S1E26: Network Transformation & Cybersecurity (ft. Curt Kwak, Proliance Surgeons)

Share:
Curt Kwak, CIO and Chief Information Security Officer for Proliance Surgeons, discusses network transformation and cybersecurity.

Transcript:

0:0:0.0 –> 0:0:15.280
Jordan Cooper
We are here today with Kurt Kwok, the Chief Information Officer and Chief Information Security Officer for Proliance surgeons. Curtis, also the former vice president and chief information officer of Washington State Health Benefit Exchange. Kurt, thank you so much for joining us today. How are you doing?

0:0:15.640 –> 0:0:17.140
Curt N. Kwak
I’m good. Good morning, Jordan.

0:0:17.670 –> 0:0:48.780
Jordan Cooper
Thank you. So what I’d like to share with our listeners is some background on proliance surgeons. Proliance surgeons is one of the largest surgical practices in the country with 210 board certified surgeon specializing in orthopedics. Your nose and throat, ophthalmology general surgery and plastic and reconstructive surgery at over 80 locations throughout Washington state. Kurt, we have a few topics are like the cover today. I think we can run through it, talent recruitment, retention and recruiting some network transformation.

0:0:49.180 –> 0:0:49.380
Curt N. Kwak
Yeah.

0:0:48.960 –> 0:1:3.160
Jordan Cooper
Cyber security awareness preparation may be the long term. IT road map of tech initiatives over Proliance. So let’s get started at the top of that list. Tell me what’s going on with talent retention recruiting. What are your challenges and what are some of your initiatives to address those?

0:1:3.980 –> 0:1:35.80
Curt N. Kwak
Well, our our goal is always to take care of our existing employee base and provide development plans and road maps for them to fulfill their own personal goals as well as that professionally enabling what we do here at proliance surgeons. It’s it’s been difficult. Gotta be honest with you, the pandemic hasn’t helped the remote work, hybrid work environment dynamics didn’t was also difficult to manage. But I think we’ve done pretty well. We also had to.

0:1:35.220 –> 0:2:5.120
Curt N. Kwak
Compete against the larger name companies around us like Microsoft, Amazon, and even guys like Expedia and Google and Facebook. They have huge presence here in Seattle area, so we have to compete for a talent with with them. But they’re recently even with the the news of large layoffs from these large corporations really hasn’t changed our recruiting strategies. We’re still having a difficult time.

0:2:5.370 –> 0:2:13.710
Curt N. Kwak
We’re treating for good talent, good fit here at proliance and and always looking, but our number one goal is to focus on our existing employees.

0:2:14.450 –> 0:2:42.890
Jordan Cooper
Interesting you mention some big tech in California and the West Coast in general. Microsoft is in Seattle. I’m wondering if when you’re talking about it, talent recruitment and retention, are you speaking, are these people moving into the healthcare sphere? I know that Amazon’s getting into healthcare. I know that a bunch of there used to be a Google health. I know that a lot of big tech has an interest in health. Are they moving into the healthcare arm of these big tech or are they just leaving healthcare entirely?

0:2:59.430 –> 0:3:0.30
Jordan Cooper
Mm-hmm.

0:2:43.920 –> 0:3:14.810
Curt N. Kwak
They’re not leaving health care entirely, I would say, umm, we’re we’re needing more more folks, more technical talent to do the transformation of things we need to do more in, in healthcare, whether it’s interfacing, whether it’s AI and machine learning and automation of some of our back end processes in healthcare. So we welcome any industry technical talent, but there again really hard to come by because maybe one healthcare industry is a little bit foreign to.

0:3:14.900 –> 0:3:18.710
Curt N. Kwak
Many of these folks that are available and they’re looking to stay within their own industries.

0:3:18.850 –> 0:3:19.280
Jordan Cooper
Yeah.

0:3:19.490 –> 0:3:27.650
Curt N. Kwak
Or, you know, they have more questions than and than ready to jump in something that they might not be fully familiar with.

