Download the "RNS_Dan Dodson audio file directly.
RNS_Dan Dodson: this mp3 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Ed Gaudet:
Welcome to Risk Never Sleeps, where we meet and get to know the people delivering patient care and protecting patient safety. I'm your host, Ed Gaudet.
Ed Gaudet:
Welcome to the Risk Never Sleeps podcast. I'm Ed Gaudet, I'm your host today, and I'm joined today by Dan Dodson, the chief executive officer of Fortified Health Security, a recognized leader in cybersecurity that is a 100% focused on serving the healthcare market. Through Dan's leadership, Fortified partners with healthcare organizations such as Censinet to effectively develop the best path forward for their customers' security programs based on unique challenges and needs of healthcare providers. Dan is also a thought leader in healthcare cybersecurity and speaks on various topics, including security best practices, data privacy strategies, as well as risk management. Dan, welcome to the show.
Dan Dodson:
Ed, thank you so much for having me. I'm excited for what you're doing. I think this is a great opportunity to share insights and, frankly, collaborate and learn from each other. So thanks for putting this together, and I'm excited to be here today.
Ed Gaudet:
Excellent. So tell our listeners, how did you get started in healthcare, and how did you get started with a focus on cybersecurity?
Dan Dodson:
Sure, absolutely. I love this question, and it actually goes back to when I was a kid. My neighbor started and owned a medical billing business. He subsequently sold it, and it was a very successful business for him. But as a young kid, I really got to look at how he built a business, and I was always kind of entrepreneurial-minded, and obviously, my conversations with him was all around healthcare, so I knew that I wanted to be in healthcare, generally and broadly. So I pursued a degree in accounting and finance and then an MBA in healthcare organization management, and so I knew I wanted to do healthcare, but I've always had a fascination with technology and computers and the kind of perfect universe aligned with the digitization of healthcare coming on the forefront, tons of capital flowing into it, lots of needs, and I'm ready to kind of grow my career. And so I spent time at a hospital in Lubbock, Texas; I spent time on the insurance side at a third party at a TPA, had some care navigation in the early days of care navigation. So I've kind of been around it for a while, while as I was getting my education, and then just kind of fell in love in the idea of, how does technology enable safe patient care? And so I built a career around that. And then, as the health systems universe began to digitize, obviously, the cyber threat became bigger and bigger and bigger. The attack surface has broadened, we implemented the EHRs on legacy technology, from an infrastructure perspective, we kind of raced to get them in there, and I didn't spend a whole lot of time thinking about cybersecurity. And so I started poking around there and realized that maybe people needed a lot of help in cybersecurity, and so that was the first thing. And the second thing is, I recognized every health system is at a different point in their cyber journey, and so there's not, this kind of silver bullet certainly doesn't exist from a cyber perspective, but also like what each health system needs, or hospital needs is different. And so, how do you build something that allows for the optionality and scale based on where they're at in their program? And that's what I've fallen in love with and been doing here.
Ed Gaudet:
Where did you grow up?
Dan Dodson:
So I grew up in Dallas, North Dallas, originally from Hartford, Connecticut, though.
Ed Gaudet:
Oh, I did not know that. I'm from Southington, Connecticut.
Dan Dodson:
Yes.
Ed Gaudet:
All right, so did you do any time at one of the insurance companies at all?
Dan Dodson:
No, I did not. I spent time as a young child in Connecticut and then made my way to Milwaukee and then grew up mostly in North Dallas.
Ed Gaudet:
Got it, excellent. So as a CEO of an emerging company, you've got a lot of priorities, I'm sure, you're balancing. What keeps you up at night?
Dan Dodson:
You know, I think the main thing that keeps me up at night is just our obligation and responsibilities to our clients. They entrust Fortified, in some degree, with an element of their cybersecurity program that helps enable patient care. And I think that that's an obligation that I take seriously. We talk about that internally, and, you know, we want to make sure that we're doing the best for our clients so they can serve patients in their communities, and that's what really keeps me up at night.
Ed Gaudet:
Yeah, and we spent all this time over the last decade or so enabling healthcare to get on digital infrastructure, create the digital records, electronic records, etc., but we also introduced this unattended consequence of cyber threats. And it's a real big problem, especially now that it's moved from protection of the data to protection of the patient and the same patient with ransomware.
Dan Dodson:
Yeah, absolutely. And if you think about it, we're seeing, unfortunately, long periods of downtime which are super impactful to our clients' ability to deliver care, which is why we all exist, right, is for safe patient care. So you're right, it is definitely a challenge. I feel like we built a lot of great relationships with our clients to be able to put them in the best position to either avoid or recover quickly. So I have a lot of pride in, I'm humbled by the people that trust Fortified as their partner, but also realize that's a big obligation. In fact, keeps me up at night.
