Q1 2018 Earnings Call Transcript

Published:

  • Operator:
    Good day and welcome to the CynergisTek’s First Quarter 2018 Earnings Call. Today's conference is being recorded. At this time, I would like to turn the conference over to Bryan Flynn, CynergisTek Investor Relations. Please go ahead sir.
  • Bryan Flynn:
    Thank you, operator. I want to welcome everyone to CynergisTek’s first quarter 2018 earnings call. Joining us today from the Company includes Mr. Mac McMillan, President and Chief Executive Officer; Mr. Paul Anthony, Chief Financial Officer. Before we begin the formal presentation, I'd like to remind everyone that some statements made on the call and the webcast, including those regarding future financial results and industry prospects, among others, are forward-looking and may be subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in the conference call. Certain of these risks and uncertainties are or will be described in greater detail in the Company's SEC filings. CynergisTek is under no obligation and expressly disclaims any such obligations to update or alter its forward-looking statements, whether as a result of new information, future events or otherwise. At this time, I would like to turn the call over to our CEO, Mac McMillan.
  • Mac McMillan:
    Thank you, Bryan, and good morning everyone. It’s always humbling and an honor when you are recognized in the industry that you serve. In March, CynergisTek was recognized as one of the ten best cybersecurity companies of 2018 by CIO Bulletin. We were the only healthcare-focused cybersecurity firm on that list further stressing the need for increased awareness, readiness and protection within the healthcare industry. This recognition is a testament to our continued commitment to be the trusted partner to our healthcare clients. As with all industries, it is difficult to keep up with the on slot and sophistication of cyber attacks. For instance, the most recent malware attack launched by the hacker group Orangeworm which targeted healthcare as well. Orangeworm is an advanced hacker group possibly conducting attacks for the purpose of espionage. Their focus in healthcare though was on X-ray, MRIs and other medical devices rather than the traditional PCs and they did that because those traditionally demonstrate latency and maintaining up-to-date operating systems and patch profiles basically making them an easier target for exploitation. This age-old paradigm of taking advantage of the weak link continues to offer attackers a fertile environment for attacks, particularly within healthcare where the IoT environment is constantly evolving and it’s full of new technologies like the Internet of things, devices that need new approaches and protection and provide more opportunity for hackers. Healthcare cyber attacks continue to evolve and are growing at an unprecedented rate and should remain as a forefront of healthcare executives’ thought processes. Study-after-study has shown that the healthcare industry has seen significantly more attacks than other industries in the U.S. According to statistics from reported cyber incidents, the sophistication and damage that these attacks are causing also continues to increase at a rate not being seen in other industries and at a much higher cost to remediate and Medicaid. At CynergisTek, we strive to assist our clients in building cybersecurity and privacy programs that mitigate this risk by protecting systems, data, operations and respecting the privacy of the patients the serve. Turning to this quarter, in perspective to our last call together, things generally remain consistent. At the beginning of the quarter as expected, we experienced slower and new sales due to continued uncertainty in the market, which seem to be causing many healthcare systems to be cautious about spending. But it recovered in the last month of the quarter as the industry became more comfortable with the message out of Washington and its potential impacts on reimbursement. However, that coupled with the normal Q1 seasonality we typically see in the business affected our top-line growth. Overall, our performance was in line with our expectations with the exception of our low-margin equipment revenue segment, which took the biggest hit due to clients again reevaluating their capital spend. And as you recall, our focus in Q1 was three-fold
  • Paul Anthony:
