Recent industry-shaking events have made it clear that serious points of risk lurk throughout healthcare. They’ve also revealed that operational risk and IT security risk are deeply intertwined, making it incumbent for CISOs and CIOs to work with others in their health systems – from the chief risk officers, to clinical leaders, to emergency management – to help develop a joint picture of third-party risk that analyzes the implications of losing services not only from a cyber outage, but for any reason. In this timely webinar,  we’ll speak to leaders who are committed to going back and reviewing key third-party service providers through the lens of recent learnings so appropriate levels of total risk can be assigned, and plan Bs can be developed.
Speakers:

* Chris Akeroyd, SVP/CIO, Children’s Health
* Vince Fitzpatrick, Director of Information Security, Christiana Care Health System
* Chris Bowen, CISO/Founder, ClearDATA



Reexamining Third-Party Risk Management Around Critical Service Providers

healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

Technology

Tech News

Podcasting

Gadgets

Software How-To

Business News

Business

News










Unless they work for technology companies, CIOs aren’t technology executives, according to Maria Sexton, CIO at the University Medical Center of Southern Nevada. Rather, they are business executives with technology expertise. It’s a nuanced definition, she admits, but one whose understanding makes all the difference. And with that understanding comes a change in approach from passive (taking requests) to active, where a deep knowledge of the business empowers CIOs to offer not only technology solutions to business problems, but business solutions to business problems. In this interview with healthsystemCIO Editor-in-Chief Anthony Guerra, Sexton discusses this dynamic, her journey from the help desk to information security officer to CIO, and the keys to building out a well-rounded team.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

BOLD STATEMENTS
I’m very intentional, again, about making sure I’m still talking to our line-level employees and making sure technology is working for them. What I say here all the time at UMC is that on the other side of every phone call, every ticket, every issue, is a patient.
… in order to be successful in the role and to be successful to the organization that you’re leading, you have to be able to recognize: I’m good at these things, but I’m going to need some people in here that are really good at those other things. Then, together, we’re all successful.
… it’s not IT and the business; it’s only the business.
Anthony: Welcome to healthsystemCIO’s interview with Maria Sexton, CIO at the University Medical Center of Southern Nevada. I’m Anthony Guerra, Founder and Editor-in-Chief. Maria, thanks for joining me.
Maria: Thank you, Anthony. It’s great to be here.
Anthony: All right. Excited for a fun chat. Can you start off by telling me a little bit about your organization and your role.
Maria: Certainly. As you mentioned I’m the Chief Information Officer at University Medical Center of Southern Nevada or, as we lovingly and locally call it, UMC. UMC is a large healthcare system here in Southern Nevada. We are a 541-bed acute care hospital. We have clinics throughout the valley, primary care, urgent care, specialty clinics. We are the state’s only level 1 trauma, the state’s only level 2 peds trauma. We have a center for transplantation, burn care center, and we’re the oldest hospital healthcare system in the valley. We’ve been around for more than 90 years.
Anthony: Very good. You’ve got an interesting past, and we’ll touch on that, and I’ll tell you why. Now, this is going to be a security-focused interview. You have a lot of security experience where you were the information security officer and things like that. Very strong security background, but now the CIO, and I don’t know if you have a CISO so that’s something we can talk about. But just a little bit about your background.
I am seeing a lot more of this trend from an infrastructure-to-security-to-CIO role pipeline because of the importance of security, I think. It’s pretty clear. But just tell me a little bit about your journey and we’ll go from there.
Maria: Sure. Gosh, it seems like a thousand years ago but it was just about 30 years ago that I started in IT, as a lot of people do, on the help desk. I started in my career in 1996. Interestingly enough, the same time the internet came into being. It was a great time to be in technology at that time. I started in IT, again, in help desk. I started doing desktop support and things like that...

Q&A with UMCSN CIO Maria Sexton: “IT & the Business are One”