Ed Gaudet:
Right, and I know for years we've been telling customers that there is this threat out there, it's looming. It's not a matter of if, but when. And now you hear everybody saying that phrase.
Dan Dodson:
Yes, you're right.
Ed Gaudet:
So we've had a couple of tough years with the pandemic. What are you most proud of over the last year, personally and professionally?
Dan Dodson:
So I'll talk about professionally first. So in March of 2020, right when the pandemic was hitting, we had a, very quickly had a town hall of our company, and we laid out two priorities. Now, mind you, this is March 20th, so we really didn't know what the pandemic really meant. But we came together, we said there are two things that are going to be important for us, of equal importance. One is we wanted our associates to view Fortified as a stable environment in an unstable world. Literally, we didn't know how unstable it was going to be. That was number one. And the reason we could make that bet is because we had a lot of confidence in the business that we had built, the partnerships with our clients, and if business slowed because of the pandemic, we'll just won't hire as much. But we can say we are going to keep everybody as part of the Fortified company. That was number one. Number two was, we serve hospitals. The last thing hospitals need is for a partner, vendor, to be in their shorts when they're trying to figure out how to battle on the front lines. And so we said that, at the end of COVID, we wanted our clients to look back and say Fortified was there when we needed them, and they were in the shadows watching us when we did. And so we were very intentional about taking care of our associates and making sure that our clients always knew we were here, but it certainly wasn't the right time to be selling additional widgets or whatever else they might be. And I'm very proud of that. And I think if you were to ask our associates or our clients, we were successful in doing that, and I'm very, very proud of that. Over the last couple of years. Personally, I traveled 50 out of 52 weeks a year that, right, and my entire career. And so I think that although challenging, I feel like I've adjusted to this kind of new normal of not necessarily being on the road, and that's a personal change that I had navigated.
Ed Gaudet:
It's amazing to get people together now, you've had a couple of different meetings where you brought your folks together. We just finished up our company and sales kickoff at Censinet. And while the new normal where you bring people together and you really appreciate that time now that you spend together.
Dan Dodson:
Yeah, I think that's right. I mean, there's a lot more intentionality about when you're in front of somebody not looking at your phone or not looking at your email or not because you took that time for granted. And I feel like if there's a silver lining in this, it's when you're together with people, be dialed in, and know that the next time may be, you know, a long time away.
Ed Gaudet:
So, great point. I hadn't thought about that but you're right. I mean, don't think we talked to anybody about their phone usage during this meeting. I think people were actually engaged paying attention. That's a really great point.
Dan Dodson:
Yeah, I think so. Which I think will yield stronger and better relationships over time.
Ed Gaudet:
Yeah, I agree. So outside of healthcare and cyber, which I know is a full-time job, 24/7 job, what else are you passionate about? What would you be doing if you weren't doing this?
Dan Dodson:
Really great question. I love fly fishing. I love traveling. And so I do spend a fair bit of my free time, if you will, traveling. I love seeing and experiencing new things and exposing my kids to that, which is fantastic. So I would probably be traveling more. But as far as like if there's like another job I would do, I couldn't think of another job. And I think that there's never been a point in time that cybersecurity is more of a priority as it relates to safe clinical care, like it is exactly what needs to be happening. So I feel like we can make a really big impact to the care and communities across the country, and nothing gets me more excited than being able to be a part of that.
Ed Gaudet:
And what's interesting about cyber, unlike other areas, it's so complex, and it's just a 3 or 4 checkboxes, and you're done. You have to take a different approach to incorporating it into the fabric of your organization. So it really is, if you're not approaching it with transformation at the center of your strategy, you're probably not doing it correctly.
Dan Dodson:
Yeah, I think that's right. And I feel like whenever I talk to folks about kind of infusing cybersecurity into their organizations, I kind of tell them like, look, we want to weave cyber into the rug without ripping it. It's not stand-alone, it's everything. If you're making an investment in, let's say, patient engagement, whatever the initiative may be or whatever, right? We're going to spend all this internal effort enabling this connectivity to hopefully build a better relationship with our patients in the community. They're going to come to our health system. All of that will be undone if there's a cyber event. So not thinking about that in the context of that very important initiative doesn't make a whole lot of sense anymore. And so I think those are some of the things that we encourage folks is, is that move it from this kind of stand-alone, it's buried in IT, or maybe it's not in IT depending on what the org structure is and move it to be in front with other things that also need to be in front that are.
Ed Gaudet:
That's right, yeah. I mean, for years, we treated cyber as an IT silo process that would interface with aspects of the business, but you didn't really have that true stakeholder support. And now what you're seeing is that cyber risk really is enterprise risk, and it affects every single business process, every single business unit, every single department within an organization because everything's digitized, so you cannot treat it as a siloed process any longer.