    Thanks, Mac. Good morning everyone. On January 1, 2018, we adopted topic 606 for revenue recognition. There was no change in revenues reported using this method as compared to previous guidance. But as a result, we are now classifying revenue into the following three categories, managed services, consulting and professional services, and hardware and software resales. The full financial detail and disclosures can be found in the 10-Q. The key difference between managed services and consulting and professional services is the fact that managed services are predominantly revenues from our long-term three to five year contracts where the consulting and professional services are predominantly more short-term and project-based in nature. Breaking down the revenue into the new categories, for Q1 2018 versus Q1 2017, managed services revenue was $13.3 million, a decrease of 16%. This decrease was a result of $3.8 million drop in the MPS non-renewals which we’ve discussed in the past offset by $1.2 million in revenue growth from our existing MPS customers and growth in the security-related services to new customers. Consulting and professional services increased by 61% to $2 million due to growth in security-related consulting and professional services provided to new and existing customers. Equipment, hardware, and software resales decreased by 15% to $1 million. We maintained a gross margin at 25% of revenues in the first quarter of 2018, as compared to the same period in 2017. Non-GAAP adjusted EBITDA, after adding back stock-based comp, non-recurring charges related to our recent debt refinancing and the departure of a senior executive was $0.9 million or 6% of revenues for the first quarter of 2018 compared to $1.1 million or 6% of revenues for the same period in 2017. Non-GAAP adjusted earnings, after adjusting for the non-recurring charges, amortization of intangibles, stock-based comp, depreciation, and non-cash income tax expense was $0.5 million or $0.06 per basic and $0.05 per diluted share for the first quarter of 2018, compared to $0.6 million or $0.07 per basic and diluted share for the same quarter in 2017. At March 31, 2018, deferred revenue was $1 million, down from $1.4 million at December 31, 2017. The company had $3.4 million of cash and cash equivalents at March, effective January 1, 2018 when we adopted the new revenue recognition pronouncement. We increased deferred commissions by $0.9 million with a corresponding increase in beginning retained earnings. Deferred commissions are included and prepaid and other current assets in our consolidated balance sheet. This concludes the financial portion. I will now turn the call back over to Mac for closing remarks.
  • Mac McMillan:
    With continued heightened presence of cybersecurity in the new and sophisticated coordinated cyber attacks aimed at taking down critical infrastructure and causing systemic failure on the rise. Healthcare executives and their organizations can no longer be on the defensive, but must proactively implement monitor and enforce a comprehensive cybersecurity policy and framework that expands the entire enterprise. No longer is security just a role of the Chief Information Security Officer or IT. Now, everyone has a role in protecting the workplace. CynergisTek will continue to remain focused on helping our clients solve cybersecurity challenges both current and emerging. We also will look to expand our services through new solutions and partnerships that support our position as our clients’ trusted partner. This concludes the prepared remarks. Operator, please open the floor for questions.
  • Operator:
    [Operator Instructions] We’ll go first to Matt Hewitt at Craig-Hallum Capital Group.
  • Matt Hewitt:
    Good morning, gentlemen. Thanks for providing the update and taking our questions.
  • Mac McMillan:
    Thank you.
  • Matt Hewitt:
    Can you hear me, okay?
  • Mac McMillan:
    Okay, yes.
  • Matt Hewitt:
    Okay, good. A few questions from me. First, the decline in management services which you guys had discussed and disclosed previously it did come in a little bit greater than I had anticipated. Was there anything that accelerated those contracts falling off? And how should we be thinking about that business, I guess, over the remainder of this year?
  • Mac McMillan:
    Nothing in particular stood out from this quarter versus what we had anticipated. We do still have and expect to see some additional drop in the second quarter and then it should start to flatten out. As we mentioned, we haven’t seen quite a success in the cross-selling activity. So, I think for the year, at least we are going to, I can say, see it come down a little bit more in Q1 and then remain flat for the rest of this year. And then look to see it start driving back up in 2019.
  • Matt Hewitt:
    Okay, thanks. And then, thanks for the update on the medical device assessment services and platform. What has been the reception? As you’ve been out talking to customers, what has been the reception for that service? And how quickly do you think that those revenues could start ramping?
