DigitaLee 5: DigitaLee: Healthcare Cybersecurity, Reputation Management & Digital ROI, pt. 1

Welcome to DigitaLee, the podcast for healthcare marketers, where we look at the digital news, tools, tips and tricks for effective healthcare communications. This week, David Shifrin and digital healthcare pioneer and now healthcare entrepreneur Lee Aase are looking at healthcare cybersecurity, reputation management – should you keep it in-house or outsource? And the first of a two-part miniseries on digital ROI for healthcare providers. The question is how to measure ROI and how that differs between larger and smaller provider organizations.

Listen and subscribe to the podcast, or read the transcript below.

Episode Links

Read the transcript

David Shifrin: Alright, Lee good to see you again. The story that we’re going to kick this off with is from Healthcare Dive titled ‘On high alert’: Hospitals wary of cyber threats from Russia-Ukraine war.It’s a kind of an odd one because you wouldn’t really necessarily expect there to be sort of a healthcare angle to the cyber warfare that we know is taking place.

And frankly, day to day, we don’t even know where this, where the invasion is going and what’s really happening there. So, there’s so much uncertainty, but we have seen kind of similar stories here and there that, Russia seems to be active and you never know where somebody, whether it’s them or anybody else is going to show up.

And frankly, just a week ago, a buddy of mine who’s a PA and he said, you know, we got a ransomware attack and they’re asking for a bunch of cash and we’re locked down and we’re back to paper. It happens all the time, in peaceful times and in bad times. so what should provider organizations be thinking about when it comes to cybersecurity?

Lee Aase: Yeah. I think it just really highlights that cybersecurity should always be a priority because it doesn’t matter where it came from. The Russia, Ukraine conflict might be a precipitating thing. If the United States is involved on the Ukrainian side and if Russia retaliates or wants to find ways of gumming up the American system then yeah, that could be one precipitating event for why hospitals would be under threat, but there’s lots of other threats. There’s always bad actors that are out there. And I think it just really highlights the importance of good processes, good hygiene, good just taking basic security measures. The key one that I think was highlighted in this article and that I’ve felt is really important as well is two-factor authentication. Because anybody can steal passwords or you can guess a password, but with the two-factor authentication, when you have to have a timely provision of that second code, like within 60 seconds, that’s the kind of thing that’s going to be super helpful in heading this stuff off.

I think the other part is just really good training with staff. Helping them to be alert to phishing scams, for instance. I know back in my days at Mayo Clinic, we would have authorized phishing simulations that would be sent out by our IT security team and, you know, it got to be a game where you’d say, yeah, I think that’s one of those when you had forwarded it.

But occasionally you would forward those suspicious emails and they’d say, yeah, that was a real threat, that was really something. And having people be on the alert for it is really important. And yeah, then just the training, the alerting people that this is something that you have to be aware of and have to be careful.

David Shifrin: So you mentioned, you talked about training, Lee. And one of the, one of the quotes that stood out to me in the article was from a chief technology officer at a cybersecurity company talking about how there’s a huge amount of turnover, which is just not…something that I’m not familiar with, the IT world, but anything there when it comes to personnel?

Lee Aase: Yeah, I think it’s really, I noticed that in the article as well, that when there’s…if you have turnover in your key staff that are responsible for these security initiatives that you do put yourself more at risk. And yeah, I think we’ve seen, whether it’s because of people getting terminated because of non-vaccine compliance or whatever, that there have been various reasons for that. But there was the great resignation that everyone was talking about as well. So I think having some lack of continuity among staff responsible in these areas could also put systems at risk.

David Shifrin: Lee let’s use that to roll into the second section which isn’t exactly a platform, but in thinking about both cybersecurity, but then also reputation and the reputational damage that can occur certainly if a breach happens or any other kind of crisis hits.

And we’re talking about the turnover and just the resources that different organizations have. How do you think about what you keep in house? What you outsource, where you draw the line, how do you manage the limited resources that different organizations have recognizing that this is going to vary if it’s an independent community hospital versus a large national healthcare system.

Lee Aase: Larger health systems do have a lot more resources. They also have a bigger footprint. They also have a lot more angles, a lot more service lines that they’re trying to be ranking highly in and where people are expressing their opinions. So it scales up, the need scales up with the size of the organization as well.

I think for any of them, it depends on their stance toward using one of these platforms or doing it on their own, depends on what other priorities they have, where they need to be devoting their resources and what capacity they have. My general predisposition has been to say that people need to have ownership of their online reputation and that the service line folks or individuals who are concerned about what happens when people Google them that the best thing they can do is…

To have an active social media presence. To have an active digital presence that will tend to be over time ranked highly in Google and will show up effectively. So I guess depending on what resources people are willing to put into this they can either outsource it and try to have things managed that way, or they can take a more active and organic role in managing their reputation.

I am just naturally I guess predisposed to the latter solution and to really authentically engaging in these platforms, but can definitely understand how people say, yeah, I just want to write a check or I want to have somebody else take over that day-to-day responsibility because I have other priorities that I need to deal with.

David Shifrin: For our insight this week, Lee, we’re going to have a two-part miniseries. And in talking to my colleagues here at Jarrard, they sort of flagged that they had some conversations with you about digital ROI. And being the content mercenary that I am, I thought it sounded really useful for our audience.

And so this is going to be pivoting away from reputation and cybersecurity and everything, but the conversation is about digital ROI. And the first question for today is what your take is on measuring ROI and how that differs between teams, marketing folks at local hospitals versus at larger health systems or different corporate entities.

Lee Aase: Yeah. I was saying, you know, at the smaller health systems or the local hospitals, you typically have marketers who need to be much more of a jack of all trades, need to be much more nimble and resourceful, much more like MacGyver in trying to get results.

And that has upsides and has downsides. The one of the absolute downsides is the lack of, general lack of resources. But the second then is the priority that puts on and the premium that puts on that resourcefulness, on that creativity, on experimentation.

When I was a…so this would be back in 2009, I published a document that I call my 35 theses on social media. And there were three of these that kind of relate here. And I think that’s what I was talking with our Jarrard folks about is that, number 17, social media freedom, in an ordinary sense of the word.

And that was true back then, anyway. Now, you definitely have to have some money to be on these platforms typically to be able to get the reach. But then the second one that was related to that is that I, as in I in the ROI equation approaches zero, ROI approaches infinity. If you keep getting the I smaller and smaller, that means you don’t have to show as much in terms of benefit for it too be, “Wow. That really works.” So the fact that in all these platforms that if you’re trying to MacGyver it, and that was the 19th thesis is MacGyver is the model for social media success, that you have to be creative and you can get the proof of concept really pretty easily, or at least you can experiment with things to say, So does this work or not?” without risking a whole lot. And that’s actually some of the benefit of the smaller organizations, are in the way they can be thinking about this as that, you know, when you’re working on behalf of a large, resourced organization or with the super-strong reputation, there’s more risk associated with it.

The risk/reward thing in the equation is a little bit skewed in those cases, because what if it doesn’t work? On the other hand, if you’re in a smaller organization you have a lot more upside potential, and also because these digital tools have fewer resources needed to do something that’s actually pretty solid that is a reasonably high quality, like these digital mics, these add-ons that you can get for your phone and to be able to really reduce the cost of production. It lets you try things and then prove their benefit, which can help you make the case for more resources.

David Shifrin: Great. Okay. So next time then we will talk about how healthcare marketers position digital programming to justify that ROI, which is a clear extension of this, and you’ve already talked about that a bit, but I’m looking forward to that conversation next time.

Lee Aase
laase@jarrardinc.com