Dan Dodson:
That's right, and our systems are designed to function with technology, and so when the technology goes away, the systems can't function for a very long period of time. And so if you think about it, we may be equipped for like a downtime period, maybe a couple hours, maybe survive a day, but longer than that, and it's like we don't even know what to do.
Ed Gaudet:
And we've experienced the closure of clinics because of ransomware, which again, if you had a data breach five, ten years ago. Sure, it's embarrassing. Sure, it's costly. It sure could affect your brand reputation at some level. But no one ever got hurt, no one died, no one, right, no businesses closed because of it. And now you have the closure of these clinics and other types of healthcare facilities because of it.
Dan Dodson:
Yeah, it's a huge problem. And I'm optimistic that progress is being made in various degrees of areas, but one that's really exciting about is how do we enable some funding mechanisms to help with this. If you think about solving this problem or minimizing this problem is probably a better way to frame it. It's never going to be fully solved. How do we minimize it to an acceptable point? It requires money, funding. And so the facilities, the clinics, the smaller end of the scale that you were just mentioning, and a lot of them even may even know what to do or at least who to call to figure out what to do. But they just can't muster up the money to do it. And so I'm encouraged by what's happening, certainly early innings, it'll take time in Washington to figure this out, but much like we helped push the digitization with aura and high tech, we've got to figure out something to do to protect these organizations.
Ed Gaudet:
Yeah, we need a version of meaningful use for security. I know you read my article on Fortified in Forbes magazine.
Dan Dodson:
You want to write for me, Ed? I'm not writing for Fortified, right?
Ed Gaudet:
Writing for Fortified now. In Forbes, where I laid out the high-level a framework for meaningful protection, but some version of that where you have that balance of incentive carrot, if you will, and then some type of penalty later on, over time, the stick, which is, I think, again, it wasn't perfect, but there was a lot of good things that came out of meaningful use. There's a lot of things that we learned about it, too. So let's not repeat the bad things, let's harness the good and, again, try to solve this together because independently, we cannot solve it. We have to come together as a community, and you're right, through government funding, through the work of all the different public and private partnerships that are being run by the HSCC, the Healthcare Sector Coordinating Council, the HHS with 405(d), and other programs. I mean, these programs are building the foundation of what I call Stronger Together, this notion of leveraging the community to combat the community of bad folks, because they're working together. Like on the Dark Web, they figured out how to distribute the load of, and the process of a cyber attack, so now they've got these microservices across a transaction, if you will, in terms of who's creating the actual payload, who's going in and collecting the money, who's funding the different roles within that community of attackers, etc. So they figured out how to organize true organized crime, we need to figure out a way to organize prevention.
Dan Dodson:
Yeah, I think that's exactly right. I mean, we talk a lot internally with our clients and try to create platforms for them to collaborate because the bad guys are collaborating. To your point, they are absolutely sharing the fastest path in and bifurcating different elements of that attack, if you will. And we've got to figure out how to come together to figure out and support each other. And I think as you see the interconnectivity continue, whether that's within your own four walls of more digitization, more outreach to communities, medical devices, whatever, but also all within your community sharing things, the data is just going to be everywhere and the potential for disruption of care, to your point earlier about what we really want to make sure we can do is just going to becoming more complex.
Ed Gaudet:
That's right, right. All right, let's switch back and get a little personal.
Dan Dodson:
All right.
Ed Gaudet:
What, I love this question. What would you tell your 20-year-old self?
Dan Dodson:
Gosh, my 20-year-old self. I think, like most people, I have spent a lot of time worrying about things that were out of my control. And so the two things that I would tell myself at 20 would be, one, it's a marathon, not a sprint, which I'm sure is a bit cliche. And the second is, control what you can control, show up every day, do the best that you can do. There are going to be things that you can't control. The best of your abilities, control them based on whatever you know to do best, and the things that you can't control, let it go. And I think that's what I would tell myself.
Ed Gaudet:
I absolutely love that response. And it's so consistent with other folks on this program. And to me, it's not the obvious response because I've asked other people as I was building out the program, and people were like, Oh, they're just going to say buy Microsoft shares, that was 20, which obviously is a good response as well. But the response of that personal journey and telling yourself, Hey, don't sweat the small stuff like it's all going to work out. Focus on what's important. Prioritize what's important. Great answer. This is the Risk Never Sleeps podcast, so I would be remiss if I didn't ask you this question. What's the riskiest thing you've ever done?