  • Mac McMillan:
    So, that’s one of the things that we are probably most excited about and that is that we began working, we did an evaluation over the several months with the three leading solutions that now give us the ability to actually find those devices, create an inventory, assess the risk associated with those devices and provides the information that’s necessary to actually integrate the security and the maintenance activities that go on at the hospital to maintain them. That was the kind of like the missing link that we had, which wasn’t there in the past. And so, we did that, and then we identified the one that we were most impressed with in terms of what it could do in healthcare and then we began working on the solutions and we’ve just completed developing a full set of solutions around that particular solution where we can perform the assessment. We can perform a managed service or we can actually perform the implementation and the optimization of that solution for the hospital if that’s what they desire. And we are working very closely with that solution provider to create that strategic relationship that allows us to go to market with a turnkey solution for our hospital. About three months ago, in preparation for all of this as we began to understand what it potentially would look like, we began to talk to customers and the reception was overwhelming. Everybody is just waiting for somebody to come up with the solution for this problem. And every hospital that we talk to has been incredibly positive about it. We now have, I think we have over a half-a-dozen proposals out already and we just literally rolled out that solution less than a month ago. And it’s just the one thing that our sales guys are telling us that every time they go into a conversation with a customer and they start talking about biomedical device security and the fact that we have a solution and we have a solution that involves a software that allows them to automate a lot of that has been very, very positively received. In terms of the revenue, we are not – I don’t know how to predict that yet. We are hopeful that the assessment pieces are take-off soon. We are working hard on the managed service aspect of it. And I think probably to be realistic, we probably won’t see real revenues from that until at least Q3. But, because I think we still have some work to do with the solution provider and with the hospitals, in terms of getting those things in place, but we are very – we are looking forward to this, because it’s really been a very positive discussion for us.
  • Matt Hewitt:
    Okay. And if I am hearing you correctly, it sounds like there is one device manufacturer that you are working with right now and with the potential to add others later or did I mishear that?
  • Mac McMillan:
    No, when I say solutions, I am talking about the solution that actually allows us to do the – collect the inventory on the devices that are out there. So, we are also working with several other device manufacturers themselves, because they are also very interested in our solution that we are developing here and being able to put it on the front-end of their solution that they sell to their customers. So, it’s kind of – there is two different aspects to it. There is one aspect where we are developing a set of solutions for the hospitals themselves for all the devices that they manage and we are working with a company that has developed this solution that allows us to automate that inventory and risk evaluation process. But we are also working with several device manufacturers who actually sell medical devices to hospitals, because in some case they not only sell the device but they manage the device for the hospital as well. And they are looking to partner with us to have us provide the security through them to their clients which is ultimately our client as well.
  • Matt Hewitt:
    Okay. So, with those relationships, is it the device companies that would be paying you or is it again, is it going to go back to the hospitals and the patients and making sure the hospitals are protecting or how will that contract – whose ultimately your customer in that relationship.
  • Mac McMillan:
    In that particular relationship, the device manufacturer would be our customer.
  • Matt Hewitt:
    Okay. That’s interesting. Obviously it could lead to other opportunities. Maybe one for me. Obviously, gross margins despite the revenue line I think, came in better than I was expecting. Maybe talk a little bit about some of the things that you’ve implemented to help on that part of the business? And then I’ll hop back into queue. Thank you.
  • Mac McMillan:
    So there is several things there that, obviously we’ve talked about the restructuring and revamping operations and how we deliver services that’s created efficiencies and economies and how we do things that helps margins. We are working very diligently to make sure that we keep our margins up and increase our margins on the security side. And lot of these new services that we’re rolling out are actually able to give us healthy margins as well. So, I think what you are seeing is that the security side is continuing to grow, which we are also very excited about and so that’s I think that’s helping because as it continues to grow incrementally, and because it has healthier margins overall, it’s helping that overall margin picture if you will.
  • Matt Hewitt:
    Got it. All right. Thank you.
  • Operator:
    We’ll move next to Andrew D’Silva at B. Riley FBR.
  • Andrew D’Silva:
    Hey, good morning.
  • Paul Anthony:
    Hey, Andy
  • Andrew D’Silva:
    Thanks for taking my – hey, how is it going? Thanks for taking my questions. Just to start a boring one here, if you could. Cash flow from operations, CapEx for the period, as well as what the diluted share count you are using for adjusted EPS would be useful. And then well, Paul, maybe you could help me understand with a little bit about comparing last year to this year, as you look year-over-year, do you expect somewhat similar seasonality from a revenue and margin standpoint? And any color on seasonality would be pretty helpful.
