This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 project. Cyber and Risk community here at this week. Health, I just got back from a quick trip to Madison for Epic's UGM conference. Uh, it was really cool to see everyone who.

Sort of stormed the 2 29 projects meetup. Uh, all those yellow hats. And all those yellow shoes. Thanks for coming by and for hanging out with us. And if you missed it and you wanna know where we'll be and what's going on next, then sign up. And I'll keep you posted on all the latest webinars and podcasts and other insider info, including our upcoming in-person events, like 2 29 Project City Tour dinners and summits.

Go to this week, health.com/subscribe this week, health.com/subscribe and sign up for all the latest insights, including all of our security and risk updates. It's great seeing everyone today. Here's some stuff you might wanna know about if you run Workday, the HR system that lots of healthcare organizations run.

Just know that they've disclosed a breach. This week. Attackers slipped into the environment during a recent wave of Salesforce compromises I've. Talked about that last week in the two minute drill. Early reports say attackers may have access some business contact information from Salesforce. And of course, when that happens, the exposed data could be used in subsequent attacks.

The companies still investigating the scope and the potential exposure. This is one in a string of attacks lately by a group called Shiny Hunters. Who leverage voice phishing and social engineering attacks to convince employees to give them access to their Salesforce instance. And you may think this could never happen to you.

You've been training all your employees. They would never do that. And I'm betting that that's what Qantas and Allianz and Louis Vuitton and Dior and Tiffany and Google, and lots of others said too. So keep on training. CEO impersonation scams have exploded with deep fakes of voices and faces being used to trick employees into sending money or data losses have top $200 million in the first quarter alone, and it's not just finance departments, hr, supply chain, even clinicians could be targeted.

So again, educate your workforce. A phone call or a video meeting isn't necessarily proof of identity anymore. And for healthcare, the risk isn't just dollars, it's also patient safety. So. Multi-factor authentication and a culture of trust, but verify will continue to be key. And if your spidey senses say something's not right, take that additional step.

Oh, and for all the leaders in healthcare it and healthcare in general, this whole approach only works if you have a culture and a process that makes it okay for your employees to take a beat and do the double check and not get in trouble for it. And the final story today. A lot of AI stuff today. The final story today, transcription service, Otter AI has been hit with a class action lawsuit claiming it mishandled sensitive data.

You may see Otter AI pop up in your Zoom or Google Meet or teams meetings. It's a note taking assistant that records. Everything that happens during those calls, plaintiffs say details of private meetings were mishandled and that other recordings were used without proper consent. It's not just Otter ai.

There are a lot of these tools, and I've heard security folks talk about these little bot assistance as. Zoom viruses because once they're connected to your calendar or your account, they join all your meetings and they document everything in the meeting, even when they're not invited. So the bottom line, if your teams are using these kinds of meeting assistants, know what the terms of services say and make sure everyone in the meeting knows that they're being AI documented and that they've given permission and know that.

If one of them shows up in a meeting with me, it's really likely I'll ask you to turn it off more on all those stories and a lot of other healthcare innovation, tech and security news at this week. health.com/news. You can find all of our security podcast, including the ones you might have missed at this week, health.com/on hack.

And that's it for today's two minute drill. I'm off to Burning Man until after Labor Day, so my feed probably will be pretty quiet, but I'll see you soon. Thanks for being here. Stay a little paranoid and I will see you around campus.