In this segment from the theCUBE + NYSE Wired: MedTech Unplugged: The Future of AI in Healthcare & Life Sciences interview series, Josh Howell, CTO of Healthcare at Rubrik, joins theCUBE’s John Furrier to make a blunt case: in modern care delivery, cyber resilience is no longer a back-office concern. Howell draws a clear line between “security” and “resilience” – prevention versus the hard work of getting back on your feet. When systems go dark, the damage is not just financial. It can be clinical, operational and human, with downtime tied to higher medical error rates and staff attrition after major incidents.
Howell also previews Rubrik’s New York workshop on building cyber resilience in healthcare, designed to help organizations map a “minimum viable hospital,” rank system recovery priorities and plan for a trusted recovery environment. The discussion widens to “AI resilience,” where visibility, change control and governance matter as much as model performance. In a sector where budgets are tight and accountability is unforgiving, Howell argues that doing the slow thinking now is what enables fast action when it counts.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences.
Thanks for confirming your account. Now you can access theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences with this email address.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: MedTech Unplugged, the Future of AI in Healthcare & Life Sciences. Signing in with LinkedIn ensures a professional environment.
In this segment from the theCUBE + NYSE Wired: MedTech Unplugged: The Future of AI in Healthcare & Life Sciences interview series, Josh Howell, CTO of Healthcare at Rubrik, joins theCUBE’s John Furrier to make a blunt case: in modern care delivery, cyber resilience is no longer a back-office concern. Howell draws a clear line between “security” and “resilience” – prevention versus the hard work of getting back on your feet. When systems go dark, the damage is not just financial. It can be clinical, operational and human, with downtime tied to higher medical e...Read more
exploreKeep Exploring
What topics are being discussed at the Healthcare Media Week event?add
What is the topic of the big event that Rubrik is hosting in New York?add
What challenges do organizations face when addressing the need to improve their risk assessment processes, particularly in relation to system downtime?add
What is Rubrik's approach to helping organizations recover from ransomware attacks?add
What does AI resilience mean in the context of technology and innovation?add
>> Welcome to theCUBE here at our New York Stock Exchange Studio. Of course, we have our Palo Alto Studio as well as Wall Street connecting tech and money, Silicon Valley and Wall Street. I'm John Furrier, host of theCUBE. This is our Healthcare Media Week. It's a lot going on in healthcare, MedTech, life science, all that's happening. Josh Howell's here. He is with Rubrik. He is the CTO, healthcare. Josh, thanks for coming in. One of the hottest areas certainly on our radar last year was these verticals that weren't about healthcare and the latest and craziest. It's a tech market. AI is creating a lot of value, a lot of value abstraction. Cyber resilience has been the hottest category in, I think, in the IT/transition to this kind of new era of infrastructure, mainly because resilience is the number one conversation in context to all this modernization. The game is changing a little bit, but it's still the same. Resilience is the number one thing. Rubrik, you guys have been doing extremely well, strategy, cyber resilience. What's the topic for the big event you guys have here in New York?
Josh Howell
>> Yeah, so tomorrow, we're leading what we're calling a working day on building cyber resilience in healthcare. We define that as being distinct and different from security. Security prevention, resilience, how do we bounce back? And every single healthcare organization I talk to has big initiatives around cyber resilience just because of the pace of attacks, and they're punishing. So we know when applications go offline, there's a 30% increase in medical errors. There are now deaths attributable to applications being offline. And these attacks are punishing not only from a financial standpoint. Many times, when I work with health systems, they're systematically underestimating the total costs, which pan out over five plus years. But also in terms of the impact to employees, their families. It's not unusual to see a lot of staff attrition after one of these events. So when you spend months getting back online and dealing with all of the fallout, nobody wants to live through that twice. So figuring out how to bounce back faster. Every organization that knows they can come back quickly doesn't have to pay a ransom, which means they're not funding future attacks for others.
John Furrier
>> And I mean, we've been covering ransomware for many years, I know. And Rubrik is well known for defining the category, so congratulations. I mean, that's what, six years ago, maybe longer. I forget what data it was, but I remember Bipul, the CEO, the founder was saying, "Look, this is a cybersecurity data problem. Data is the gold. That's what everyone wants. That's when we saw the tsunami of ransomware, but also other attacks." Give us kind of the state of where we are in cyber resilience. We focused on it last year. We think it's going to be probably double the focus this year as more and more attacks are coming online. As everyone's going more digital, certainly the aperture with AI is going to give more access. What's the state of cyber resilience right now?
