Intro/Outro (00:01):
Welcome to Digital Transformers, the show that connects you with what you need to build, manage, and operate your digital supply chain. Join your host in a timely discussion on new and future business models with industry leading executives. The show will reveal global customer expectations, real world deployment challenges, and the value of advanced business technologies like artificial intelligence, blockchain, and robotic process engineering. And now, we bring you Digital Transformers.
Kevin L. Jackson (00:41):
Well, hello, everyone. This is Kevin L. Jackson, and welcome to Digital Transformers on Supply Chain Now. So, I really care about my audience, so how is your health today, your healthcare? Right? After two years of checking the TV or the internet for the latest COVID news, that may seem pretty basic, but what if I asked you about your last telemedicine visit? Were your personal discussions recorded? Did your medical data get intercepted and collected for a ransomware attack? Do you feel protected or pretty vulnerable right now? Well, those are the questions being addressed today as we discuss the state of healthcare cyber security with Clara Hustad, Assistant Vice President Channel Marketing Industry Solutions at AT&T Business. Welcome to the show, Clara.
Clara Hustad (01:45):
Thanks for having me, Kevin. It’s great to see you, even though we’re virtual.
Kevin L. Jackson (01:49):
Yeah. I tell you that in-real-life stuff really doesn’t happen much anymore, does it?
Clara Hustad (01:55):
No.
Kevin L. Jackson (01:56):
Maybe we’re getting back to normal.
Clara Hustad (01:58):
I think so. I hope so.
Kevin L. Jackson (02:00):
So, can you share a bit of your background with this? Last time we talked, we were talking about, I guess, mech and how the manufacturing community was transitioning and leveraging 5G.
Clara Hustad (02:14):
Yes. Well, now, I have healthcare, too. But a little bit about me, I’m from McAllen, Texas, so a born and raised Texan. I feel like every Texan will tell you that. We love talking about we’re from Texas.
Kevin L. Jackson (02:29):
Yes. Yeah.
Clara Hustad (02:30):
I did live in Idaho for a year, so I guess maybe I got some points taken away there, but-
Kevin L. Jackson (02:35):
That’s a big difference.
Clara Hustad (02:36):
Yes. My dad is a farmer, so that was a big change for our family. I was only there for a year, and then I came back to school to go to UT San Antonio. And once I graduated, my degree is actually in psychology, which I think has helped me more in business than anything else, but-
Kevin L. Jackson (02:53):
We’re all your customers and clients, right?
Clara Hustad (02:55):
Exactly. It’s like this is where they’re coming from, I can reach them. I decided at the last minute that the degree in business was a little bit more beneficial, and I started with AT&T almost right after I graduated in their leadership development program. So, that was a big career switch in my mind from where I thought I was going. But it was so fun, it seemed so attractive to get to jump around at different groups. And as somebody like me who just wants to learn a bunch of stuff, it seemed like, oh, pick up three different jobs in three different years, that seems like fun, sign me up, so it was neat.
Kevin L. Jackson (03:32):
Well, tell me one thing about that, so you were part of the executive career development process, but a lot of people don’t realize, you hear AT&T. it’s like this big conglomerate that’s buying up everybody, but there’s a big difference between AT&T consumer and AT&T business. Have you always been on the business side?
Clara Hustad (03:57):
For most of my career, yes. I started in our call centers, which is a very unique experience. I had no business managing people older than my parents, so I called those my character-building years. And then, I moved into our network department, which services everyone, but my specific customers were installation of high-cap circuits, so that was really cool. And then, I went into general marketing, and from there, I just sort of moved into business, which I’ve started in small business, and then slowly progressed my way up, which is kind of how it works around here. I’ve been in our supply chain group. I was in executive operations and kind of ping-ponged around, but business marketing was really where my passion is, mostly because my parents are in business for themselves, so there is a passion there to make sure that our customers are as successful as possible.
Clara Hustad (04:50):
And if they’re successful, we’re successful, because they grow, the more things they need, the more we can kind of power that for them. So, it is definitely very different than consumer, which is a lot more transactional, which is great, but people are buying and selling in stores, and kind of running in and out with things they need, we’re building networks that are custom to individual’s needs at their facilities, and that’s something that’s incredibly unique about business from an AT&T perspective. We really take into consideration the goals and aspects of where people are trying to go and build out that network to make sure it’s possible for them from a technology perspective.
