This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Hey everyone I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the cyber and risk community here at the 2 29 Project and this week. Health, I try to keep the podcast mostly plain English and mostly non-technical, so it's easy for everyone in the organization to consume so that everyone can do their part, to keep patients, families, and the whole health system safe.

Today's episode is brought to you by Google. Health Systems are lowering cost and boosting endpoint security with ChromeOS devices paired with Chrome Enterprise, A secure browser that's trusted by billions of users. So now there's a better way for healthcare teams to work safely on the web. Learn more or schedule some time with the Google Healthcare team at this week.

health.com/chromeos. Great to see everyone today. Here's some stuff you might want to know about. Well, the class action lawsuits have begun. If you don't know about the Oracle breaches, I talk about them on Monday's two minute drill and I'll put a link to that episode in the comments. Now, specialist class action lawyers have launched proceedings against Oracle in Texas.

Over the recent alleged cyber incidents, lawyers demanded a jury trial on their filings with the US Western District. Court near Oracle's headquarters in Austin. The lawyers make a long list of claims citing Oracle's security posture alleging a poorly designed security framework, uh, failure to train staff not using software that could have prevented the attack.

The list goes on and on and on, and clearly there's a lot more coming up on this story. Members of the health sector Coordinating Council's cybersecurity working group testified to Congress on April 1st. The focus was mostly on medical device security and the now on hold HIPAA security rule update on that issue.

Witnesses testified that as written, the proposed rules, cost estimates were unrealistic. Implementation would be more complex than anticipated. And they were also dubious about the effectiveness of the rule's compliance approach in achieving a better cybersecurity posture across the industry. In the end, they recommended that the administration suspend any further consideration of the NPRM as written.

End quote. There's more on this story at the news site, including the HCCs proposal to undertake a consultative approach to better define cybersecurity controls that should be mandatory and what a phased approach might look like given the financial reality of most healthcare organizations. And if you've not updated your Apple devices recently, please do.

There's three critical zero day vulnerabilities that were announced last week, and this just popped into my feed. If you're using an Apple app store product called GPS app, you might wanna reconsider that. The app has 320,000 downloads. It's used by folks to keep tabs in their kids and their family and their friends locations while researchers have figured out how to steal that data and stock users in real time.

You can read more on that story and all these stories and all the latest on healthcare innovation, tech and security news at the industry's fastest growing news site this week. health.com/news. Today's episode is brought to you by Google. You can keep patient data safe and reduce the burden for IT operation, staff, and create a better clinician experience all with one platform.

Google ChromeOS with Chrome Enterprise. Find out how by scheduling a chat today. Go to this week, health.com/chromeos. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.