, and I can imagine just continuing

575
00:20:49,234 --> 00:20:51,970
to follow this conversation and how the situation

576
00:20:51,970 --> 00:20:53,809
evolves. And so I'm really looking forward to

577
00:20:53,809 --> 00:20:54,470
that, and,

578
00:20:55,009 --> 00:20:56,470
thank you again for your time.

579
00:20:56,769 --> 00:20:57,509
Thank you.