INCH360 2025: Brant Borchert
Welcome to the Cyber Trapps Podcast.
I'm Jethro Jones, your host, and we are here at the beautiful Gonzaga Campus once again for the Inch 360 Conference, and we're talking to several people as part of that today we have Brent Borchert from MultiCare.
And Brent, do you want to tell us a little about who you are and what you do?
Sure.
So as you said, my name is Brat Borchardt.
I currently have the pleasure to serve for MultiCare as the regional IT leader for our Inland Northwest region, which covers the Spokane area and our Central Washington region, which is the Yakima valley at this point.
Yeah.
And so what does that mean as the IT regional leader?
So I spend quite a bit of time with our business leaders for each region, which is typically hospital presidents chief medical officers, chief nursing executives, et cetera.
And we do a lot of work to align IT, support for delivering care to patients
Managing
business objectives in our particular model.
Our IT systems are centralized.
So if you think about your end user compute folks, or your application teams or whatever, they actually report up through different teams that are run in a central manner so that we have consistency and process and standard and things like that.
And I have dotted relationships to those
groups.
For regional oversight to help prioritize response to issues or projects that need to be executed, et cetera.
Yeah.
Okay.
And so, medical information, cybersecurity and healthcare is a big issue.
There's all kinds of issues with your, just your information being out there, number one, but then also fraud and things like that.
What are the things that are most pressing to you?
Today in 2025
certainly.
The ability to run the business is pretty top
that might be up there.
Yeah.
We've seen it a lot.
I mean, ransomware's not a new thing, but it's, it still exists the bad guys know that if we're losing money every day 'cause we can't serve patients or a hospital can't be open or whatever it might be paying the ransom starts to look really good.
Yeah.
So.
That ability to still operate is very high on the list.
Data loss related to a breach is obviously still important.
If you are found negligent, you can get fines from the regulators, et cetera, et cetera.
But from a business standpoint disruption to operations is.
Is far more important these days we've seen what happens when people can't run.
I think it was scripts a year or two ago.
They were down for something like seven or eight weeks, like not serving patients right.
And that's a pretty scary thought when you think about you know, people who need healthcare.
Pretty quickly
Yeah.
and not being able to deliver that.
So, that to me, I think is still one of the top objectives for how we structure our information security and cyber risk resilience programs.
Yeah.
That's fascinating.
It's one of those things that you don't normal people probably don't think much about, and yet that's what you've gotta deal with on a regular basis.
Yeah, it's it's not unlike your typical utilities, everybody expects to be able to flip the switch and the light comes on hit your tap and water comes out.
Or if I need to go to the emergency room because I broke my arm, that it's there it's available and it will work.
And that I'll be safe and treated well and all that sort thing.
So, there's definitely a view toward healthcare being considered critical infrastructure for society.
Yeah.
Interesting.
So, what brings you to the conference today?
What are you hoping to get out of it?
So first I have a relationship already with Heather and I'm super supportive of.
Her desire to educate the world on how to be better stewards when it comes to protecting yourself, protecting the organizations that you work with.
And I love having the opportunity to connect with regional folks.
spread the good word, help people remember that.
It's a fight worth fighting.
And sometimes it feels like you can't win, but every day that a bad guy is foiled is the day that we won, is fantastic.
And particularly when I think about you know, the next generation stepping into the realm, so to speak, being defenders of the data that we all seem to put everywhere now.
I think it's a really great opportunity for folks to see.
What is being done to date and to generate new ideas about how to better protect ourselves and, the organizations that we support.
Yeah.
And I think that conferences like this, especially local, regional ones that are not like the National Cybersecurity Conference or some big huge one.
This is really focused locally here in Spokane, which makes it really valuable and and worthwhile for those of us that are here because we can talk to other people who are dealing with the same kind of things that we are.
And I think really important.
And I learn a ton every time I do these podcasts where I'm figuring out what exposure people have, what they're learning, what they're doing to defend against it, and all that kind of stuff.
It's really valuable for this local appeal, even though.
You know, some organizations are really big.
Yeah.
We're still individual people who live in a place and regardless of how big the organization may or may not be, it can impact real lives right here, close to home.
Anything you wanna add to that?
Yeah, I think it's easy as a PR practitioner in any domain to, to sort of idolize feedback from the Giants, right?
go to a conference like this and you're like, I want to hear from Google or Microsoft or Amazon or whatever.
are definitely smart people there and there are definitely cool stories they have to share.
But your local county leadership also has really cool stories to tell about, Hey we have a limited budget and we still have to go do the same things.
Here's how we got creative about attacking these problems.
Where you get to see in some cases how smaller organizations across the region might band together to have like a united front against something.
I know there's some really cool examples in Michigan where the University of Michigan Health.
Security team basically built a SOC to be used by a bunch of local, regional folks, and they all had rotating staff that would be incident responders on the soc.
Like they just made it up none of 'em wanted to pay for their own service.
Like the, those kinds of things that think are really cool to, to show what people can do and to build connectedness within community, specifically in something really hard, like fighting cybersecurity, where.