There are a lot of things that seem to come full circle. Change management, according to Donna Roach, is one of them. She believes the most effective way to successfully drive change is through a feedback and improvement loop, rather than a one-time interaction. Think of it as “morphing change management and agile,” said Roach, who has learned quite a bit about the topic during the past three decades. Both in her role as CIO at University of Utah Health and CHIME Boot Camp faculty member, she has preached the importance of guiding teams thoughtfully through change, building and cultivating partnerships – particularly with clinical leaders, and listening “with a critical ear.”
Recently, she spoke with Kate Gamble, Managing Editor and Director of Social Media, about her team’s digital transformation strategy, the innovative work they’re doing with AI sandboxes, the deliberate approach they utilize with any implementation, and what it was like to take on a new role during the pandemic.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements
We have a governance process that allows groups to submit case studies or user stories or situations that they would like to have AI assist them in. We have set up some sandboxes so that we can start to test the usability of the tool with AI in the background.
In our digital architecture, we have a platform approach that we apply; we stick with that rather than one-offs, because you can get into trouble with too many bright, shiny objects.
We learned this through Covid, we can do things faster. And you definitely have to fail fast. But if we weren’t doing it in conjunction with our nursing leaders, our physician leaders, and our clinical leaders, it fell flat on its face.
Sometimes you have to listen with a critical ear to say, ‘okay, tell me more. You’re telling me you don’t like it — what don’t you like about it? What are the pain points? Are there pain points that are more pronounced than others?’
Fall in love with the problem, not the solution. We have to focus on the problem and not move so fast to the solution. A lot of times people will come to me with a solution, and I’ll ask, what are you trying to solve for? Tell me more about that.
 
Q&A; with Donna Roach, CIO, University of Utah Health
Gamble:  Hi Donna, it’s good to see you.
Roach:  You too. How are things?
 
Gamble:  Things are good. I see you’ve been busy. You’ve gone to quite a few conferences this spring.
Roach:  I have. Actually, I just got back from Becker’s, which was good. I did two panels there and talked to a number of people — my typical CIO cohorts and what they’re up to. AI is still big — it’s the main topic, but there is so much going on. For me, the topper was meeting Martha Stewart.
 
Gamble:  I’d love to meet her. I’d love to interview her, actually.
Roach:  You know what?  You would be a really good interviewer for her. She has been so good at creating her brand, managing it, and evolving it. She’s very astute. She has different groups of people who follow her, and she has this wide expanse from Snoop Dogg to her wine and now Sketchers. And she’s 82. I want to be as astute as she is at that age.
And she hates the word ‘reinvent’; I can see that it’s a little demeaning because it’s been much more evolution than reinvention. She’s an interesting case.
 
Gamble:  I agree. There have been so many iterations of her career. It’s a great opportunity to learn from someone like her.
Roach:  She is fascinating. Even my 26-year-old daughter follows her,

Q&A with University of Utah Health CIO Donna Roach: “Change management is core to everything we do.”

Whereas AI has some excessive enthusiasm around it (especially in the clinical realm), automation is a no-brainer. Well, not exactly. That’s because — though automation may work magic when done on the right workflow, at the right time, and in the right way — getting all three right (without understanding some nuances) is a long shot. In this practical and timely webinar, we’ll speak to leaders about those nuances to give others the best chance of success. With staffing shortages (due to burnout and other issues) on the rise and patient satisfaction all-important, this is one webinar you can’t afford to miss.
Speakers:

* Ash Goel, MD, SVP/CIO, Bronson Healthcare
* Karen “K” Marhefka, Deputy CIO, RWJBarnabas Health
* Ross Stoddard, Chief Strategy Officer, Simetria Health