Kevin L. Jackson (05:29):
Well, you clearly have learned a lot about how technology supports business and new business models. And now that you are in healthcare, I’m curious to understand like how—since things have changed so much over the past couple of years, I mean, in healthcare, specifically, there’s been such a rapid, and I would guess, forced shift to telemedicine. How has that affected the overall healthcare industry?
Clara Hustad (06:02):
I think we hear a lot about what’s happened from an urgent patient perspective, but the pandemic really impacted care for noncritical patients in a very unprecedented way. I think we had kind of dipped our toe into telemedicine, but when you’re no longer able to go into a hospital for care, because it’s overwhelmed with other patients, and to be honest, that’s how most people go into any sort of care. The majority of individuals don’t have a primary care physician. They just go straight to a hospital or find a specialist themselves, so the ability to have care anywhere to meet those needs is something that I think is really here to stay. It helped providers reach a larger number of patients and quickly. So, you don’t have people coming in and out, having to check in and out. They can check in online.
Clara Hustad (06:55):
One of the customers that we have, one of the providers, they were telling us that patients didn’t have to wait days or weeks for appointments. They had fewer missed appointments, because people were at their home and could get a checkup. And as long as they had a really good camera and internet connection, they had a very intimate conversation in a private setting. And customers are—I shouldn’t say customers. Patients were a lot more open to talking about things, because they felt comfortable on their settings at home, which is something that was new for doctors to hear and experience. And then, they physical movement from room to room, and then cleaning of the rooms didn’t have to happen. So, you were able to progress more with people with chronic situations, create at-home care, especially with individuals with comorbidities, so I think it’s a lot more impactful for preventative care. So, keeping people out of the hospital is incredibly important to our clinicians and providers, and that’s something that they’re seeing a lot have benefited in doing the telemedicine visits.
Kevin L. Jackson (08:01):
But I mean, that can make people—kind of worries people though, right? Because how do hospitals secure those home cameras? And I’ve seen home blood pressure cuffs, so when it comes to telemedicine, this is some pretty personal information and data. How do hospital’s security edge to make this safe?
Clara Hustad (08:31):
So, as a normal consumer of different healthcare products, I have my watch here that gives me my heart rate, things like that, I wouldn’t think like, oh, somebody would do something with this data, but in coming into the healthcare space, your medical data is 50 times more valuable than your credit card data. And truly, I didn’t see that value, but as you start looking at what people can do with that information, and a bad actor being able to control your credit card, bank accounts, things you can buy, that’s a finite amount of time. With medical data, they can create a whole human persona, and seek medical treatment on your behalf, get access to medication, change your medication, abuse prescription drugs on your behalf. That can last way longer than a credit card number for a bad actor.
Clara Hustad (09:24):
So, for hospital privacy and HIPAA to prevent all of that with telemedicine is incredibly important, because you have people logging into portals, having remote patient monitoring sensors and visits in their home, it’s important that security is extended to those end points, but you want to extend it to the end points to basically create more trust, rather than friction in that environment. So, making sure you have a secure portal for connection, we have the capability to do that at AT&T, and making sure that the way you connect to a customer and patient basically keeps that privacy intact, and you have security at the edge where you’re collecting data. And don’t let anybody record your visits.
Kevin L. Jackson (10:09):
Yeah. Well, you would listen and see all the commercials from AT&T, they really talk a lot about how 5G technology is going to make life better for us all. I hope this includes our healthcare. Does 5G really enhance cybersecurity? I mean, do the bad guys just have more threat vectors to exploit?
Clara Hustad (10:37):
I think it’s exactly that. I mean, 5G, for your normal human, it’s like, what is this? I don’t get it. But it’s just another band of spectrum on a giant tower that wasn’t previously used. It has new radios, lower latency, higher bandwidth, but also more inherent security, because it is a later generation band of spectrum. So, let’s just use like your typical phone as an endpoint. So, a Wi-Fi saturation point is around 10,000 devices. For 5G, you’d have to tag on more than a million devices to really impact that network. But to your point, the more devices you add onto any network, they also need to be secured. So, that includes the application, the data, the endpoints, and AT&T, I believe we have a real shared responsibility model, which delineates what the carrier or the network provider delivers in terms of security, so customers know what endpoints they need to secure and we protect the network that is delivered. So, ensuring a provider understands that the more endpoints you have, the larger your surface attack for the bad guys that you really need to kind of hone in on and protect.