0:3:28.100 –> 0:3:31.830
Jordan Cooper
So how are you competing with big tech then with your recruitment strategy?

0:3:47.0 –> 0:3:47.400
Jordan Cooper
Umm.

0:3:32.430 –> 0:4:3.740
Curt N. Kwak
Well, it’s difficult. I mean we we just cannot compete directly with them because they will always pay more and they have these perks and benefits that not many of us could could do. But you know, we kind of promote the fact that Healthcare is about serving people. It is about taking care of people and it takes special mindset to really work effectively in healthcare. So. So there are folks out there that we are targeting.

0:4:4.360 –> 0:4:8.50
Curt N. Kwak
And hopefully we could bring in all those folks with the key technical talents as well.

0:4:8.680 –> 0:4:13.770
Jordan Cooper
Hmm. Alright. Well, let’s move on to the network transformation.

0:4:14.80 –> 0:4:14.340
Curt N. Kwak
Yeah.

0:4:14.840 –> 0:4:24.630
Jordan Cooper
You, I know that you you’re responsible for developing long term information technology. Road map of tech initiatives. What’s going on in terms of network transformation at proliance surgeons?

0:4:25.410 –> 0:4:42.570
Curt N. Kwak
Well, we’ve been targeting data and voice integration or convergence. However you wanna call it for for many, many years. I think we’re finally at a point where we could honestly say we are relatively and more comprehensively a converged at this point.

0:4:59.850 –> 0:5:0.390
Jordan Cooper
Umm.

0:4:43.570 –> 0:5:14.720
Curt N. Kwak
And there’s a lot of pros and cons to that, but one of the biggest benefits is that we are now a little bit more flexible and more agile in which direction we want to go if we want to leverage technologies like SD Wan more now we can because prior to what we’ve done, we were kind of stuck with the traditional connectivity point to point connections, the MPLS metro E where it was just one connection from point to point and there wasn’t much you could do over those.

0:5:15.160 –> 0:5:41.120
Curt N. Kwak
Now that we’re leveraging DIA or direct Internet access, more and more for less cost and we are able to educate ourselves a little bit more on things like SD Wan and network resiliency. And all of that and also leveraging cloud infrastructure a bit more, we are able to do actually opened up a door for us to look at lot of things in, in a lot more different ways than we used to be able to so.

0:5:41.930 –> 0:5:50.10
Curt N. Kwak
It all started with the convergence, and now we’re beyond that, and now we’re looking ahead to see what else we could do and the future is looking really bright for us.

0:5:57.840 –> 0:5:58.20
Curt N. Kwak
Yeah.

0:5:50.530 –> 0:6:15.20
Jordan Cooper
I’d like for the benefit of our listeners. I think many are going through very similar sort of digital transfer network transformation initiatives. Would you be able to speak to a very specific use case or scenario where you had a challenge you overcame in the last one to two years in the course of trying to upgrade your systems and maybe how that segued into cloud or into moving away from point to point something of that nature?

0:6:41.220 –> 0:6:41.600
Jordan Cooper
Umm.

0:6:15.360 –> 0:6:45.700
Curt N. Kwak
Yeah, I mean, you know, it starts with a, you know, some areas. I’m gonna throw some numbers. Hopefully this doesn’t throw off some people. Let’s say you’re paying $2000 a month for a point to point connectivity from point A to your data center as an example. Well, we’re now able to replace that with the $500.00 direct Internet access with the SD when writing on it. And that actually goes into the Internet, which also provides the resilience versus a single point of failure. Back to the care center or I’m sorry, the.

0:6:45.790 –> 0:7:6.710
Curt N. Kwak
The data center and and over that Internet we’re able to add a lot more things because now that Internet access is actually more dense and actually has higher bandwidth than we used to be able to do from point to point connection. So it gives us that flexibility to add not only voice and data but other specialty services and applications.

0:7:26.880 –> 0:7:27.670
Jordan Cooper
Mm-hmm.