You can feel pretty isolated or under-resourced or that it's kind of a hopeless kind of thing.
And this kind of thing is just fantastic for bringing some sunshine to that part of the way that we do our work./
So, so if I may, and.
We can delete this out if you want.
But here's one of my frustrations.
I, my, I feel like my medical data for me and my family is owned by whatever provider I see.
And so I have a a MyChart by whatever that big company is in Epic.
Epic in Wisconsin.
I've actually been to their campus.
Yeah.
It's like Disneyland, right?
It's crazy.
So, so that's cool that I have a chart available.
I can go communicate with my doctor and stuff.
But my frustration is that if I go to Providence for something and then I go to MultiCare for something, which my insurance accepts both, then I have two different accounts.
And so, for example I had an ear infection and went to a MultiCare thing, but my primary doctor is is Providence.
And so.
She didn't know that I had this ear infection and didn't show up in my chart, and I would like me to own my healthcare information and not my providers.
What are your thoughts on that?
Yeah, so one, you're a hundred percent correct in the sense that you own your data.
We talk about it regularly as this idea that we are simply stewards of our patients, our employees data.
And as part of that role, we're expected to protect it and do all the right things, which includes giving it to you you want
that too.
Updating it if there's a, mistake.
Right.
And a lot of this is actually called out in regulation that says like, we have to do it.
Yeah.
It is a it's a challenge in the healthcare industry in general.
Right.
Which is.
We're all required to take all these steps to protect our data, which means we don't want to share it freely.
Yeah.
Right?
And
there
have not been, this all boils down to business and in
and my
perspective, there have not been adequate incentives put in place for creating.
What you would call one health record, right?
Which is like, it exists in one place and it doesn't matter where you go, anybody can look at it, it's all the same data.
In some senses you get that sort of thing in a single like payer healthcare you look at the or Canada, right?
It's the government system.
long as you're in the government system, which is like everywhere.
Like you have that course in the United States there are a lot of strong feelings
That sort of direction.
I think that is kind of the nirvana from patient standpoint of I don't have to worry about where I am.
can just see anything.
My doctor has access to everything regardless of whether they're my doctor.
Right?
Like other examples of that are, Hey, I'm on vacation in Florida Disney World with my kids.
And I go to the doctor, they're not gonna have, in all likelihood, access to your medical record.
Yeah.
I'm gonna fill out 20 pages of medical
right.
And they're gonna ask you like well, you like let's say you go in for chest pains, Yeah.
And they're gonna be like, well, what's your family's history heart disease?
And like, what's your blood pressure been over the last 10 years?
Right.
They're gonna want all this information.
They don't have it.
So, to a large extent healthcare practitioners would love that too.
It's just better data for making a decision.
I likelihood of it happening probably pretty low something changes kind of from a federal regulatory standpoint where they basically just say,
look, we're gonna make it required that there is in essence, a centralized exchange for healthcare data, which obviously creates a ton of.
Risk sense that all of a sudden you're putting everything in one place and a very attractive target for bad guys.
Yeah.
But
yeah, I, it's a consistent frustration
patients.
And I mean, even just basic stuff of like, I'm changing my doctor
Uhhuh
And you gotta get stuff over.
Yeah.
It's challenging.
You sign a bunch forms and even just the way they move the data isn't always very user friendly for the doctor.
Right.
Which is like, well we gave it you, but it's all basically in like a PDF format, as an attachment in the record.
So you have to open it up and read through eight pages
yeah.
to see
if it's a simple record, you know?
That's right.
That's Heaven forbid there's any complications.
Yeah.
Exactly.
Yeah.
That's very interesting.
Well I don't expect that we'll solve that problem today, but but it is good to know that you're aware of it from your perspective and that that is something that people are at least thinking about.
And I think what you said before that the incentives are not there for that to exist yet.
And I don't know what the right incentives are yet, but you might have some ideas what kind of incentives would be, would get that to move the needle.
So my first thought is some sort of financial incentive.
Every, I won't say every healthcare is a very challenging,
vertical right now.
It's difficult to break even costs continue to go up.
There are challenges with labor.
There are obviously challenges with.
Reimbursement rates from like Medicare and Medicaid, right?
Healthcare organizations lose money on that kind of care.
So if you made it financially attractive, I think you'd get a lot more people going, Hey, that would be great.
In all likelihood, this is me putting on my futurist hat.
Those changes come because of some sort of regulatory requirement, which it'll make people do it, but.
They don't do it as willingly and you'll end up with lots of ways to do, just enough to box, right?
Yeah.
And course there will be all this circling around like, well, what does it mean to share our data and how much do we have to share?
you know, gets a little silly.
To me those are the, only two things that would really drive it.
'Cause if.
it's not required and it costs me money or costs me some sort of market share or business advantage, I'm gonna do it.
Yeah, that makes total sense.
Well, Brent, this was awesome.
Thanks for taking the time to chat with me and thanks for all that you're doing here in the community and for MultiCare as a whole.
Awesome.
Thank you so much.
Appreciate it.
Yep.
