Your April Assembly Recap

This past April, The Millennium Alliance was proud to host two engaging Virtual Assemblies for C-Suite executives and top industry thought leaders. First up, we had our Healthcare Providers & Payers Transformation Virtual Assembly on April 20-21, which was followed by our Transformational CISO Virtual Assembly on April 27-28. In case you missed either event, read about some of the sessions below!

Healthcare Providers & Payers Transformation Virtual Assembly

Lessons Learned from our Healthcare Keynote

Starting off our Healthcare Providers & Payers Transformation Assembly was David Shulkin, Ninth Secretary, US Department of Veterans Affairs, with a keynote on healthcare in the private and public sector. He shared some of the lessons he learned during his time in government that he transferred over to the private sector. The big takeaway: access is essential. Dr. Shulkin mentioned some of the ways he promoted accountability for increasing healthcare access for veterans, some of which were controversial. In addition to increasing the public visibility of the VA’s operations, Telehealth has also played a role in improving access, especially for Veterans. Dr. Shulkin touched on some of these points when he joined us for a #MillenniumLive podcast episode, which you can listen to here.

Insights from the Healthcare C-Suite

Sumair Akhtar, Chief Clinical Officer, at Stella Health led the discussion on population health, incentives, and value-based care. He spoke of the the issue surrounding inequity in healthcare and outlined some of the ways Stella is working to improve outcomes. This includes “boots on the ground” incentives that address food insecurity, housing, and substance abuse counseling. He also noted that healthcare organizations can utilize data to streamline population health strategies and foster more collaboration between providers and payers. 

The next workshop was led by Peter Pronovost, Chief Clinical Transformation & Quality Officer, University Hospitals Cleveland. He raised the question: how can we make a dent in the trillion dollar healthcare problem? According to Dr. Pronovost, we can do this by providing the highest-value care, re-writing the narrative that defects are inevitable, and shifting from reactive to proactive care. He outlined a three step plan for creating a change in narrative: 1. Stop believing that defects in value are inevitable and start believing they are preventable. 2. Stop believing that value is someone else’s responsibility and start believing it’s all of ours. And 3. Stop believing that heroism and economic incentives alone will solve the problem, and start believing that we have to redesign care around patient’s needs.

The Millennium Alliance was proud to present the 2020 Provider & Payer Innovator of the Year Awards. Millennium Advisory Board Member Ashish Atreja of UC Davis Health sat down with the winners for a conversation on fortifying the relationship between provider and payer for more innovation in the healthcare space. Congratulations to our winners of the 2020 Healthcare Provider Innovator of the Year Award, Angela Yochem, EVP, Chief Transformation & Digital Officer, Novant Health UVA Health System, and the 2020 Healthcare Payer Innovator of the Year Award, James Grant, SVP & Chief Medical Officer, Blue Cross Blue Shield of Michigan.

Albert Marinez from Intermountain Healthcare talked data & analytics as drivers of transformation in healthcare. He emphasized the importance of creating a culture that supports innovation and breaking past legacy systems. According to Albert, a disruptive mindset, platform agility, and the spirit of innovation are key characteristics of breakthrough performance. He also discussed the key value propositions for data & analytics, which include data utility, data as a business decision enabler, and data as a driver of business through opportunity.

Sidney Dixon, Vice President & Chief Applications Officer at Tower Health closed out day one of the assembly with a presentation on the 21st Century Cures Act and its importance to the health IT professional. He went in depth about Information Blocking Provision, which actors it affects, and the 8 exceptions to the rule. It’s now up to healthcare systems to strategize in order to handle these changes.

The Latest from our Healthcare Thought Leaders

We kicked off day two of the Assembly with a keynote panel led by Michele Chulick, Former Chief Executive Officer, Wyoming Medical Center with panelists Ashok Chennuru from Anthem, Pamela Peele from UPMC Health Plan, Purna Prasad from Northwell Health, and Christopher Rehm from LifePoint Health. The panelists shared insights on leveraging data for a holistic view of patients and members, and shared the belief that the real challenge is not acquiring data, but rather making it fit for consumption. They noted that the shift to Telehealth could spark the greatest disparity in access to healthcare due to the fact that the digital divide is largely impacted by socioeconomic factors, language barriers, etc., and therefore should be used as a tool to reach communities and not as the “end all be all.” Reaching sub-communities, overcoming language barriers, and a lack of accessibility are still concerns for Telehealth that the panelists intend to address within their organizations.

Check Out What’s New with Our Solution Providers

AKASA    WellSky Corporation

3M   Nuance    Emdee    Globant

And the Winner of The Millennium Mission Prize is…

The winner of the Healthcare Providers & Payers Millennium Mission prize has chosen to make his donation to the Wounded Warrior Project on behalf of our Keynote Speaker, David Shulkin! The winner, who will remain anonymous, was inspired by Dr. Shulkin’s advocacy of veterans and selected WWP, which supplements some of the work the VA does to help returning veterans heal. We are honored by this act of humility, and we are thrilled to donate $1,000 on behalf of David Shulkin, who continues to serve as an inspiration for leaders in the healthcare community and beyond.

Transformational CISO Virtual Assembly

Lessons Learned from our Cybersecurity Keynote

Flavio Aggio, CISO of the World Health Organization, kicked off the assembly with a keynote on pandemic-driven cyber attacks. What was the big takeaway? Humans are the biggest and strongest links in cybersecurity. This means that technology should be human centric and collaboration between decision makers and cybersecurity professionals is essential. After the pandemic hit, Flavio’s team accelerated multi-factor authentication, threat intelligence, zero trust strategy, and sparked the implementation of DMARC and monthly phishing exercises.