0:7:7.750 –> 0:7:34.440
Curt N. Kwak
That we couldn’t before. So you get a lot more. And not only that, that we also opened up our options to go beyond the data center. Now we are working with third party SAS providers as well as third party virtual infrastructure providers to build infrastructures in their cloud. So that enables us to decrease our physical real estate that allows us to cut the large expenses that we.

0:7:35.110 –> 0:7:40.240
Curt N. Kwak
Used to spend in our data centers to connect all these different places and.

0:7:41.390 –> 0:7:53.380
Curt N. Kwak
With the savings we could do other things or we could invest in other areas that we couldn’t before so, but those are some of the examples, maybe not as specific as you would like, but it I’m sure many people will relate to many of them.

0:7:54.0 –> 0:8:4.250
Jordan Cooper
Sure, a few follow up questions there. So when you go to direct Internet access, do you still have the ability to fail over and a mirroring situation or disaster recovery?

0:8:5.140 –> 0:8:9.160
Curt N. Kwak
Yes, I actually gives you a little bit more options because.

0:8:14.340 –> 0:8:14.580
Jordan Cooper
Umm.

0:8:23.560 –> 0:8:23.970
Jordan Cooper
Mm-hmm.

0:8:10.490 –> 0:8:39.90
Curt N. Kwak
Internet access can be achieved multiple ways versus point to one. There point to point connections. There’s really only one way which is the local access provider has to provide a path for that point to point to come in or Internet can’t be achieved by coax by over the air. Now that 5G is available, there’s different mediums we could pull in Internet access into some of our locations and that provides not only divergent and different physical paths.

0:8:39.290 –> 0:8:39.680
Jordan Cooper
Mm-hmm.

0:8:39.610 –> 0:8:46.750
Curt N. Kwak
Uh, but also the high level of bandwidth we need to run our operations and business. So a lot more flexibility.

0:8:47.270 –> 0:8:53.370
Curt N. Kwak
Uh, lower cost, of course. And then on those things that we couldn’t do like redundancy and disaster recovery.

0:8:53.870 –> 0:9:12.260
Jordan Cooper
Sure. I’d like to segue into cyber security awareness and preparation before we just launch into an open discussion on that. Many CIO may wonder, well, I’m opening myself up to direct Internet access. Is there an associated security risk I have to be aware of, especially with Chi?

0:9:13.90 –> 0:9:13.370
Curt N. Kwak
Well.

0:9:13.440 –> 0:9:28.300
Curt N. Kwak
Ohh, just to qualify that you’re not really opening it up, you’re utilizing like webgate firewalls, Edge firewalls and things like next generation endpoint protection and threat detection systems. So really really protect yourselves.

0:9:35.180 –> 0:9:35.730
Jordan Cooper
Umm.

0:9:29.380 –> 0:9:40.640
Curt N. Kwak
We did that even with the point to point connections, but with the Internet you have to be even more dialed in and leverage these phenomenal technologies that are available.

0:9:43.760 –> 0:9:44.230
Jordan Cooper
Umm.

0:9:41.300 –> 0:10:16.170
Curt N. Kwak
And many are very, very affordable and and with that you also need people to operate and keep your eyes on the network. So. So there is definitely that component of it and us being in healthcare, absolutely Phi is our #1 focus to protect and secure and we do our best. But at the same time, these attackers are becoming more and more clever. So it’s not only to protect our perimeter from attacks, but also to protect within. So when an incident occurs, how do we adjust make it minimal damage or minimal penetration.

0:10:16.700 –> 0:10:29.500
Curt N. Kwak
So we do what we call layer defenses within to try to mitigate as much as we can and limit and minimize any I guess damage within your organization if some kind of a hack occurs.

0:10:30.100 –> 0:10:30.380
Jordan Cooper
Umm.

0:10:30.110 –> 0:10:37.270
Curt N. Kwak
Because the one thing we have learned and everybody knows out there that it the, the hacker themselves are pretty savvy, but.