  • Mac McMillan:
    So, Paul is going to obviously answer those first questions. We’ve always seen this seasonality where the first part of the year tends to be slower than the latter quarters of the year. We were – and of course, this year that was, I think even more exacerbated by some of the pronouncements that came out at the end of last year around Medicare that definitely had all the CFOs out there, pulling back dollars and reevaluating their budgets, reevaluating their spend, which caused a much. Actually it was – in my opinion, it seems slower, even slower this year in the first quarter initially starting off than in the past. And of course, the good news is that, eventually freed up and picked up pretty significantly starting in March. But, even still, it has – unfortunately, it always has an impact on you when those deals don’t start closing right away. But, I think that kind of sort of is the way it’s always been. What we are hoping is that, as we continue to roll out more managed services and increase the number of those and the period for it to do, that over time we are going to smooth some of that seasonality out. But there is still some of that’s affected by the equipment sales or the refreshes that do or don’t happen when you expect them to – and of course the fall-off on the MPS side contributed to first quarter impact this year as well. So, I don’t think it’s an apples-to-apples comparison from last year to this year. But there is always a certain amount of seasonality there that just as part of this industry.
  • Paul Anthony:
    Okay and then, cash flow from operations was cash provided of $648,000, CapEx was minor this year. There was nothing material on the capital equipment it’s $26,000 for the quarter and then fully diluted number is 10.3.
  • Andrew D’Silva:
    Perfect. Thank you. And Mac, following up on what you just said, so, last year, if you just look at the quarters. The first quarter is actually second strongest period. So we should just expect that to deviate away from that and just look for maybe improvements on the top-line as the year continues to progress on a quarter-over-quarter basis more than anything else.
  • Mac McMillan:
    I think that’s correct. We are – I guess, we are still feeling the impact of the MPS business and we are in the cross-selling of the MPS services or the upselling of the new MPS services is – has obviously been slower than what we had hoped to and it continues to show a long sales cycle associated with those sales. The security side is continuing to grow and has continued to make progress. And I think that, over time, it’s going to have an impact, but it’s just kind of – it is what it is and so we start seeing growth again on the MPS side or we start to seeing some of the newer managed services and professional services kick in and gets fully off the ground. And that will have an impact there.
  • Andrew D’Silva:
    Okay, okay, perfect. Thanks for the color on that. And then, just looking over the landscape for security in general, it seems like healthcare security is lagging behind other sectors from a cybersecurity expense standpoint. Any color on what’s causing it? Is it maybe more focused – are they more focused on applications or stop wherever say servicing from implementations right now and what you think moves the needle and gets spending to catch-up with other industries? Or is it just the situation where it perpetually lags as it – hospitals focus more on physician retention initiatives related issues and spending to that matter?
  • Mac McMillan:
    Sure. Well, if you look at it from a historical perspective, they always lag. And they have never really been an early adopter. So, there is always going to be a certain amount of that. I think, part of what we are experiencing today was some of the lag is, like I say, some of the impact or some of the discussion around regulation. But also, we also have people out there like the AMA and the government talking about not enforcing regulation and that always causes healthcare to say, well, if I am not forced to do it, and I’ll spend those dollars somewhere else. And so you always have this balance between what regulation requires them to do. What they think they need to do from business then. And then, what the threat is doing to them. And so, it’s the balance, the counterbalance for the last couple of years and it’s particularly has been very high threat profile. That threat profile still exists today. They are still very much concerned about that. I mean, if you listen to what the hospital administrators and the CIOs talk about, cybersecurity is either their number one or number two concern that they have because of the cost associated with these incidents today. But there is still, at the end of the day, you are right, there is still balancing dollars spent here as opposed to dollars for another nurse or another piece of clinical equipment or another bed or what have you. So that balance is always there. But, I think, I don’t think the pressures today are terribly different than what they’ve been in the last ten years for instance. Just in healthcare, it’s just always a balancing act between what’s going on with regulation and what’s going on with the business and how much risk they feel they could take.