Kevin L. Jackson (11:52):
Right. Well, I mean, that seems to make sense, but it also seems like this is going to be a heavy lift for a lot of these hospitals. I mean, typically, I guess before a hospital would just buy someone or get service from someone and manage their IT, is there a new role for this healthcare and telemedicine? What organizational roles have responsibility for the overall security within a healthcare organization?
Clara Hustad (12:32):
So, every department has to consider this, and in every organization, I mean, you hear it in manufacturing, finance, retail, wherever you go, but healthcare as well, you’ve got your nurses that are trying to develop new technology to head up the nursing department, and they’re tagging on things to your network that, again, opens up a threat vector. So, people are your weakest link. It’s important that everybody carry that vigilance. I once met with our CISO, Bill O’Hern, and he was telling me, “Claire, people share things in plain sight. And if you’re like a perceptive bad actor, you can figure out who people are, what their passwords might be, and basically get them to click on a link pretty quickly. And honestly, it’s true. I think after that conversation, I saw something on like Facebook or Instagram, and it was like, your Derby horse race name is the street you grew up on and your family pet, and combine those names together and it was like my perception from his comment had changed, and I was like, all I see is these are password recovery questions being answered in plain sight.
Clara Hustad (13:42):
And another customer that we met with said, only the paranoid survive cyberattack, and I truly believe that. I feel like when everyone believes that they are a potential breach, you’ll find that they’re more suspicious of emails. They’ll check the sender before opening a file or clicking a link. And we at AT&T also provide a lot of those services to help manage the workload that that increases for your organization. So, I think the way to go is zero trust, and we are one of the best, if not the best in that situation, considering the number of things that cross our traffic. We see the third of the world’s internet traffic and we protect that information, so it’s incredibly important to us.
Kevin L. Jackson (14:30):
So, I’m going to have to talk to you after this show, how do you protect yourself against that rogue finger? Because my finger always want—well, anyway, the healthcare industry hasn’t really been known for having a particular focus on cyber security. Is that changing? Has it changed?
Clara Hustad (14:54):
Yeah. I mean, I think that, 100%, I don’t think anyone really outranks the finance industry, but healthcare is getting closer and closer. The difficulty for this industry is providing privacy before care, but I’ll just tell you, many people die with their privacy intact. So, I think as a whole, we need to figure out how we use technology to ensure that you’re caring for the right person, giving them the right care, and giving them the care instantaneously, which I think is something that the industry is moving towards as a whole, and we will be able to see in our lifetime.
Kevin L. Jackson (15:31):
Sounds like priorities, right? Take my privacy, but save my life. But-
Clara Hustad (15:42):
Yeah. I mean, we had a physician give us a story about how somebody was on vacation in Florida. They hit their head. They had a bunch of medical information, but the doctor couldn’t prove that they were talking to another doctor to send them the information. This guy was without care, to make sure that he wasn’t allergic to things, they ended up doing a bunch of procedures. He was allergic to a couple of things that they ended up doing to help reduce swelling, which caused more issues. So, that communication, especially across state lines, across hospital lines is incredibly important to kind of keep track of.
Kevin L. Jackson (16:22):
Well, the public sector, and hospitals, specifically, have been heavily targeted for ransomware attacks. How is this being addressed if I’m deciding to save the life, instead of saving the privacy?
Clara Hustad (16:39):
So, I think any sector, beginning or midway through their journey to the cloud, is the easiest target for a bad actor. There’s a lot of changes, a lot of communication that needs to happen within an organization. And breakdowns in communications happen a lot of time. Those infrastructures are beginning that digital migration. And in our security report, our cybersecurity report, we found that 63% of healthcare organizations said attacks against cloud workloads were the riskiest future attacks they were preparing for. So, that shows us that if they’re prepared, they know what they’re up against, then the biggest piece of mind for an IT team as moving over is to make sure you have the right partners, the technology teams that have done that before. We’ve done that for plenty of people, and we’ve helped so many companies transition, and do it to our own network. So, we have experienced personally in the digital migration to a digitally defined network, so I think that’s important to have that history behind you to be able to help the future, and not make the same mistakes, and really do it in the best way, safest way possible.