0:10:37.910 –> 0:10:48.340
Curt N. Kwak
99% of the time it’s a mistake by an employee within the organization that may click on an e-mail, click on a link, or open up an attachment that looks valid.

0:10:49.240 –> 0:10:52.790
Curt N. Kwak
And then the internal attack occurs at that point. So so.

0:10:53.680 –> 0:11:4.460
Curt N. Kwak
Part of that is also educating end users. Part of it is just providing educational materials for them to access and just keep reminding them that they are part of our overall human firewall.

0:11:14.90 –> 0:11:14.320
Curt N. Kwak
Yeah.

0:11:18.230 –> 0:11:18.450
Curt N. Kwak
Yep.

0:11:4.900 –> 0:11:35.120
Jordan Cooper
Yeah. And so I went, some executives listening to this podcast right now maybe wondering. Alright, I understand cyber security is important. I have read multiple articles about health systems being hacked and the data and the whole system having downtime. I wonder how could you help those listeners right now think through how to allocate an appropriate budget or resources to cyber security.

0:11:39.220 –> 0:11:39.540
Curt N. Kwak
Uh-huh.

0:11:48.70 –> 0:11:48.360
Curt N. Kwak
Yeah.

0:11:35.250 –> 0:11:58.190
Jordan Cooper
I am managing managing cyber risk and the reason I ask is because I’ve often heard that perhaps an inadequate amount of resources or allocated towards risk and it’s difficult to justify an investment in cybersecurity when a successful amount of investment leads to no events. So it’s difficult to evaluate how successful the effort has been. So could you offer any insight there?

0:12:16.250 –> 0:12:16.720
Jordan Cooper
Umm.

0:12:35.400 –> 0:12:36.170
Jordan Cooper
Mm-hmm.

0:12:31.470 –> 0:12:36.660
Curt N. Kwak
On the impact of the attacks and what the risks are when they read.

0:12:37.360 –> 0:12:42.970
Curt N. Kwak
About cyber security, that’s one thing. But do they know what that really means in their organization?

0:12:43.990 –> 0:12:44.420
Jordan Cooper
Mm-hmm.

0:12:43.820 –> 0:12:47.520
Curt N. Kwak
When they when they read about a big multi million dollar attack.

0:12:48.290 –> 0:13:16.640
Curt N. Kwak
Does that apply to them, or is that just somebody, somebody elses story so it it’s IT leader, educating the stakeholders to make sure they’re all on the same page and from that point you could start charting on strategy on how much you want to invest or you can invest and what kind of risks you’re willing to accept or to mitigate. And from there dollar budgets will come out and you have to be careful. Of course you could always overspend.

0:13:17.380 –> 0:13:18.980
Curt N. Kwak
And nothing could happen.

0:13:32.100 –> 0:13:32.670
Jordan Cooper
Mm-hmm.

0:13:19.720 –> 0:13:49.700
Curt N. Kwak
But you know, these things happen when you’re least expecting or least prepared. And that’s when you know the the concept I just mentioned comes in play. How do you if you, if there is an incident, how do you mitigate it? And what is the number one thing you need to do and some of us may say that’s well, we’ve got to have good backups to protect yourself from ransomware. Of course. That’s pretty obvious. How about the disaster recovery or business continuity scenarios? Do you have offsite or alternate operational locations to keep your business?

0:13:49.770 –> 0:14:11.210
Curt N. Kwak
Knowing and then what is your critical incident management and communication systems look like so everybody is aware when something happens in your organization, so there’s layers of that risk management thing or manage risk management protocols that you do need to stay on top of and a lot of it starts with your leadership.

0:14:11.890 –> 0:14:19.250
Curt N. Kwak
Your will your will to to get the point across the message across and of course stakeholders are willing to listen and work with you.

0:14:20.340 –> 0:14:28.980
Jordan Cooper
So you mentioned your leadership team. I’d like to open up the conversation a bit. What are some of the top priorities for your executive leadership team?