  • Andrew D’Silva:
    Okay, got it. That was very useful. And just my last question, if you could just discuss, what you are seeing as you layer on new services such as the incident response, and the vendor response and the biomedical opportunity. Is this a situation that is automatically examined by existing customers? And these are typically, just so, get a sense of the average or is this a situation where, your offerings are shelved until a contract renewal takes place? And again, I know you have 200 to 300 customers right now, but, any sense on how the averages are playing off, probably help me make a sense on what adoption could look like as we go through 2018 and then obviously more so as we go into 2019.
  • Mac McMillan:
    Sure. So, first of all, I am assuming there is probably some effects in terms of people saying, well, I am going to – I mean, wait the contract renewal and try to roll it into one contract. But generally speaking, we’ve not seen that and I think part of it’s because, mostly services are discrete enough in terms of what they do and/or the buyer is actually a different buyer. So, for instance, if you look at our managed security service, typically the buyer for that is the CIO or whoever owns security whereas patient privacy monitoring is usually the privacy officer or the compliance officer. Vendor security management is either a supply chain or it could be the CIO or it could be the compliance. So, there is a number of individuals that get involved and who own these different parts of the program that now these managed services are literally going to one buyer. So you have that, I’ll just wait to a renewal kind of impact, if you will that’s going on. And so far, what we’ve seen as it relates to incident response, particularly with respect to biomedical, they are very, very interested in seeing those as soon as we bring them up. So, it’s a matter of – if it’s high on their priority list, if it’s something that’s causing them a concern or pain right now, it doesn’t wait until renewal. It’s something that they’ll address generally sooner than later. So, it’s just a matter of presenting it to the right buyer at the hospital and getting it in front of enough people.
  • Andrew D’Silva:
    Okay, Perfect, thank you for the color and good luck going forward this year.
  • Mac McMillan:
    Thanks.
  • Operator:
    We’ll go next to William Gibson at ROTH Capital Partners.
  • William Gibson:
    Hi, Mac. Along the…
  • Mac McMillan:
    Hi, Bill.
  • William Gibson:
    Hi, yes. Along the lines of what you were just discussing, there was news in the Bay Area this week about a breach at San Francisco General and Laguna Honda Hospitals where patient data was – and it happened through one of their suppliers. Is that something that triggers a call to you? Or it’s something that you don’t respond to? Or what’s the timeline on interacting with the non-customers sort of a breach like that?
  • Mac McMillan:
    So, it depends, in some cases, if they have cybersecurity insurance, there is typically a vendor that a lot of times in an incident that their insurance will require them to reach out to first from a forensic perspective. If they don’t have that or if they don’t have a requirement to reach out to somebody, in particular and they are not a customer, a lot of times what they’ll do is they’ll pick-up the phone and call a peer somebody local that that they know, that they trust or having relationship with and ask the question who do you think we should talk to? And often times, that organization obviously as the customer of ours and we’ll get a call. But, the number of incidents that are going on, that one there obviously you saw, because it was big enough and it became public enough, quickly enough that you saw it in press. Those kinds of calls unfortunately happens way too often and all over the country with different folks. And so, if they are not a customer of ours, generally for us to hear from them proactively, doing because they picked up the phone and called somebody and that person has referred us. When we hear of an incident that we are not a customer of, we do a couple of things, one, lot of times, we don’t reach out to them directly right away, because that’s what everybody is doing and it’s the last thing they want is to receive a inbound calls from vendors. But we’ll do a lot of times is find somebody that’s near them that is a customer of ours that is a peer, because one of the things that we’ve found is most effective and being able to help people when they have an incident if we are recommended by a peer, so, often times we will reach out to one of our other customers that’s near them, and ask them to reach out and to the person and say, do you need help? We are here to help you. And that often times is the best way to get in.
  • William Gibson:
    Appreciated. Thanks, Mac.
  • Operator:
    [Operator Instructions] We’ll go next to Jeff Bash at General Pacific Partners.
  • Jeff Bash:
    Good morning, Mac, Paul.
  • Mac McMillan:
    Hi, Jeff.
  • Jeff Bash:
    How are you?
