This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Cyber and Risk community here at this week. Health Sign Up. I'll keep you posted on the latest webinars and podcasts and other insider info, including upcoming in-person events like our 2 29 project city tour dinners.

I'm in Minneapolis right now. I'll be in Chicago tomorrow. I'll keep you updated on all the summits. And something new that's coming soon. It's easy to stay in the know. Go to this week health.com/subscribe and sign up for all the latest insights, including of course, our security and risk updates. It's great to see everyone today.

Here's some stuff you might want to know about. Let's start with something that probably won't shock you. Cyber attacks are shifting their focus, hitting physician practices and specialty groups more than ever, and it makes sense. Hospitals have tightened their defenses in the. Past few years, but small outpatient practices kind of not so much fewer resources, smaller teams, way less cyber training.

In other words, it makes 'em much easier. Pickens. Greg Garcia, executive Director of the Health Sector Coordinating Council, cybersecurity working group, talked about the risks to health providers, including smaller facilities when he testified before the Senate Help Committee last week. The threat is particularly acute, he said, for small, rural critical access and underserved, under-resourced health providers that are operating on razor thin or negative margins and haven't had the capabilities to make sufficient investments in cyber preparedness and response programs, he said.

And these attacks aren't just phishing emails or ransomware. We're seeing more and more attacks directly on EHRs and patient portals and billing systems, right at the point of care. So the bottom line is if you're part of a health system that's affiliated with or own specialty clinics, but you hold them at arms length, now may be the time to lean in, shared tech, shared risk.

And while some were relatively small, others involved hundreds of thousands of patient records. The bottom line is this. This isn't about one big breach. It's about the constant drumbeat of compromise that wears teams down and adds pressure across the system. Resilience means improving detection, response and recovery.

Not just prevention. How you doing with business continuity? How you doing with resilience? And finally, today I just moderated 2 2 29 project summits last month. One was CIOs and another was CISOs. Both groups pounded the table about challenges around data governance and artificial intelligence. This weekend I read an interview with Thomas Graham, the CISO at Gilead Sciences, who's also waving the red flag on AI and data governance in healthcare.

Graham says, as organizations sprint into ai, they're often pulling in huge data sets. Sometimes without fully understanding who owns the data and what consent structures look like for that data or where the guardrails are, and when you add in LLMs and generative ai, that oversight gap gets even bigger.

And also the unintended consequences can be worse. This isn't a new cycle for healthcare. AI may be the shiny new scalpel, but if your data governance is dull. You might very well cut something you didn't mean to. So every healthcare leader needs to slow down and double check their data use strategy, especially when it comes to using artificial intelligence.

More on all those stories and a lot of other healthcare innovation, tech and security news at this week. health.com/news. You can find all our security podcasts, including the ones you might've missed at this week, health.com/on hack. And that's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I will see you around campus.