December 13: Today on the Community channel, it’s an Interview in Action live from CHIME’s Fall Forum with Nick van Terheyden, MD, Principal ECG Management Consultants, & Podcast Host. What is radical incrementalism? The speed of change can still be fast, but it's taking small steps.
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.interview in action from the:
In our mission to develop the next generation of health leaders and they are Olive, Rubrik, trx, mitigate, and F five. Check them out at this week, health.com, and here we go. All right, here we are at the Chime Fall Forum, another interview in action. We're here with Dr. Nick Vander Hayden. We're just gonna call you Dr.
Nick. You're very
kind. Most people
do . That works out pretty well, fellow podcaster. That's true. So you have two.
I do. I have been running the Incrementalists for a long time, looking for those small changes. I talk about radical incrementalism, which is the speed of change can still be fast, but it's still small steps.
The Apollo program was small steps to get to that point, and I see that in healthcare as the way forward. And then my most recent, which is healthcare upside down, which is really trying to move the. And there I'm trying to find people that have actually made the difference in healthcare and delivered something on the ground, which is always, it can be tough to find.
You know that as a podcaster and as somebody that's been in this industry, maybe as long as me, I don't wanna age you or anything, but yeah,
probably. I remember the first time we interviewed was actually at a chime. I think it was in Orlando.
It was in Orlando. I can remember it. I still see it show up on my feed sometimes on your feet.
Cause you are so popular, bill. No,
I appreciate. That's due to my team. They're fantastic. We're gonna talk cybersecurity. We are. I read an article that you wrote about Sim Jackie, I'd love for you to set this up a little bit cuz when I read it, I've told like 50 people about it. I'm like, you wouldn't believe what's happening.
You won't believe what's, but it happened to you, so it did.
Give us. So yeah, so let me set that up a little bit and say that I'm no slouch when it comes to cybersecurity. I spend a lot of time trying to secure my own life, my information. I think like most people, my data has been breached. I'm pretty sure yours has.
Oh yeah, I have a
couple of those. Those things they send you that, here's your personal protection plan.
If you don't, you're just not receiving the email because pretty much when Experian, or was it, forget which of the. Don't wanna misquote them, but one of the big credit rating companies. No. Yeah.
It was experience
that, that covers everybody,
Yeah. , that was, and I had a insurance carrier and a health system and that all within about two years. So they send you the, the credit protection or whatever right. They
send you. And if you're not doing that, I think you're missing out. But, so I'm no slouch. Fortunately for me, I was sitting at home in my office with good wifi connect.
And the first alert I get that something is wrong is I get notification from my carrier, Verizon, in this case to say, Hey, we just want to get your approval for looking at your account from a store in Connecticut. And I'm currently in Maryland. And I go, don't think that's correct. And I click on the link, it's expired.
Don't worry, we haven't approved minutes later. I get an email to say, congratulations on purchasing your new phone and your electronic sim card. What does this mean? It means that my personal phone and importantly calls and texts are now going to a different phone that's now in Connecticut with somebody that has impersonated me.
They walked into the store. They pretended to be me with an ID that had my name, but their picture. And purchased a phone on my account, but took over my telephone number, my sim and text messages and why. And
most two factor authentication is now that,
unfortunately is the big challenge. So two factor authentication.
The baseline is to use your phone as a text message, and they send you a six digit code, I think less than 17 minutes later. I get an email from my bank saying, we've, we realize you forgot your user id, but don't worry, we've sent it to you and three minutes later we've reset your password. Thankfully I was playing interference at this point.
I'm on a number of processes to cancel my phone number and my text messaging, so that two factor and all of that reset process goes, and I was in my bank. And right behind the reset of the password, I reset it again to keep the individuals out. I was three minutes away from losing control of my bank account.
That happened fast. It did less than 47 minutes start to finish, and I did a deep dive in my browser history, messages, everything. I did a full timeline to
explore this. Targeting you or targeting
Verizon? No. They targeted it. This was a very specific targeted attack, but it. On an ongoing basis, in part because as I've discovered subsequently the protocol in this case for Verizon is if you walk into a store and say, I've lost my phone.
If you can produce an identification that matches your name and importantly your address, so they must have had my home. Then with manager oversight and approval, they will override the two factual authentication that I received, that I declined and allow for the purchase and issuing of a new SIM card.