  • Mac McMillan:
    Good.
  • Jeff Bash:
    I had a question on the gross margin. I remember a couple of calls ago, you had indicated that by reducing the manpower and increasing technology that you had hoped over time to get the margins on the management services business up to 30% did not have the usual slump in the first six months or so of the new contract. Yet, here we are at 25% for the first quarter. So I am wondering, how this initiative getting the margins up on MPS is standing at this point?
  • Mac McMillan:
    So, the…
  • Paul Anthony:
    Yes, Jeff, this is Paul. Go ahead, Mac.
  • Mac McMillan:
    Go ahead, Paul.
  • Paul Anthony:
    While I was just going to comment at least on this quarter, Jeff, again, our focus was to take steps to ensure that as a result of the loss in some of those accounts that we at least maintain margins flat year-over-year and that’s what we are able to do successfully with the existing business, so. Mac, do you want to fill in on?
  • Mac McMillan:
    Yes, so, Jeff, to answer your question, as it relates to the new contracts, I think that initiative is working well. Unfortunately, as Paul said, we are still dealing with all of the legacy contracts and so it’s going to take a while to have enough new contracts business to balance and or change that margin as it relates to - overall on the MPS side. So, we’ve had two wins since we put those changes in place, one of which was on the new model. So we really only had one in the new model which was the one that we just closed this quarter or last quarter. And so, we are still carrying forward if you will all of those legacy contracts that we had prior to putting all those provisions in place. Now, we did see some improvement as a result of restructuring and recouping some of the cost associated with delivering those services. But as it relates to the margins overall, the new margins, I mean, we haven’t had enough of those wins yet to have that impact that we are looking for.
  • Jeff Bash:
    I understand that on a new contract. So, the opportunity to reorganize, restructure, how you provide the services to existing clients won’t be materially changed, is that the cycle?
  • Mac McMillan:
    From a margin percentage, that’s right, Jeff. There won’t be a material change in the margin to the existing account.
  • Jeff Bash:
    Okay. Now after we get through this year or two period after the companies are integrated and you make these various changes, what kind of long-term net after-tax margin can you see this business delivering? And I am aware that it depends on the mix that you have in a few years, because I am just sort of interested in and you have some idea of a range that this business could generate over the longer-term?
  • Mac McMillan:
    Yes, Jeff, I mean, we are still in the long-term, we’d like to see this is more on a pretax basis, but we still like to see in years, say, three, four years out trying to get this thing in the high teens. It still will go off ours based on the revenue mix and where we see the business going.
  • Jeff Bash:
    Okay, great, pretax. And with respect to the services of the biomedical device industry, I mean, there is two aspects, one the existing installed biomedical devices and the other of course, new ones sold, but, do you have any thoughts as to what kind of a total addressable market revenue potential there might be in this industry? Of course, you wouldn’t get all of it or maybe even a significant fraction, but is this a $100 million business ten years out? Or $!0 million, do you have any thoughts on that?
  • Mac McMillan:
    I don’t know that we have any thoughts on that. We’ve seen some discussion around the valuation that that the solution providers have given and it’s in the range of the numbers that you just quoted. But I am a little bit skeptical in the sense of, I think it’s still too new to – I think to understand that and primarily because you’ve got some really big players out there like ArrowMark, Philips and GE who manage a large portion of the market as it relates to biomedical devices. And then you have the very large health systems, people like, Catholic Health Initiatives, Ascension et cetera that have their own – fully-owned subsidiary who do this function for them as well. And I think, it’s going to be a combination of the market that isn’t being managed by organizations themselves directly and some level of partnership with those organizations that are managing those devices. But on behalf of somebody. So it will be interesting to see how that plays out. I don’t know that I’d put a number to it at the moment, but I think it’s safe to say that it’s – I think it’s a real – great opportunity and the reason I say that is because, this has been a problem that’s been plaguing healthcare for well over a decade. It’s gotten a tremendous amount of attention. It scares the heck out of people because, it has the potential to be both not only a cyber risk, if you will, but also patient safety risk. So, it’s something that they really genuinely are looking for a solution to. And that’s why I think we’ve seen such positive response from everybody we talk to so far about that. And so, this is probably one of the most – I think this is probably, because of the – I guess, the energy around this in the industry itself. This is probably one of the things that’s most exciting about what we are working on right now, because, all these other problems are things that ebb and flow with what’s going on in the industry, with respect to risk and they are kind of sort of mainstream issues if you will that’s been around that people are addressing as they are. But this is one where there hasn’t been a solution, a real solution for in the past. And so, this is kind of like a really wide Greenfield here. And it’s one of the few times you see that and that we’ve seen that in this industry. And so, it’s a very exciting place to be playing at the moment.