Josh Howell
>> Yeah. Well, in healthcare, I think first, I'd want to approach a lot of the people I work with with a lot of empathy. It's a tough seat to be in when you've seen declining operating margins with the cuts to Medicare, Medicaid, it puts them in a tough situation to need to afford new programs, investments and resilience and all of that. So every single system we talk to knows this is something they have to work on. And in many cases, it's a need to build what we're calling a risk number around this. What is the all in risk number? If the system goes down for 30 days, what can we expect? And oftentimes, even if budgets are tight, when the board learns of that number, suddenly it becomes a program that they're willing to make funds available outside of normal budgeting cycles and to do something about it. The other problem is that this is like very multidisciplinary in nature. And growing up in IT, if there's one department, one discipline, we get that done really fast. When we need legal, compliance, risk, cybersecurity, data protection, infrastructure, it becomes this problem where we've got to nail down some corners in order to start. And it's a really difficult thing for organizations to come to terms with. And there's another problem that's inhibiting it, which is every system that gets hit, naturally the lawyers don't want people to talk. So the attackers are actually knowledge sharing freely. They're learning from each other at a rate that many of the defenders aren't, right? So that's one of the focus of our events.
John Furrier
>> Yeah. They're getting sophisticated.
Josh Howell
>> Yeah.
John Furrier
>> Take me through the workshop, because I think you just point out something that's pretty clear when you say it, but now it may not be obvious. It's not a one thing. It's a multi-faceted, multi-stakeholder execution problem one to understand and frame, and then to protect and defend.
Josh Howell
>> Yeah.
John Furrier
>> Take us through the technical linkages between the facets. Take us through, if you don't mind.
Josh Howell
>> So the deep text is pretty boring, but let's start at a high level, right? First, understanding that the impacts to many health systems are ... I kind of tell people, if I could tell you that one of your buildings was going to burn down, or at least partially, that people were going to die, that there would be endless litigation, that the financial impacts would run into the hundreds of millions to billion plus dollars. Would I have your attention? So when we start with that-
John Furrier
>> That's a yes.
Josh Howell
>> Yeah. When we start with ... This is an existential problem. We've had health systems in the United States go out of business and publicly cite the ransomware attack they experienced as what broke the camel's back. So starting there, this is an organization wide problem. And the next part is like, how many organizations are really comfortable with if everything went dark? These are the systems I want back in this order, and here are all of their dependencies. And just about every system thinks in terms of their EMR first, and it's very important, but what we find when we run some of these workshops is people debate it and they realize they need communications and identity like active directory, those sorts of things back online first before they can start recovering systems. And so we think in terms of the minimum viable hospital that you need to not only know that EMR, but also the systems that track hours, that get people paid, you're still going to need to feed patients on day three, day five, et cetera. So being able to operate your supply chain and refresh those programs is really important. We think there's about 12 categories of applications. Every health system is different depending on their focus. But then the next piece is you're probably not going to recover to production. There's going to be this endemic loss of trust that affects all of production, all of your disaster recovery systems. So you're probably going to need some third site, right? Some sterile, trusted infrastructure that you can recover to. Once you have that, then we start getting into this, "Okay, I know my list of systems. I know their priority. Can I get the underlying active directory, DNS, et cetera, back online quickly and then start running through that system?" And then it becomes not how fast you can restore, but how do we know what not to restore? If you restore the wrong things, you get to start everything I've just said all over again. So being able to threat hunt really effectively. Rubrik, we have this predictive system where we're actually able to start hashing all of the files long in advance of a ransomware attack, answer those questions in minutes, and it goes all the way back to-
John Furrier
>> That's a proactive approach.
Josh Howell
>> Right. Yep. The preemptive recovery engine is something that we do really well. But it goes all the way down to which nurses at which workstations are going to get a sterilized endpoint that gets connected back into this isolated recovery environment? And the last problem is, how do we attest that this is done? How do all of the lawyers agree that this problem has been solved? And that is a complicated series of events to do really quickly unless you've done the slow thinking ahead of time. So that's where we're trying to help people is like, do all of the slow thinking now so you can take fast action when the event comes. Because what I want people to know is there are systems who are recovering in three, four, or five days. They're not garnering the headlines. They're doing it really quickly and effectively because they've done all that slow thinking ahead of time. And there's something about the human condition that when we know what success and good looks like, we're like, "How do I do what he did?" And that's what I want people to know is that it's not a mandatory 30, 35 days.
