This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Hey everyone, I'm Drex, and this is the 2 Minute Drill, where I do three quick stories twice a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. Today's drill is brought to you by Fortified Health Security. No matter where you're at in your cybersecurity journey, Fortified can help you improve your security posture through their 24 7 threat defense services or advisory solutions.

Delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program. Learn more at fortifiedhealthsecurity. com. Thanks for joining me today. Here's some stuff you might wanna know about. Two factor authentication.

Your organization may use something called YubiKey, YUBI, UBI Keys, if you have those, you might want to take a look at the story and wired and several other sources about a newly discovered cryptographic flaw. Should a bad guy get a hold of your YubiKey, in particular the 5 series, they can clone it, and as you can imagine, that's probably not a good thing.

And apparently patching isn't really possible in this case. Talk to your team, talk to the YubiKey reps. See what kind of risk you're bearing and what your options might be. There's an article in IT Risk Australia, I know, I can't believe I read it either, about the author of the book, How to Measure Anything in Cybersecurity Risk.

And it's about the increasing imperative to quantify risk, because everyone's budget's under the microscope. He also talks about how to better communicate about risk in business language and how to measure and how to ask for resources. leveraging all that new insight on risk. I've ordered the book, I'll let you know how it goes, unless it puts me to sleep.

But I guess that's the risk I'll have to take. On the last headline today, be sure to catch the story on how the hospital industry's legal win over its use of website tracking technology could leave patient data more vulnerable. The case may make it more likely that patient data will be shared with online marketers.

This all ties back to a case this summer where Health and Human Services lost a lawsuit to the American Hospital Association. AHA said HHS was overstepping its authority when it said that the use of website tracking technology violated HIPAA. If you're interested, you probably should be. This is a really good explainer for a pretty complicated privacy and technology issue.

It's published in Axios. And all the details on that story. And all the others are at thisweekhealth. com slash news. Thanks again to our two minute drill sponsor, healthcare's cyber partner, Fortified Health Security. With a 98 percent client retention rate and three consecutive best in class awards, Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their cybersecurity posture.

Find out more at fortifiedhealthsecurity. com. I try to keep it mostly plain English and mostly non technical, but some days are harder than others. I do my best. I'm glad you took a couple of minutes to hang out with me for the two minute drill. Thanks for being here. That's it for today. Stay a little paranoid.

I'll see you around campus.