  • Jeff Bash:
    Related, although, obviously your focus is healthcare, conceptually, compare and control machine tools and then all sorts of industries, all kinds of devices, computers and so forth, do you think there is a need for this drag the industry overall way beyond just healthcare that might offer an opportunity to the company longer-term?
  • Mac McMillan:
    There absolutely is, and in fact, one of the other – there were three different solution providers that we evaluated and one of those, it was like I said, the strongest of the three as it related to healthcare, because it gave us not only the ability to identify the medical devices themselves, but it also tied us back to the endless databases and the various vulnerability databases associated with those devices. So that we could perform an actual risk evaluation against those particular devices for the hospital. But one of the other tools that we – one of the other solutions that we have evaluated and kind of put in second place, if you will, with respect to this took more of a network approach to IoT. And it is a tool that would be very applicable to just about any other industry out there that was trying to get its arms around the endpoint device security issue. And so, yes, there is and we are actually working with that company, as well. And we actually have and we have at least one implementation of that particular tool where we are working with them to understand how it works in the environment in terms of identifying IoT devices on the network. And so, the answer to your question is, absolutely and we are exploring that as well.
  • Jeff Bash:
    Okay, thanks a lot guys.
  • Operator:
    And we’ll take our next question from Kevin Dede at HCW.
  • Kevin Dede:
    Hey, Mac. Going back a couple of questioners earlier, could you just elaborate a little bit on, I guess, why you think there is a delay? Is it just kind of an implementation? I mean, I understand delay and I understand the balance. But I guess, I just don’t understand what do you think they are most worried about? And when they come to you, what they are really looking for?
  • Mac McMillan:
    When you – so, help me for a second here, when you say, delay, you mean, delay in buying?
  • Kevin Dede:
    No, yes, well, that, but also just in terms of the 20,000 plus - the industry, why healthcare providers seem to be behind the curve in adopting IT protection?
  • Mac McMillan:
    Well, I think, part of it is because, they are so singularly focused on care, on clinical care. And they pretty much put everything else secondary to clinical care. And so, typically, when they are going through their decision processes with respect to how they spend their dollars, it’s clinical care, clinical needs, et cetera are number one. Anything that has a regulatory requirement that’s outside of that is number two. And then, number three is everything else. And it’s – and so, unfortunately, even though, we think that cybersecurity is critically important and it’s something that everybody should be doing and paying attention to. And in particular, since they are making such huge investments in IT, in healthcare around systems and data and applications et cetera, you would think that they would want to protect those and make sure that they had adequate protections for them. It is still something that is not – it’s not first and foremost in the operator’s mind when they are making their purchases or making decisions. And so, that has always been that way. I think it’s better today, because there have been enough incidents that they now – I think they have a better appreciation for what they need to think about as it relates to cybersecurity and cyber protection. But, even – I’ll give you an example. We were in a – we were at a very large – one of the largest health systems in America having discussions around a particular topic and the CFO flat out came out and said, well, I get it, I understand we need to do that. I know that would make us – make it – make us more efficient. That would make us more secure. But I can use that $100,000 – now keep in mind, this is a multi-billion dollar health system, I can use that $100,000 to buy another nurse. So I have to have a good reason to go back and tell an operator that I am going to use that money on a security solution as opposed to paying for another nurse. I mean, that’s what you are constantly dealing with and what typically happens is, when is they will – depending on how strong the leadership is at the organization with respect to its awareness or concerns for cybersecurity, or how strong the CSO is at the organization or the CIO is in their position on it. It can ebb and flow from security being a very important issue to security being relegated to a not so important issue. I mean, we have two ran into – one of the top-10, well, will soon to be one of the top-10 health systems in the country as a result of a merger and the CIO that was there said, well, I don’t think we need a CSO. Like, what organization it has, tens of thousands of employees and billions of dollars in revenue and hundreds of millions of dollars in IT and in data systems, doesn’t think they need a CSO today. That’s the nature of healthcare. It’s a constant wrestling match between clinical needs or requirements and the other things that they need to as a business.
