This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Hey everyone, I'm Drex, and this is The Two Minute Drill, where I cover three hot stories, twice a week, all part of the 229 Cyber and Risk Community here at This Week Health. I try to make this mostly a plain English, mostly non technical look at security and risk, so it's great to share with your entire team.

The Two Minute Drill is brought to you by ORDR. You want to know everything about everything connected to your network, but you don't have the resources to manage what you're seeing? Bring ORDR to the chaos with ORDR Managed Services. Find out more at ORDR. net slash healthcare. Thanks for joining me today.

Here's some stuff you might want to know about. Whether it's at one of our summits or a city tour dinner or virtually as part of a podcast, one of the things I hear about regularly is a new variation on an old theme. When information services department can't quite deliver what end users would like to have, those staff members often go out on their own.

Whether it's building shadow IT departments or figuring out how to do work on their own personal devices. Well, there's a good article in the news site that talks about an emergence of BYOAI. Bring your own AI and the friction that it's causing at organizations all over the world. I mean, it's kind of hard to believe that this whole generative AI revolution is only about two years old.

We've come so far so fast. But if you look at your organization, you're probably going to find some folks who are using unauthorized GPT or other tools to write code or scripts or letters or business plans. And sometimes that means there's also a security or privacy problem bundled into that activity.

This article talks about some of the actions other companies have taken to better manage the unmanaged AI challenge. But between you and me, I really think a lot of it comes down to good open communication. It's better to know than to not know. There will always be teammates who are looking to innovate, but there will Get their work done more efficiently.

So where we can, we should hold them up as good examples while helping them better manage the risk that comes with innovation. You can find that BYOA story, BYO AI story this week. health.com/news. Government regulators have been really focused on medical device security over the past couple of years, but what about all those other devices?

In healthcare and across our partner base, there's actually a ton of operational technology and other IoT that can impact our ability to deliver good, safe care to our patients and families. HHS has sent out a warning now that healthcare organizations need to focus more on that OT and IoT and IOMT when you add it all together.

probably makes up the majority of devices that are on any hospital's network, and HHS is saying cyber thugs are getting better at exploiting those kinds of devices to get into our environments. The article provides links to the HHS Bulletin and links to other stories that discuss all the work the FDA and other government agencies have been doing to raise the bar on medical device security, including some of the great work done by our friends at HISAC and the Health Sector Coordinating Council.

with links to a library full of free resources that can help organizations better understand how to approach this really complicated security problem. Again, you can dig into this story and a bunch of others at ThisWeekHealth. com slash news. The 2 Minute Drill is brought to you by ORDR. You know you can depend on ORDR to give you visibility into everything on your network, but now you can also depend on ORDR Managed Services to help you stay on top of all those things, in real time, all the time.

Check out ORDR. net slash healthcare for details. 2 Minute Drill. Thanks for being here. Stay a little paranoid. Have a great holiday. I'll see you around campus.