Kevin L. Jackson (17:48):
So, I have sort of a personal question. I feel like I have my clinician here to help me out. But when I go to see a healthcare professional, in today’s world, I often need to call or text from the parking lot before entering the facility, to make sure I have my mask and everything, but that doesn’t seem like it’s really consistent with protecting my privacy and data security rules like HIPAA. What’s with that?
Clara Hustad (18:34):
So, I believe it started as a COVID protocol, so there weren’t too many people in the waiting room together, but all to become a security protection to help verify your identity and your location. There is a huge revenue loss for patients who no-show, so it also helps with that. And as long as you’re not sharing any personal health information to this text message, aside from yes, I’m here, let me know when I can walk in, and yes, I have a mask, or I need a mask, then I think you’re good to go, but don’t be sharing any medical concerns or conditions over text.
Kevin L. Jackson (19:10):
Okay. I got to remember that. So, with the healthcare report, I guess they looked at all of this, but what do you see as the most important finding in that healthcare report?
Clara Hustad (19:26):
So, I think the number 1 thing I learned was the healthcare industry needs to pivot their business model quickly and securely. We see the top edge use cases for healthcare reflective of that pivot. The top use case amongst healthcare participants is the care anywhere model, care is moving outside the four walls of the hospital, we’re able to do that a lot more securely and easy, but healthcare professionals believe the model has kind of an average perceived risk, but it’s also the highest perceived impact from a cyberattack. So, making sure that those endpoints are secure, devices that you’re giving your patients are able to basically reflect the security protocol that you have inside your hospital. So, making sure that that’s safe and secure was one of the biggest takeaways. The second was the percentage of a budget that the healthcare industry plans to allocate to security. 44% of healthcare respondents plan to allocate between 11 and 21% of their overall edge project budget to security. This is really encouraging. This is more along the lines of what we’re seeing in the finance industry, who is highly superior in this space. I would say most of them. But in terms of the budget allocation to security, it’s starting to grow, and I think that’s very in line with the threats that are starting to increase with them.
Kevin L. Jackson (20:50):
Well, it sounds like things are actually getting really better in healthcare, and I really appreciate your insight and, and your time and perspective today. But unfortunately, our time has come to an end, and I was just enjoying all of our discussion, but before we go, can you tell the audience how to get a copy of this, I guess, groundbreaking report in some ways, and maybe even reach out to you to get a personal consultation?
Clara Hustad (21:24):
Call me. Well, you can find me on LinkedIn under Clara Husad. I’m also on Twitter @clarahustad, so make it very easy for people. But the cybersecurity insights report is free and is located at cybersecurity.att.com, where you can find not only healthcare, but reports for finance, retail, and manufacturing. We also have reports based on your threat surface, cloud migration, or endpoint security, so would love to be in contact. And I also have a wonderful partner in crime, I’d be remiss if I didn’t mention Gary Olson, who is literally my peer and partner, and specialist in cybersecurity that is a great resource as well.
Kevin L. Jackson (22:10):
Well, we’ll make sure to put all those links in the show notes, so thank you. Thank you very much. It’s going to blow up your phone.
Clara Hustad (22:20):
Blow it up. I want to help people.
Kevin L. Jackson (22:21):
So, in closing, I would like to invite everyone to check out the wide variety of industry thought leadership at supplychainnow.com. And that’s where you can find Digital Transformers, and you can find Digital Transformers and Supply Chain Now wherever you get your podcast, so be sure to subscribe. So, on behalf of the entire team here at Supply Chain Now, this is Kevin L. Jackson, wishing all of our listeners a bright and transformational future. We’ll see you next time on Digital Transformers.
Intro/Outro (23:03):
Thank you for supporting Digital Transformers and for being a part of our global Supply Chain Now community. Please check out all of our programming at supplychainnow.com. Make sure you subscribe to Digital Transformers anywhere you listen to or view the show, and follow us on Facebook, LinkedIn, Twitter, and Instagram. See you next time on Digital Transformers.