Insights from the CISOs

The first workshop of the day was led by Thomas Dager, VP, CISO, Archer Daniels Midland, who addressed the issue of remote work and tracking a multitude of off-premise devices. Some challenges include switching from desktops to laptops, the inability to issue new devices in locked-down countries such as India, lack of visibility on home devices on separate ISPs, and tracking employees’ security measures remotely. He noted that these challenges have led CISOs to adjust and adopt new acceptable use policies and innovative new VPN systems and technologies that allow for personal device use.

In his workshop on creating a culture of security within an organization, Gopal Padinjaruveetil, CISO at Auto Club Group – AAA, explained how he uses psychology to achieve this goal. Because hackers use psychological tactics to launch an attack, AAA uses psychology to prevent attacks. One way Gopal does this is through phishing tests followed by interviews, which gives him a better understanding of the rationale behind a failed test. He found that employees who clicked on the links noted in their interviews that they were distracted, or that they felt manipulated and deceived by the test. The main goal of AAA’s cybersecurity team is not to raise awareness, but to raise effectiveness, which emphasizes learning rather than punishment when mistakes are made.

Zero Trust is on the rise, and Randy Marchany, CISO at Virginia Tech, tackled the subject in his workshop session. He noted that in your ZTN, all data must besecure regardless of location, user identities must be confirmed, and all network traffic should be logged and analyzed. Ransomware has been around since the late 1980s, but the problem is only growing, so cybersecurity professionals must be aware of all threats and mistakes. Some common security mistakes made by individuals include poor password management, leaving computers on and unattended, opening email attachments from strangers, and not installing antivirus software, to name just a few. Randy also mentions that it is important to log successes as well as failures, which helps with comparison and tracking anomalies.

Rizwan Jan, VP, CIO, Henry M. Jackson Foundation for the Advancement of Military Medicine, talked insider threats in his workshop session. He discussed how protecting data from insider threats has become increasingly difficult now that there is no longer a “networking perimeter”, but rather a multitude of endpoints including mobile, IoT, and more. The key takeaway was that insider threats are a human problem, not a technology problem. This means cybersecurity professionals must understand threat actors and the data they’re going after, and then assess an action plan to protect their organization’s data. 

Raj Badhwar from Voya Financial led the conversation on quantum computing and the risks they will pose in the near future. Due to quantum computing’s ability to have 2^N states simultaneously, which leads to superior speed of performing unstructured search and the capability to perform faster factoring of semi-primes, it will eventually pose a security threat. This means that enhancing cryptographic schemes, such as lattice-based, multivariate, hash-based, or code-based cryptography, should be prioritized by today’s CISOs.

Jennes Zhang from Procter & Gamble discussed cybersecurity in a HyperCloud environment. In the past, his team outsourced much of their IT and found that they didn’t have enough security. As of three years ago, the team started to handle their core competencies internally, which dramatically improved their maturity level over time. He made the point that the cloud works best when you can manage the workload dynamically. P&G took initiatives such as establishing security operations centers to monitor security operations 24/7, mandate security agent installation for every application, implementing a micro segmentation capability, and more.

Recruitment and training in the Cybersecurity space is a challenge, but Jennifer Watson, CISO at Celanese tackled the subject in her workshop discussion. The question is: where do you start? According to Jennifer you can start from scratch, or a “green field”; a partial team, a team that is organically grown; or a mature team, which means holding onto existing talent. She emphasized the importance of looking for soft skills when bringing in talent, and then working on developing hard skills through good mentorship. On the subject of retention, employers must create a clear career path for new talent while also enabling flexibility within the work environment.

For the final workshop of the Assembly, Eduardo Lopez, DCISO, USCIS, talked about Identity Access Management. Eduardo notes that Internal access controls are the core element of security best practices, and they are the CISO’s responsibility. Logical access control tools should make the user experience as seamless as possible, and building in automation is key. He also provided insights on best practices for Privileged Access Management, Secrets Management, and more.  

The Latest from our Cybersecurity Thought Leaders

Day two of the Assembly started with a thought-provoking keynote panel on building a culture of cybersecurity led by Keri Pearlson, Executive Director, Cybersecurity at MIT Sloan with panelists Paul Connelly from HCA Healthcare, Andrew Coyne from Mayo Clinic, Sachin Kothari from Johnson Controls, and David M Monahan from Bank of America. The panelists agreed that privacy and security go hand in hand, security awareness campaigns are essential, and technology alone is not enough to maintain security within an organization. They talked in depth about focusing on using communication to promote security awareness. Panelists also noted that testing is essential, but the goal should be to teach employees best practices, not to punish them for their mistakes. Another common theme among panelists was the importance of strong cybersecurity leadership when creating a culture of security.

Check Out What’s New from Our Solution Providers

Palo Alto Network   GitGuardian   Threat Locker

Cloud Range   BeyondTrust   Qualys   Fortinet

And the Winner of The Millennium Mission Prize is…

The winner of the Transformation CISO Millennium Mission prize is Keith Stocks, Vice President, Information Risk Management at Union Bank! We are thrilled to donate $1,000 to Asian & Pacific Islander American (APIA) Scholars on behalf of Keith Stocks.