  • Kevin Dede:
    Okay. In that environment, how – I mean, which of your assets you pitch that gets them the most excited? Or when they look at the portfolio of solutions that you bring them, what has you most excited?
  • Mac McMillan:
    So, the thing that have us most excited and I think that gets them most excited are our managed services, because, one of the things that we have done really well, I think and very carefully is that we have been able to articulate the cost savings that we generate for them by the services that we provide. So, for instance, if you look at Vendor Security Management as an example, several of our health systems where we are providing that solution as we have said, you saved us at least two FTEs, the cost of two FTEs with your service and that’s huge. And on the same thing on security, same thing on patient privacy monitoring, the bottom-line is that, what gets them excited is when they can do something or accomplish something or meet a regulatory requirement and do it in a way that allows them to essentially reduce the dollars that they have to spend to do that. And at the same time, and I get the quality that they need or that they expect. And same thing with this new biomedical stuff. I mean, when you look at, and we are talking about it from a biomedical security perspective, one of the most exciting things about the new solution and this new capability is that it has the opportunity to actually reduce their cost of maintaining devices by up to 30%, which for them is huge and the reason for that is, today, everything that they do with respect to these devices is a very manual process. And in fact, a lot of the schedules that they have for maintaining devices are very arbitrary, meaning, I’ve got X number of devices. I just build out of schedule and then I perform maintenance on them and when I perform maintenance on t hem, some of them may be ready, some of them may be task ready, some of them may not be ready yet. And the reason for that is, because it’s just an arbitrary schedule, because, they don’t really know what’s going on with these devices. So, it will be the same as you , as all of us bought cars together and I drove my car for 10,000 miles a year, because I fly a lot and you drive your car 40,000 miles a year, because you are a traveling salesman. Your car is going to come up for maintenance a lot sooner than mine, but if this car dealer just had an arbitrary maintenance schedule, your car will probably have – would probably break down before you got the maintenance whereas I probably wouldn’t be ready for maintenance., when I got there. That’s what’s going on with healthcare today with these medical devices. With these new solutions that we are able to collect the data directly from these devices to know, where they are at with respect to their lifecycle in terms of when they need maintenance and what those security issues are. And we are able to develop a more dynamic maintenance schedule and security schedule that allows us to better utilize or better employ, if you will, those processes around those devices in terms of managing them. These are some of the things that are happening today and this is what gets them excited. And you start talking about that means less downtime for them with respect to the devices. I mean, they don’t have to take them offline if they are not ready to be taken offline, it’s – there is huge benefits for them with some of the solutions that are coming out today.
  • Kevin Dede:
    Okay, Mac. Thank you for the insight, the examples, and the color. Much appreciated. Thanks for taking my question.
  • Operator:
    And that conclude today’s question-and-answer session. At this time I will turn the conference back over to Mr. Mac McMillan for any closing remarks.
  • Mac McMillan:
    So, I don’t think I have any closing remarks beyond what we’ve already said. I think the bottom-line is, we are going to continue to stay focused on executing our plan. We are going to continue to look for ways to streamline and be more efficient in how we deliver those services and we are going to continue to go after new opportunities and new partnerships in terms of services that we know the market and the industry needs, so that we can hopefully continue to stay relevant and timely and be able to deliver services that have the margins that we hope for and then obviously all of you hope for. And thank everybody for joining us today.
  • Operator:
    And that does conclude today’s conference. Again, thank you for your participation.

Other earnings call transcripts: