A Conversation with Kareem Zaki: Investing in Healthcare Cybersecurity

0:00 0:00
100
Kareem Zaki discusses the importance of investing in healthcare cybersecurity as healthcare is quickly becoming the #1 breached industry.

In this episode, Mike welcomes Kareem Zaki, General Partner with Thrive Capital. Join us as they discuss the importance of investing in healthcare cybersecurity as healthcare is quickly becoming the #1 breached industry. Also, Mike drops the big news of Scope Security’s $20 million Series A funding led by Thrive Capital.

SHOW NOTES

Welcome to In Scope, the healthcare security podcast. In each episode, we bring you insightful interviews, informative technical tips, and a unique point of view on the challenges facing the ever-changing healthcare ecosystem with host, Mike Murray.

In this episode of In Scope, The Healthcare Security Podcast, Mike Murray welcomes Kareem Zaki, Co-Founder of Scope Security and an Investor at Thrive Capital. While industry-agnostic, Thrive focuses primarily on healthcare and financial services companies.

This conversation comes at the heels of the closing of Scope Securities’ $20 million Series A round of funding led by Thrive. Kareem shares why he decided that healthcare cybersecurity needed a category-defining company and how he sees Scope leading the way through the next few years.

Kareem admits that he was not initially aware of the breadth and depth of the industry. That began to change once he learned that healthcare, out of every industry, was the most breached. He began contacting C-suite executives in a variety of organizations and was told that “healthcare is a little bit behind on the adoption curve relative to most industries.”

While quick to make the switch from the physical to the digital world, many players in the healthcare space lack the tools they need to reliably protect and manage sensitive data, which includes patient information. Since hospitals and medical devices are vital to society, they are incredibly lucrative targets for attackers. Kareem notes that health records are worth about 20 times more on the black market than credit card information.

Through Kareem’s many conversations with top leaders in healthcare, he was eventually referred to Mike specifically for his expertise in healthcare cybersecurity and common threats within the industry today.

“No one really has this solved,” says Kareem, “mostly because the tools don’t exist.” Even with a “duct tape solution,” which is the best that most healthcare systems are capable of, the full power of machine learning is not able to be utilized to drive visibility across an entire system.

Kareem also says that more leaders need to focus on the reality that cybersecurity is a patient safety issue. If these threats continue to exist unchecked, trust between patients and providers gradually erodes.

TIME STAMPS

– An introduction to Kareem Zaki and Thrive.

– Why Kareem decided that healthcare cybersecurity needed a category-defining company.

– Cutting-edge tech as a solution to solving a variety of issues in healthcare security.

– What Kareem sees in the near future of the industry.

– How to connect with Kareem.

0:00:02.9 Speaker 1: Welcome to In Scope The Healthcare Security Podcast. Each episode, we bring you interviews technical tips and a unique point of view on the challenges facing the ever-changing healthcare ecosystem. Here’s your host, Mike Murray.

0:00:22.0 Mike Murray: Hello, and welcome to a special episode of In Scope, The Healthcare Security Podcast. You’ll find out why it’s special as we go, but really excited today to have one of the most interesting thinkers on healthcare security that I happen to know, and somebody who is like a co-founder In Scope and a really good friend of mine, and somebody that I’ve been wanting to talk to in this forum for a long time. So with us today is Kareem Zaki, general partner at Thrive Capital, and I will butcher his background, he’s got all kinds of really cool things that he’s done and that Thrive has done. So Kareem, first of all, welcome to the podcast, man. And…

0:00:57.7 Kareem Zaki: Thank you Mike.

0:00:58.9 MM: Tell the world about you. I couldn’t do you justice, so tell the world where you came from, how you ended up here.

0:01:06.8 KZ: Definitely, and excited to have this conversation. I’m jealous about a lot of things about you, Mike, but definitely your projecting voice for radio and podcast is pretty amazing. And so this is fun. So yeah, just to share a bit about Thrive, I’m, as you said, a partner at Thrive capital, what is that? We’re a technology investment firm, we manage a little bit more than 15 billion of AUM, and we’re industry agnostic, stage agnostic and increasingly becoming geographically agnostic, and we only have really one rule, and that’s investment in category defining companies with multi-decade tailwinds. And so how does that play out? So we invest early in companies like Benchling or Compass or Warby Parker, or as they break out, but we still think have a lot of room to grow, such in the case of Stripe or Slack or Github. Or even beyond that, investing in Zoom and the public markets or spinning Vimeo out of IAC and helping them go public or take a public company like Collectors Universe and buying that and taking that private. But we also get involved in the earliest moments and co-found companies as we did with Scope here, but also with other companies like Oscar Health, Cedar, Cadence, Nava.