0:14:30.560 –> 0:14:47.850
Jordan Cooper
Over at Proliance surgeons, what are they trying to accomplish? What are they worried about? What has the greatest impact on their bottom line and business operations and how are they leveraging your team to ensure that they’re able to do to do the business as normal?

0:14:48.390 –> 0:14:56.410
Curt N. Kwak
What number one thing for them is making sure the system to systems they use work as designed and they’re available to them.

0:14:57.120 –> 0:15:26.800
Curt N. Kwak
Every time you have an outage, every time you have a system downtime or every time there are delays in getting to your applications or even you know images for your modalities, X-rays, MRI. It’s a time and money wasted for them. It’s revenue that’s not coming through the door and also worse than that is the care that we can’t deliver to patients who are hurting at the time. So how do we as technologists ensure that they receive the best support?

0:15:27.70 –> 0:15:28.10
Curt N. Kwak
And have issues.

0:15:29.200 –> 0:15:59.650
Curt N. Kwak
To ensure their systems are available every time they use it, try to and if there are downtimes or or delays, how do we keep them in the loop so they know exactly what’s going on, or at least have an idea when things are gonna come back online. So in turn they could work with their patients and their customers to set and reset expectations. So they’re not too disappointed or frustrated with our service overall. So there’s a lot of communication and collaboration going on.

0:16:0.110 –> 0:16:3.680
Curt N. Kwak
And it’s not necessarily technology alone, but it’s people.

0:16:4.780 –> 0:16:11.320
Curt N. Kwak
Enabled with technology and then of course all these key processes to make sure everything kind of work in concert.

0:16:15.290 –> 0:16:15.480
Curt N. Kwak
Sure.

0:16:12.330 –> 0:16:25.600
Jordan Cooper
So you’re an ambulatory surgical center. You have a long term IT road map. What are some of the more ambitious or interesting unusual agenda items that you have on that road map?

0:16:26.790 –> 0:16:32.440
Curt N. Kwak
What we still have a variety of systems that we’re trying to integrate.

0:16:33.230 –> 0:16:34.680
Curt N. Kwak
And and we’re not talking about.

0:16:35.460 –> 0:16:44.400
Curt N. Kwak
Going after one single application that’s gonna do everything for everyone that doesn’t exist, right? But how do you kind of mix in all these disparate systems?

0:16:45.170 –> 0:16:59.900
Curt N. Kwak
And in interface and integrate them so the users don’t feel the compartmentalization or differences in those. If there’s a patient data, it goes all the way through the process and comes back and feels like 1 seamless.

0:17:0.590 –> 0:17:5.200
Curt N. Kwak
I don’t have a process for them, and that’s what we’re trying to achieve, integration, interoperability.

0:17:5.860 –> 0:17:24.960
Curt N. Kwak
Uh, with our skill set, our technologies and and doing what we can to provide a seamless experience for every user here proliance so. So that’s really the number one mission. How do we in it enable that and from that comes a specific investments and technologies that will help enable parts of it.

0:17:25.650 –> 0:17:51.640
Curt N. Kwak
There are also inner workings with these vendors directly, so our ERP providers are PAX providers because they also want to do the same thing, right? So how do we integrate and partner with them so that they’re they can update their software to do something comparable to what we’re trying to do. And at the end of the day, all we could do is our best. And if we fall short, we have tomorrow to work on it even more. So we keep trying, Jordan.

0:17:52.210 –> 0:18:6.980
Jordan Cooper
Occur. I do appreciate your time. This has been a wonderful podcast for our listeners. I’ll remind you this has been Kurt Kwok, the CIO and Chief Information Security officer for proliance surgeons. Kurt, thank you very much for joining us today.

0:18:7.90 –> 0:18:9.810
Curt N. Kwak
Was my pleasure of Jordan. Thank you so much for the opportunity.

0:18:10.120 –> 0:18:10.420
Jordan Cooper
Yep.