Reducing Costs & Improving Service by Implementing Use-Case Specific Automation










On most days in cyber, it can seem like there are a million things to do. For Jim Kuiphof and his team, that was probably the case in 2022 when Spectrum Health and Beaumont Health merged to become 22-hospital strong Corewell Health. Of course, there was much foundational work to be done, but Kuiphof notes that sometimes there are even more important fires to put out before one can turn to big picture projects like org charts. It’s an important concept in cyber – a risk-based approach to deciding what must come next; where the team and its resources should be focused – and getting it right is absolutely key to success. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Kuiphof discusses the keys to prioritization in cyber, the Jim Collins-concept of getting the right people on the bus and into the right seats, and the salient attributes he’s looking for in team members.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements
I’ve used the analogy that you have rowers, you have sitters, and you have hole drillers in your boat.
I don’t need you to create the vision, I need you to be able to listen, learn and articulate a vision. Say back statements, understand how well they can synthesize complicated data and repeat it back in a simple way, engage an audience, and be able to communicate through multiple means – instant message, face to face, virtually, in front of a crowd, whatever it is – role dependent, obviously. So communications leadership is one important thing.
It’s actually not so much when you get the job done; it’s are you getting the job done? And are you communicating about when you’re probably going to be getting it done? That’s more important to me. That’s an aspect of individual accountability and discipline that really goes beyond a generational thing.
Anthony: Welcome to healthsystemCIO’s interview with Jim Kuiphof, Deputy CISO at Corewell Health. I’m Anthony Guerra, Founder and Editor-in-Chief. Jim, thanks for joining me.
Jim: Thanks for having me, Anthony.
Anthony: Great, Jim. Why don’t you start off by telling me about your organization and your role?
Jim: Sounds good. Corewell Health is the newly formed, about two years ago, health system as a result of a merger between Beaumont Health in the Detroit area and Spectrum Health in the Grand Rapids area. Those two systems came together to form what is now the largest health system and actually the largest employer in the state of Michigan.
My role is the Deputy Chief Information Security Officer and Head of our Cyber Fusion Center. I have two jobs, one is right-hand man to my boss, the CISO (Scott Dresen), so I got to do a lot of the executive, forward-looking strategy planning, chief of staff type of work, and then the day-to-day job is to head up the teams that track threats, build preventions, detections, respond to threats, minimize our attack surface, do some analytics for us and internal consulting work across the entire system.
Anthony: Tell me a little bit about this Cyber Fusion Center. What’s that all about?
Jim: It’s an evolution. This is one of the final steps in this evolution when I started 8 years ago. Actually, it’d be 9 years ago at the end of this month. We had a limited capability to do detection and response. Cyber resilience and response is the name of the team. Over the years, we’ve added additional services. We call services ‘standard work,’ standard process, standard ways of doing things.

Q&A with Corewell Health Deputy CISO Jim Kuiphof: “Proper Prioritization a Key to Cyber Success”










It’s the key question all CISOs have to ask themselves – especially those at small- to mid-sized organizations whose cyber teams run in the single digits as opposed to hundreds: how do I operate so as to get the biggest bang for my limited buck? For Blaine Hebert, VP and CISO at Yuma Regional Medical, it’s all about picking a cyber framework and sticking to it. In doing so, he says hospitals and health systems will, by default, focus on key foundational issues – the blocking and tackling whose neglect is often the root cause of so many breaches. But it doesn’t stop there, Hebert also recommends building relationships with key users before an incident to facilitate business continuity – ‘you don’t want to get introduced for the first time during a breach,’ he advises. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Hebert covers these issues and many more.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements
There’s a tendency in healthcare – and probably other industry verticals – to focus on the new shiny thing in cyber, and I think we miss the boat if we don’t just stick to the foundational issues.
In healthcare today, unfortunately, CISOs are really still not given a seat at the big table. They are still relegated to a direct report – it could be the CIO, CTO, whatever the case may be. I think there are not enough CISOs that are given board-level visibility.
To me, my part as a CISO is I’ve got to have that pre-coordination effort done. I need to know all those people by name, have coffee with them, get to know them, let them know I’m here to support them.
Anthony: Welcome to healthsystemCIO’s interview with Blaine Hebert, VP and CISO at Yuma Regional Medical Center. I’m Anthony Guerra, Founder and Editor in Chief. Blaine, thanks for joining me.
Blaine: Great to be here, Anthony. Thanks for having me.
Anthony: Good. Looking forward to having a fun chat. You want to start off, Blaine, by telling me about your organization and your role?
Blaine: I’m the VP and CISO at Yuma Regional Medical Center in Yuma, Arizona, been there approximately a year now. We’re a 400-bed, not for profit hospital. Pretty small cyber team. I’ve got four direct reports that fall underneath me. I’m the first CISO that Yuma Regional has had. Prior to that, they had some virtual CISOs that were supporting the organization.
Currently, we’re a one-hospital system there. Really, the only regional medical center between San Diego and Phoenix, so quite a large population here that we support.
Anthony: Very good. I want to start out with the open–ended question and just see what’s on your mind. What are some of the trends that you’re watching? Either things you’re working on or trends you’re watching, just what’s top of mind right now?
Blaine: Well, I don’t think there’s a CISO in our industry that doesn’t lose sleep over ransomware. That’s probably the number one ticket item. Then, AI is really in the forefront right now. We’re trying to get our arms around some governance structure for AI and doing some good things there. Really, first and foremost for me is just making sure that we’re doing the standards and the foundations right at Yuma Regional.
There’s a tendency in healthcare – and probably other industry verticals – to focus on the new shiny thing in cyber, and I think we miss the boat if we don’t just stick to the foundational issues. That’s so evident now that Change Healthcare thing came out and sh...

Reexamining Third-Party Risk Management Around Critical Service Providers

Download our free app to listen on your phone