0:02:17.9 KZ: And with that wide breadth though, we counter it again with being very focused on one thing, category defining companies with multi-decade tailwinds. And we wanna be in the number one player, we wanna be a part of the trailblazing companies teams that are not just trying to meet the status quo today, but really innovate and push that forward because that ultimately ends up being the ones that kinda change the face of history. Help change all industries because we believe technologies can help transform all industries over time. And we wanna be in a market that we expect to grow for a very, very long time, because that also creates the most opportunities and most interesting service areas for these great teams to innovate and push. And on me and my personal journey, I started far away from tech investing, but actually pretty close and much deeper on the healthcare side. I admired my dad for a lot of reasons, but one of them was he was a doctor and he was helping save lives every day, and I was convinced that was the path for me too. And I was actually I was on my way to med school and had a realization towards the end of that, that our healthcare system was confusing and probably not working right, and so I got the itch to understand that better and delayed my decision to go to med school, and shortly after that, I realized that it definitely wasn’t working right.

0:03:33.2 KZ: And for a lot of the reasons, we still know today. We have the most expensive healthcare system on a per capita GDP basis or an absolute dollar basis by about 2X, and our outcomes are pretty mixed across the board. Unless you’re looking at some of the really complex diseases ’cause we do have a lot of amazing researchers trying to figure out some of those elements. We have a lot of administrative bloat in our healthcare system, a lot of times because of the brinkmanship between health systems and payers, kind of dueling on both sides. It’s confusing for consumers who actually play a very small part in what is one of probably one of their deepest, most personal decisions and thought of as an afterthought, and how a lot of the health system is formed and developed here, especially particularly in the US, all these things are us comments. And we have siloed data and experiences throughout the continue of care and reward a system that delivers much more care and not necessarily on the outcome side, and I wanted to spend a lot of time fixing that.

0:04:31.5 KZ: And so I spent some time at Black Stone trying understand it at the big level, what are the big companies doing, and then through that, I actually realized that tech was probably our best hope at a solution, and so dove in head first in that joining a small team at the time at Thrive about eight years ago. And I’ve taken that focused attack definitely to healthcare, and in this case, healthcare, cybersecurity, which I’m sure we’ll talk more about, but also into a lot of industries as well.

0:04:56.3 MM: And you mentioned about healthcare, cyber security, and so for the audience that doesn’t know, Kareem and I met when you had decided and you being you and Thrive that somebody should go solve this cyber security problem in healthcare, and we got introduced out in Silicon Valley as you were kinda canvassing the area. Tell us about that process. How did you come to the conclusion that healthcare cybersecurity was… It needed a category defining company with multi-decade tailwinds, as you say. How did you make that decision and then how did we end up meeting from your perspective?

0:05:31.7 KZ: Definitely. And so I talk about the problem and then the journey excitement and meeting up with Mike and getting to know each other over a few years before starting Scope, but it first started with curiosity, I… Quite honestly, at the beginning, I didn’t know much about cyber security, kinda maybe just, you download McAfee on your computer and that’s about it. But I was reading, and you would read some of the headlines about health systems being breached and taken down, and I was like, “That’s so terrible.” And then I wrote a few of them and I was like, “Why is this happening?” And then I saw some broad reports and healthcare was the number one breached industry, that was shocking and scaring for a lot of reasons. And so I started calling around some healthcare suite executives, some CIOs, actaully there wern’t many CISOs at the time now there’s a lot more, but even CEOs trying to understand what’s going on, and is it just that healthcare is a little bit behind in the adoption curve relative to most industries.

0:06:27.3 KZ: And there’s definitely some of that, partly because healthcare was pretty late to the digital age. A lot of things weren’t digital in healthcare till about a decade ago with a big push into electronic health records and for all the inconveniences of paper, one of the things about it is it’s pretty secure, but we’ve kind of moved past a lot of that and started to digitize a lot of these things. Increasingly things are being connected to the Internet, health systems are really using a lot of on-prem solutions, but obviously there’s cloud innovations and lots of different types of technologies.

0:06:57.5 KZ: We’ve seen, in fact, a lot of industries, healthcare weren’t a part of that for a good reason, but actually that explained only a small part of the problem and the biggest thing actually talking about people is health systems didn’t have the right tools to solve their unique challenges. General IT, cybersecurity, I’ve seen this really well, Mike, and I’m sure we’ve talked about it before but, it helps with things like your laptops and your routers, the things that are generic, that work in lots of different settings, but that’s not the vast majority of equipment or systems in a hospital, ’cause medical devices or imaging systems like your MRI machine or obviously the EHR and all these health systems were totally flying blind because nothing was really built to help them see, understand, navigate and manage that.