John Furrier
>> Yeah. I like how you frame it, because on the clear alignment problem with the customer, it's, yeah, there's consequences. You can quantify them. Okay, check. That's just the beginning. And also, most people have in their mind, at least people who don't really think it through, it's like, "Oh, we're backed up. Hit a button and restore." Okay, that's old thinking and that's not new information. I'm just pointing that out. But you're getting at more of an ongoing cyber resilience. Why I like the word resilience and I want you to explain that resilience side of it, because what you just laid out was preemptive, which is pre. So that's proactively doing things. In preparation for an easy button that under the covers, there's a lot of stuff happening. Take us through that resilience. What does that look like? There's a sequence of events, order of operations on the systems you want to bring online. I got that. But from a company standpoint, how do they discuss this internally? What does cyber resilience mean? I mean, I guess that's the question. Yeah. What does cyber resilience actually mean?
Josh Howell
>> So a few things is one, when I talk about, and it's not original with me, Deloitte wrote this really prescient white paper a long time ago beneath the surface of a ransomware attack. And they point out there are these 14 categories of harm, financial harm that every organization's going to experience, right? When you map those out, they all roll back to two things. One, how long was the system down and their applications offline and how much patient data got leaked? So when we think about preparing proactively, what we want organizations to do is to know where is the sensitive data? Everyone thinks in terms of the systems of record, but if any application has an export to Excel button and they all do, that means all bets are off, right? As CISA said, you can't secure what you can't see. So first, do you know where the sensitive data is? Do you know who's accessing it? Do you know what that baseline is? And where are there unsecured data that we could go and do something about preemptively? That also helps after the fact when you're making your filings with the regulators, but then knowing what applications in what order, right? Somebody I was working with recently who would be in a position to know said that subjectively, anecdotally, that 50% of the organizations that he had helped through ransomware attacks lost at least some of their backup data because the attackers got to it. And so when we talk in terms of immutability, we don't just mean we don't change the data after it's written. We mean come hell or high water, that backup system will survive, that it will be operational on day two, that you will be able to threat hunt and do it in a very timely manner. We're talking minutes to hours instead of multiple weeks and that you know at a multidisciplinary cross-functional level which teams do what. So I was working recently with a health system and we started talking about this and someone stopped me and said, "That's a separate team. Don't bother." And I was like, "Well, where are they? We need them in the room."
John Furrier
>> They're the key team.
Josh Howell
>> Yeah. The number of workshops I've led where we ask who's responsible for restoring clean data and you get this, "Well, that's their job." And you look across the room and they're pointing the other direction and you're like, "See, this is why we-"
John Furrier
>> Perfect candidate for ransomware, because they're taking advantage. It's almost social engineering of IT.
Josh Howell
>> It is. Yep. They're attacking a no man's land.
John Furrier
>> They know the dysfunctional nature and they go after it.
Josh Howell
>> Yeah. They're attacking a no man's land in terms of the org chart, but also our technology tool set, right? So if no one team's responsible for it and we all have to collaborate and we're using disparate tools, this is why many of these recoveries, it's one of the reasons why many of these recoveries take so long, right? So that's part of our vision is give everybody the rich context they need to make the right decisions for their role within that broader framework of how do we work together when everything is down.
John Furrier
>> Josh, that's a great point because they're taking advantage of all these opportunities. I guess my question for you is in your workshops and the day in the life of what you do with customers, what's the current thinking? Where are they now? I'm sure there's less data for people. There's enough data for people to know that they got to get their act together, get the strategy. What are some of the execution best practices that are happening right now?
Josh Howell
>> Yeah. Well, I'm really glad you asked that question because it's one of the areas where I think we can bring tremendous value to our customers and the companies we're working with is Rubrik's helped over 150 plus organizations recover from ransomware and every week we're engaged with somebody helping them bring systems back online. So there is what I call an emerging body of knowledge of what these success patterns look like, right? We're not inventing it from scratch anymore. There is a predictable series of events and every attack is different, every health system is different, but we've got enough record now to know this is what good looks like. You should be prepared to understand these things, right? So that's what we're doing tomorrow is kind of helping organizations with that knowledge sharing piece of Chatham House Rules. We can't say where this happened, but there is another health system where this is what they experienced and you should be prepared for this to happen. And here's the insight in terms of how to prepare for that.
