Q&A with Valleywise Health CISO Todd Bell: “This industry is ripe for disruption”

Todd Bell, CISO and executive director of IT compliance at Valleywise Health in Phoenix, used to fight fires in the Colorado wildlands. Now he fights cybersecurity fires, and they’re both equally hard jobs, he says. In this interview, Bell talks about the trends and difficulties CISOs face in their roles today. Ransomware is rampant, and vetting third-party vendors is key, Bell says. He also firmly believes in challenging the IT team and himself to be better every day at protecting the security of the organization, including creating a safe environment for them to speak up when they see a potential problem. Bell also talks about being a fan of the cloud and concerned that some vendors aren’t doing a better job of product lifecycle management.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

We would like to be more aggressive with how we want to implement technology to provide better patient care, but the reality is that our vendors are really kind of slowing us down, unfortunately.

Kronos really opened our eyes, especially mine, that we have to go back and really look at some of our bigger vendors and make sure that we have better processes in place in case another one of our vendors happens to get hit by a ransomware attack.

I do have some concerns about people wanting to stay in cybersecurity for the long haul, because you know, it’s becoming a burnout job.

Guerra: Todd, thanks for joining me.

Bell: Thank you for having me.

Guerra: Happy to do so. Todd, can you start off by telling us a little bit about your organization and your role?

Bell: We’re an organization of just under 5,000 folks. We are a major burn center and also behavioral health and a teaching hospital. We have locations throughout the Phoenix area.

Guerra:  Okay, very good. All right. One of my favorite starting points is to find out how everyone wound up where they are now. So, how did you wind up being the chief information security officer at Valleywise Health? What’s your career path that got you here?

Bell: It was a little bit by accident, a 115-degree day, unpacking a U haul, and a really upset wife. That’s how it started off as I relocated. And just as we’re unpacking the U haul – we relocated from Colorado to Scottsdale, Arizona – the CEO called me up and told me they did about a 70 percent furlough reduction. And so just as we were unpacking, we found out about the news. And so that’s when I had to get my butt in order and start calling around. And so coincidently, I already knew about Valleywise Health and had some contacts and knew about the position being open. And that’s how I ended up becoming the CISO for Valleywise Health.

Guerra: But I’ve got to ask, when you got that call, was it an “Okay, I got this; I can handle this,” or was it “I cannot believe what just happened?”

Bell: You should have seen the look on my wife’s face. She wanted to kill me. I love her. She still stuck with me. And we made it to our 25th anniversary. (laughter)

Guerra:  Congratulations! I see this is your first job in healthcare. Is that correct?

Bell: I’ve been in healthcare from more of an advisory and consulting perspective, but it’s always been on the back end. And this is the first time I’ve really been on the clinical side of the house. And so, this is where I have a lot of room for improvement to learn about how a hospital really works, because as you can imagine,