0:07:42.4 KZ: And that got me really worried for a couple of reasons. One, health systems have a lot of sensitive data and valuable information on patients and their health history and social security, a lot of background information and a lot of personal information, and as a result, like black market data is, I think 20 times worth more on a health record than it is actually on a credit card data. And so it’s a really important thing to actually protect consumers and that got me somewhat anxious about sharing information with health systems now that totally changed kind of the information I was sharing and maybe that’s actually not good for patient outcomes and data and things like that, if I’m really concerned about the things I can share with the health system to like…

0:08:22.8 KZ: Health systems and hospitals are a really important asset for us to protect as a country and love of the community is like, we need them to be fully functioning and back doctors know that, and so it’s become a particularly lucrative and disruptive target, and so there’s a lot of important reasons that we wanna keep our health systems protected. And the third, which also ties to how I spend a lot of time in technology, investing side is like, as I mentioned before, I strongly believe tech is a solution to proving a lot of the aspects of healthcare and if we limit adoption of new tech because we don’t know how to secure it, that’s a real disaster in my mind. And so how do we really set up the foundation that allows a lot of these health systems to innovate and push forward in the future in the ways that we need to do?

0:09:01.2 KZ: And so I started to come up with all these realizations, but one big thing is, again, as I started, I didn’t know much about cyber security. I really just identified that there’s a problem and so I just started having conversations with everyone in the cybersecurity space around, “How do we solve this problem?” And most people are like, “That sounds like a big issue, I don’t know anything about healthcare, but there’s this guy, Mike, he’s the only person I know in Silicon Valley that knows both healthcare and kind of the cutting edge forms of tech and I started hearing about your name a few times from a few people. And I was like, “Well, I gotta get in touch with Mike.” And so fortunately we got connected, I believe actually through Rob Woodruff who was at Queen base.

0:09:41.2 MM: Rob Woodruff, yeah.

0:09:41.3 KZ: Yeah. And we immediately hit it off. And kind of independently, you had been thinking about this journey, both from your experience at GE and you were leading the security team and look out at the time. And it was an instant chemistry where we’re kind of both coming to this conclusion from different aspects. Me being really close to kind of the healthcare needs, you really understanding a lot of the cyber security challenges, and it’s been a fun ride since.

0:10:08.1 MM: Yeah, I would say it was one of the best first dates of my life.

0:10:11.6 KZ: Exactly.

0:10:13.1 MM: So we’re here today actually to talk about the ongoing future. It’s a nice walk down memory lane, but I wanted to announce to the audience, one of the reasons we’re having this conversation is because, Scope just closed our Series A round, 20 million dollar A round that Thrive has led again, and I wanted to… We’re a couple of years into this journey, and you talked about innovation, you talked about all the stuff that’s been going on in terms of building technology in the health system, why are you still psyched about this space? And where do you see it going from here? And how do you see the next few years of the journey?

0:10:46.7 KZ: Definitely. So originally I had a few conversations and recognized a problem, now you and I have had a lot more conversations with health systems. And I think one of the things that’s really stood out is no one really has this solved and again, mostly ’cause the tools don’t exist, but that’s extended to 100 plus conversations that we’ve had now. And conversation after conversation, they don’t have full visibility or understanding of their network, there might be a point solution here or there, but nothing that really gives them control in a holistic viewpoint. Some of the really advanced programs might have home-stitched some things together. But again, even with a duck tape solution, which is the best they can do ’cause no one’s really helping provide for them, the systems don’t really speak and you can’t utilize the full power of machine learning to drive visibility across the entire system and we’re gonna… To push this forward to continue to protect against both bad actors and the challenges that come up, you’re gonna have to use all the powers of technology to really allow health systems to be protected and feel empowered and so… The first thing was just no one has it solved, the second thing is that most health systems see this as a core priority one, because it’s the right thing to do for patients.

0:11:58.9 KZ: Cybersecurity is a patient safety issue. I think the Advanced Health Systems really understand that because if you can’t use the fullness of your devices, if patients aren’t fully comfortable sharing their information or God forbid, as we’ve started to see a device is compromised, that’s on a patient, that there’s threatening of the patient safety, unless ransomware or other elements are paid, we’re starting to see that increasingly. Cyber security is very core to making sure that patients are safety and I think increasingly, we’re gonna see it as a patient safety issue and health systems maybe not operating at their highest level to deliver that to their patients unless that’s also up-to-date and health systems are starting to recognize that. Two it’s important for their business. Shutting down is very disruptive and costly to a lot of these health systems, and so to not have access to a lot of your core departments are turning patients away because your systems aren’t up and running. There’s thing, again, 10 years ago when you’re running on paper systems, you can kind of manage, now when your EHR or your IT system shut down these hospitals can’t operate.