And I think that, that sort of knowledge sharing is what we need to better arm health systems who don't have a ton of operating budget to throw around. They need to make appropriate investments in the right spots to achieve resilience because every dollar matters. But I don't think there are a lot of surprises left in terms of like, what is the series of events? What is this going to feel like? So helping those teams understand what to expect is really important.
John Furrier
>> They want to lock you out and get your cash and then hold you hostage. You mentioned the event, so I want to just call that out because I think this is really kind of a cool thing you guys are doing. You having an event here at the New York Stock Exchange, bringing all your customers in. Chatham House Rules which they can talk freely, can't source it. What is some of the conversations you expect to see, and what's the makeup of the attendees? I'll say customers, partners, or take us through what's the format, what's your goals? Why should someone want to attend these events?
Josh Howell
>> Yeah. I'm really excited about the event. It's not just for customers. We've got a lot of organizations attending who aren't customers because we want to help them too. And that's one of the things I love about healthcare is there's a slightly higher sense of mission, right? Even though it's maybe not us, we want to help them because there's real patients. And we've had Rubrik employees who've taken their family members to a hospital, children or a birth and been turned away or had to go somewhere else because of a ransomware attack. So that's near and dear to our heart when it's one of our employees.
John Furrier
>> Lives on the line and it's disruptive in a fatal way.
Josh Howell
>> Yeah. So we're really focused on that knowledge sharing piece, helping all organizations prepare. So we're starting off the day with John Riggi and Scott Gee from the American Hospital Association, long-term veterans who have been through any number of cyber attacks. Our friends from Google, Mandiant, who's probably the premier incident response firm out there. I'm speaking in terms of like financial impact quantification and what cyber recovery really looks like. Scott Gee from the AHA is talking about clinical continuity, how do we identify those right applications? We've got folks coming in from Woodruff Sawyer who are talking about cyber insurance and how cyber insurers view these sorts of investments. If you have them and don't have them, how does that change your premium numbers? So I think it should be a really good day and throughout the day we're asking questions of the attendees and then aggregating their answers and trying to create communities of practice where leaving these events, they'll have other people that they can turn to and say, "How are you guys doing this? Are you approaching that in this way? Have you thought about this tool?" So I think there's a lot of value there.
John Furrier
>> I really like how you guys look at this and it's in all the hot areas, whether it's AI or some aspects of security, but certainly in cyber resilience, it's at the confluence of technology and business model and business operations because they're so tied together because the continuity, I mean just that piece alone, continuity on operations. Okay, the tech, there's some deep tech involved. So you have to get everything right and you got to be ready and then handle anything that might come your way with big numbers as consequences.
Josh Howell
>> Yeah. There's a conversation that I hear happen a lot if I had a nickel, but it usually happens, we talk about how reliant we are on technology and somebody in the room sits back and say, "Yeah, these younger doctors and nurses, they don't know how to chart on paper anymore." And everybody chuckles and they move on. But my mother is still a practicing obstetrics nurse at, I don't know, 72 because she loves what she does, right? An EMR was a relatively recent thing in her career. And yet when I talk with her, she says, "When those systems go offline, the facility is different. The interventions that we have, the level of care is much more technical. We're monitoring every patient. The documentation required is light years different than it used to be."
And so when we think about like all the way down to, there used to be a manual at every nurse's workstation on how to calculate dosages, right? So it's not just that these young doctors and nurses don't know how to work on paper. It's that healthcare has fundamentally changed as a result of thousands, literally, of cost optimization, workflow, process improvement. And I think that's one of the things that we want is for senior executives to understand that health today, health systems are entirely dependent on the technology. There are workarounds, but those are workarounds and there are certain systems that when our partners do a great job of mapping out that minimum viable hospital, they identify those applications that there is no replacement for.
John Furrier
>> Well, it makes cyber resilience more mission-critical because the upside for technology in healthcare, I would say from my 30 years in the industry more broadly, but like knowing healthcare is probably more than ever happening now. The advancements we're seeing just in the past 12, 24 months have been significant in care, operations, benefits. Those things can all come crumbling down. By the way, more technology gives more surface area for cyber issues. So cyber resilience kind of checks up an importance.
