At Bio-IT World, CIOs Talk Technology, Talent, And Threats

June 5, 2017

By Joe Stanganelli 

June 5, 2017 | Introducing a panel session at the start of day two of Boston's 15th annual Bio-IT World Conference & Expo last week, Jason Stowe, Founder and CEO of Cycle Computing, set the stage by pointing to how technology has accelerated life-science research—making new advances possible and increasing the likelihood of a cure to many diseases over the next few decades.

"When I started Cycle in 2005, I actually thought our job was to accelerate human minds," said Stowe. "But the job we now have in front of us is: 'How to we accelerate an entire organization?"

Indeed, as that same job extends to the CIOs of healthcare and life-science organizations, four such CIOs gathered for the plenary keynote session to talk about their roles and pain points. Moderated by Bio-IT World's Editorial Director, Allison Proffitt, the CIO panel was comprised of:

  • Rainer Fuchs, recently retired CIO of Harvard Medical School;
  • Andrea Norris, CIO of NIH and Director of the Center for Information Technology;
  • William Mayo, CIO of the Broad Institute; and
  • Aarti Shah, CIO of Eli Lilly and Company.

The panel spanned perhaps the broadest (and—ahem—Broad-est, in Mayo's case) spectrums of large-enterprise CIO experience in the healthcare and life-science realm.

Norris, representing the public sector, has held CIO roles in the federal government for over 20 years. Fuchs, representing academia, had retired in May from his nearly five-year position as Harvard Medical School's CIO after many years working in leadership roles in life-science IT and bioinformatics. Meanwhile, Mayo—while possessing a great deal of experience in IT leadership roles—has been a CIO for just under a year and a half, in the nonprofit world. Finally, Shah—a highly educated and experienced statistician and data scientist possessing relatively minimal experience in traditional IT roles—came into her CIO role at a major pharmaceutical less than a year ago.

And they all essentially agreed that technology has advanced so far in the past few years that they are faced with the perverse conundrum of getting the science to keep up with the technology instead of the other way around.

"With the advances in technology, we can do things we couldn't a few years ago," said Shah, echoing the sentiments of Rommie Amaro's keynote one day prior. (See Bio-IT World's coverage here.) "[But] people are just not knowledgeable or aware how to leverage technology for how to answer [technological] questions."

Competing Outside the Family

On this skills and knowledge gap, Shah blamed a talent shortage in STEM and IT, saying that it keeps her up at nights. She was not alone in her sentiments.

"15 years ago or longer, [in] bioinformatics,… we were competing within the family [for talent]," said Fuchs. "Now, the competition has changed very much.  We're now competing with the rest of the world for skillsets like DevOps, deep learning technology, and so on. There are a lot of organizations out there that… have very deep pockets."

"Academic institutions, we don't have stock options or things like that," he added.

Norris also agreed that a talent shortage is a significant problem—particularly where cybersecurity is involved.

"[T]here aren't enough people going into these fields by the order of magnitude to our demand—and that's a practical reality," argued Norris. "We have got to start thinking about more creative ways to increase that supply of people."

InfoSec as if Lives Depended on It

Fuchs also tied cybersecurity to the talent-shortage issue—as well as to what he called "ignorance in the user community."

"Most of us scientists don't know anything about information security; they don't know very much," said Fuchs. "Most of our programmers couldn't write safe code if their lives depended on it."

Shah, for her part, noted that patients' lives do depend on it because of the advances in and growing ubiquity of connected care.

"I worry about a world of integrated care [and] connected care because that's the next innovation in healthcare—and has tremendous benefit to the patient," said Shah. "[What if a security incident] happens over there that goes directly to patient safety and lives[?] Think about that."

Meanwhile, in spite of panelists' commentary on the lack of industry talent, Norris was emphatic on the point that maintaining "basic security hygiene"—such as running antimalware software, having basic network monitoring and intrusion detection, and maintaining up-to-date patch management—was a bigger and more widely spread security problem in the industry than advanced technological attacks.

"It's not the new sexy thing or new technology that is bringing organizations down," said Norris. "It's the fact that you didn't deploy a patch that you should have months ago."

Fuchs voiced his own agreement, pointing to the success of phishing attacks.

"Most [of the time, in a security incident], somebody clicked on a link they shouldn't have clicked.  It's as simple as that," said Fuchs. "We've spent lots of money [on cybersecurity], but I think the biggest bang for the buck comes from education. And it's very simple. Don't click on stuff."

Moving Fast in an Intersection

Mayo stood out as the lone panelist to downplay the security issue.

"I don't think the biggest risk is information security," said Mayo. "I think the biggest risk to our environment is… ignorance of what we're about, ignorance of what's possible, ignorance of what it takes to get it done right."

Here, Mayo harkened back to the ideas Stowe presented in his introduction on "get[ting] science done quicker and in a way that has never been done before," noting that things like innovation and consensus on ethical issues are a much bigger concern.

"It's what we're all doing here," said Mayo. "The intersection of medicine and technology and science and all the different pieces that this room represents… why wouldn't you want to be here? This is where it's at."