Dan Dodson:
Oh my gosh, the riskiest thing I've ever done. Great question. Um, my goodness. I'm a pretty risk-averse guy. I am in the risk management business, and so I wish I had some, like, crazy story to tell you that was action-oriented. But I will tell you. So it has to do with the career choice. So my father, he worked for one company his entire life, JC Penney's, and he moved to the Mecca, which was the corporate headquarters in Plano, which is what brought us to North Dallas. So I was a rising star at Perot Systems early in my career and had a great opportunity, it's a great company, obviously, it's traded multiple times since then, but loved everybody that I worked with and had a unique opportunity to join a public turnaround, which is the hardest thing I've ever done. And consultant I worked with became CEO, and he wanted me to come lead Strategy for this turnaround. And so in talking with my then mentors, it was like you got the cats by the tail here, this is super risky. My dad, who has been a great influence in my life, was like, I've worked for JC Penney's forever. He's like, I can't even advise you what to do. He was like, I don't even know, they paid to move me around the country. I'm like, Dad, the world doesn't work like that anymore, right? I don't know. That was a huge, huge risk that I took and it ended up working out well and was very gratifying to work with them and go through that journey. But the same path would have been to stay at Perot Systems and continue to do what I was doing there and grow a career there and took some risks. And I think I'm certainly better off for doing that and taking that risk at the behest of lots of people telling me not to do it. And so that's one that I think of it. And then, gosh, you know, I won't have any like, oh, jumped off a cliff story or anything. I'm just not that type of guy.
Ed Gaudet:
Fly fishing in Kodiak Island in Alaska. That would be risky.
Dan Dodson:
Right? I mean, yeah. I fly fished in some mangroves before, which there's some you know, extracurricular stuff, but I think that's, maybe you've inspired me and need to go, like, skydiving.
Ed Gaudet:
No, no. ..., dude. No, but it's interesting. You know, we have similar paths. My dad worked at one company all of his career. And it was funny, I think in the first decade of my career, I was on my fourth company and my dad pulled me aside, and he's like, Your mom and I want to talk to you. Do you have a problem keeping jobs? Like, I started laughing. I'm like, This is tech dad. I'll be in another four probably in the next ten years.
Dan Dodson:
And I'll even have multiple careers.
Ed Gaudet:
Exactly.
Dan Dodson:
I mean, reinvent myself. I mean, it's just so funny how business and society and that kind of stuff worked. And you know, I think there's a lost art there, though. And there was this love and belief between the associate and the company that is deep, deep-rooted, and that is special to create. I think as CEOs, you and I, we try to create that, but society around that has evolved into a different way of engaging with the place that you work at. And so it's just very different. I don't know, one's better or worse, it's just different.
Ed Gaudet:
So it's different and it's really why culture is so important to get right, because otherwise you don't really have a differentiation. I mean, I can go to Amazon, I can go to Apple, why would I come to Cincinnati or Fortified. And it's that culture that we've built, I think, that is so special that they can't find in other places.
Dan Dodson:
I think that's absolutely right. I mean, it is all about people. My team and I, we spend a lot of time talking every single week about our culture, our people. How are we doing? Are we doing the right things? And then it's become a different puzzle post-pandemic with the remote work and the hybrid model.
Ed Gaudet:
Just in the last five years, it's so different from five years prior in terms of the things you prioritize and focus on as you're building out the team, as you're building out the culture, as you think about diversity and inclusion and equity and all those things you never talked about ten years ago. And I think it's a much better place, I think that as we evolve and as cultures evolve and as society evolves, we're going to leave a much better place behind for our kids, I think, ultimately. This is to my listeners, if you're a CISO or a CIO or maybe you're a director of IT and you need help with security strategy, risk management, and you haven't checked out Fortified Security, definitely give Dan a call. They have a great organization, they have a great solution, and you should definitely consider them if you're looking around for help in cybersecurity. Dan, any last words for our listeners? Anything you'd like to leave them with?
Dan Dodson:
Yeah, I would just say that, to the listeners that are the CISOs and the CIOs and the directors of IT or the analysts, I just want to say thank you and that we recognize, Ed, that you all are on the front lines working your tails off in a high-stress job, and we see you, we hear you, and we appreciate what you're doing to help secure healthcare so we can all have safe patient care and just super appreciative, from my heart, for the things that you all do every day, it's invaluable, oftentimes, not necessarily as recognized as, frankly, I think it should be. So that's what I would say, is thank you and we hear you and keep up the good fight.
Ed Gaudet:
Thank you. That's a great way to end. And thank you to listeners, this is Ed Gaudet with the Risk Never Sleeps podcast. Thank you. Dan Dodson from Fortified Health Security. Check out the organization if you haven't already. And remember, if you are on the front lines protecting patient safety and ensuring great outcomes for patients, stay vigilant because risk never sleeps.
Ed Gaudet:
Thanks for listening to Risk Never Sleeps. For the show notes, resources, and more information in how to transform the protection of patient safety, visit us at Censinet.com. That's C E N S I N E T.com. I'm your host, Ed Gaudet, and until next time, stay vigilant because Risk Never Sleeps.
Sonix has many features that you'd love including automated subtitles, automatic transcription software, secure transcription and file storage, generate automated summaries powered by AI, and easily transcribe your Zoom meetings. Try Sonix for free today.