0:13:03.1 KZ: And the third thing is, a lot of health systems, they care a lot about the trust and brand they’ve built in their communities, and they’ve done that over 100 plus years in a lot of these cases. And cybersecurity, and having your system shut down or patients’ safety at risk, I think a lot of executives try to recognize this, potentially the fastest, most disruptive way to lose that trust that they’d built over a really long time. And so, increasingly we this as top priority. They know it’s a problem, they wanna solve it, and I guess most importantly to our excitement, to continue furthering the relationship and building this from Thrive’s lens is that the Scope solution is really working. It’s a fantastic team, that’s seeing… Obviously, I’m biased in this, but from the lens of Thrive is a fantastic team, singularly focused on solving this problem, and we’re able to take a health system that’s doing it’s best today, flying blind on half of its network, and really give them control and power over their entire system.

0:14:01.3 KZ: And I think the other thing about the magic of it is we do without over-burdening an already stretched team, and we’re actually removing a lot of that burdening set up because, and I’ve learned as I’ve gotten deeper into cybersecurity is buying cybersecurity tools doesn’t make you more secure. A lot of times, it just generates more alerts, and right now there’s a lot of alert fatigue going on and you buy a new tool. That means they got to hire new people, I gotta manage all that while I already don’t have the resources to drive some of those things.

0:14:28.7 KZ: And we’ve been very intentional from day one. In Scope is actually… We’re definitely not gonna over-burden. If anything, we wanna lighten the burden and the load, and so while a lot of the solution is driven by obviously the software and the AI and machine-learning that we built or they programmed. And we can drive it aggressively because we’re really focused on health systems, maybe talk a little bit about the power of being singularly-focused, to Scope security versus a general solution, but we also augment it with a well-trained team that’s only focused on health systems, and so it’s elevated white-glove service, and how we engage with that. And so just to see the transformation and some of the programs we’re working with, the things we’re able to do and augment, got us really excited that we’re backing the best team with the best solution in a market that has a real problem and recognized importance. And I don’t think anyone’s gonna step back, speaking about multi-decade talent and say that cybersecurity has become a less of a problem over the next 10 years. If anything, it’s gonna become more and more of a problem, and so again, the importance of solving this today is very high. It’s only gonna get higher over time.

0:15:34.8 MM: That’s incredible. Kareem, thank you so much for being here, man. But I always ask the last question, I always ask everybody, where can the world find more of you? I know you’re not the most vocal guy in the world, but if people wanna follow your thoughts… Social media, where do they find Thrive, all of that sort of thing. Tell us about where we can find more Kareem.

0:15:55.2 KZ: Yeah, as you said, we’re not very vocal, we’re pretty heads down, we spend a lot of time with our companies working with them, a lot less time marketing and talking to people and sharing our thoughts publicly, and so I actually don’t have a great answer for you. I’m on Twitter, but it’s not interesting. Maybe on LinkedIn, but mostly just spending time with our companies.

0:16:17.8 MM: That’s right on. Dude, thank you so much for spending time with us today. I know how busy you are and how hard it is to get this on your calendar, and I appreciate it more than anything. More than anything, I’ve appreciated this journey with you and the Thrive folks from the very beginning. You’ve been here. You’ve been here since before the company had a name, before it was even really a fully formed idea, and we’ve loved your support and we love going forward with you. So thanks for coming on today, and thanks for being an incredible partner and co-founder from the very beginning.

0:16:47.4 KZ: Feeling’s mutual. And it’s only the beginning. Very excited for what’s ahead.

0:16:51.6 MM: Hey, this is Mike, and thanks for listening to this week’s episode. I have a request. We would love to hear more about topics in healthcare cybersecurity that matter to you, and the challenges that your organization is facing in securing this ecosystem. Do you have topics you’d like us to cover, or maybe you should be a guest on the show? Get in touch with us. Search for Scope Security on Twitter and LinkedIn, and we hope to hear from you soon.

[music]

0:17:25.3 Speaker 1: Thanks for joining us for this episode of In Scope. To make sure you never miss an episode, hop on over to www.scopesecurity.com to sign up. Or you can listen on Apple Podcasts, Spotify or Stitcher. And if you have ideas for topics, guests or technical tips, please contact us at [email protected]

About Kareem Zaki

ABOUT THE GUEST

Kareem Zaki is a General Partner at Thrive and spends his time both investing in and building companies. He has led investments in companies like Headway, Honor, Ramp, Rightway, Robinhood, Trade Republic, and Trialspark, and was a part of the firm’s investments in Affirm, Lemonade, and Oscar among others. Kareem is also a co-founder of Cadence, Cedar, Nava, and Scope and sits on the board of all four companies.

LINKS