Josh Howell
>> It really is.
John Furrier
>> But then again, the budget doesn't go as big as ... The budgets aren't as large. They don't grow as fast as the technology. How do you handle that conversation? Because that comes up a lot. "Hey, my data's growing X percent, my cyber risk and resilience bar is still high, but the budgets aren't going up that high."
Josh Howell
>> Yeah. It's a really tough thing. And this is where I started off of saying like approaching the people we work with a lot of empathy because it's a really tough thing when you're being scrutinized for every single dollar and you know, because I grew up working in IT, there's a hundred things to get done and there's budget and time for 19, right? And the new regulatory frameworks, guidelines, requirements, they're always increasing, but operating budgets and reimbursement rates are not. In fact, they're right now headed the other direction. And so this is really top of mind for a lot of health system leaders is we know there's this existential risk and problem, but we're already tapped out.
John Furrier
>> Josh, I have to ask you about AI resilience. Cyber resilience, I get that. There's some crossover with data, AI, cyber is a data problem, AI is a data problem. What does AI resilience mean to you?
Josh Howell
>> Well, I think of it in terms of like we've had all these previous waves of technology and innovation and we keep relearning all of the same lessons, right? So whether it was big data or cloud or whatever the disruptors were before, we start learning it really matters to have IT involved from the beginning. Security can't be an afterthought. You can't secure what you can't see. Change control is really important, not even just on the model or the code, but also the data that you're feeding into it, right? So if you've got a rag corpus that changes without you knowing about it, you're going to start getting unpredictable results. So this is one of the areas we're really interested in with Rubrik Agent Cloud is, one, how do we find all of the AI in use? Because often it's not IT developing and deploying those. It's service lines, researchers, groups outside of IT who are later going to hand this off. And so there's all of these basic lessons around visibility, monitoring. And when an agent goes wrong, they can do tremendous harm at a superhuman scale, right? So really knowing all of the data assets that, that agent can touch, what credentials or tokens that it's using, what actions it's taking, how are we validating that it's still giving responses that are within what's acceptable. All of those things are a problem, especially at scale. Peter Drucker famously said a hospital is the most complicated form of organizational collaboration. So just imagine that you're a CISO responsible for securing and managing this panoply of AI that was implemented by other people, having the ability to see all of that in a single pane and to see the risk levels of these agents are interacting with outsiders using sensitive data, using credentials that are really powerful and they're starting to behave in ways that are strange and then knowing you're going to have to restore databases, virtual machines, directories and files back to a previous point in time to return that to within the boundaries of what's acceptable and undo the harm it caused. That's where we're-
John Furrier
>> And the resilience to your view is, from what I can hear, is that those agents can't be free-wheeling and freelancing. They got to be delegated, they got to be managed, scoped properly, but enough to monitor them, and you got to have some rules of engagement.
Josh Howell
>> ECRI, which is the patient safety organization who tests a lot of this stuff, came out and last year said they thought that AI was the highest technology threat to patient safety. So we already have 500 plus instances of where AI has caused patient harm. We have deaths now that are attributable to AI going wrong and it is a real problem of knowing what they're doing. And in some cases you can have silent failure. Nothing has gone down. It' still working, but now it's giving answers-
John Furrier
>> Sounds like a whole nother category for Rubrik, agent resilience.
Josh Howell
>> Yep, Rubrik.
John Furrier
>> All those agents back, pull them back from the field. I mean, but agents can help on the automation. It's a double-edged sword. There's an upside if they get it right.
Josh Howell
>> They're superhuman when they get it right and they're super human when they get it wrong.
John Furrier
>> Well, I'm really excited that you came in and I'm excited for the industry. You got digital twins, you got AI could potentially do some simulations, a lot more capabilities on that side to help augment the momentum you guys have. And congratulations, continued success at Rubrik. Thanks for coming on theCUBE. Appreciate it.
Josh Howell
>> Thank you so much for having me.
John Furrier
>> All right. I'm John Furrier with theCUBE. Healthcare Week here at the NYSE, but this year we're going to be covering a lot of the healthcare and AI and it spans across all aspects from supply chain to care and delivery and everything in between patient care, business operations, technical operations, all kind of mingled together and AI will help, but doesn't still change the game for resilience. The most important conversation happening in tech. Thanks for watching.
John Furrier