That's the procedure. That's the procedure, which is a little bit frightening for everybody. Right? I'd be frightened if you, you're not.
No, I am. But I'm thinking one of the more interesting things that just happened though, with my new. Is we have software based sims, right? Is that going to, I'm curious if that's gonna
protect us or not.
No, not at all. In fact, this individual, I have a physical sim. He got an electronic or EIM as it's called. So no, that doesn't protect you. This is all about protocol,
man. And if you're not sitting there at your computer, Game over, man. It was some time. So if you're at a chime session, sitting in there going, oh, I'll get to this in 30 minutes.
to it. You could have been, I turned my notifications off when I go and do yoga. Last thing I want is to be notified. That's an hour long. I'm lost any number of instances. I was lucky. Very likely. So what would you do different now? So there's a part of me that doesn't want to tell you. I've gotta be honest.
No, that's fine. because it's, it's sharing the secrets, but the reality. If I know them, the feed know it. And it's the same with the Verizon protocol. So for me, there's a couple of things that I, I've done. One is I've taken out every possible instance where possible of the two factor authentication that exists with phone and text messaging and use a separate number.
That is completely concealed, not used for anything else, and is just for that purpose or be yet, use a voiceover ip, Google Voice, which is controlled separately. The other thing that I would say is almost mandatory at this point, if you don't have credit monitoring and credit protection, and quite frankly, the insurance that comes with it, because if you lose control and you lose it, it can be a long and expensive process to recover and you spend.
I, I, you must have it. And third, I would say, if you're not locking your credit so that people can't apply for things. So this is not just a credit freeze, this is locking your credit. You are missing opportunities. And for the healthcare CIOs, under no circumstances use two factor authentic. That uses text messaging.
There are multiple other fastest solutions that we should be using, like Google Authenticator or the equivalent,
the we're gonna end where we started. That's a fascinating story and I wanted to capture that story. If nothing else, I wanna send it to my kids and it actually makes me think about my bank account.
It's like, how much could they actually have gotten out? Could they have done a wire transfer? Could they have wired money out, and how much of it could they have gotten out?
Everything that was. And, and I'm just gonna say I, I'll get this opportunity. Not very often. I shout out to my kids, they stepped up.
By the time my wife, who was out of contact was back in contact, there was 47 messages between just them. They had launched the special group and were texting and confirming all of the information because they were all at much higher. Because he could text them and say, hi, this is dad. I need bloody blah.
Oh, wow. And they all stepped up because I've taught them. Yeah, that's So I'm proud of that. Just gonna say,th, priorities for:
And we do have to think about it. You almost need a, a, a security officer. No, for the family for this. That's you, bill. Well, we'll keep getting, we'll keep getting the messages out. We're gonna end where we started at the podcast.
So what have you learned doing podcasting over the years? So I,
I think the one thing, let's talk about the positives there are everybody walks in with the intention of doing good work. Nobody gets into healthcare to say, I want to deliver poor service. And that's across the board. Right? And there are real people.
Making real differences and trying very hard. The challenge we have is that the system competes against that will to deliver the best, and it is beholden to the individuals that control the power to step up to the plate and change healthcare so that the people in it can do the job that they want to.
That's the primary learning
thing for me. So how many times when you are explor. The incremental changes or the innovation that, do you hear about these roadblocks that you. Yeah, it's just outside of, it's just outside of their control to make something happen,
I think all of the time, because it's never one place.
I think that's part of the problem. So you could point unless you go all the way to the top, because ultimately I know a few CEOs that have that little sign. The buck starts here and it really does, and it's in their control and their powers. Many of the individuals underneath, it's not. But they need to step it up and the individuals at the top of the organization I think need to spend time with those groups to see and experience it because then they'll get a feel for it.
It's a bit like the boss inside or whatever that series is on tv. Yeah. They should all be doing that.
Undercover boss. Yeah. And it's interesting cuz every now and then you'll hear a CEO tell the story of our, our CEO had the story of her. Got cancer. And then she'll say, and this was my journey, and she took a six month sabbatical.
He ended up dying. She came back to the health system and she said, we have some work to do. And I
bet that made a huge difference. And it's not that I really knew. That's an awful story, and I'm sorry to hear that. But equally, that passion needs to come all the way from the top because everybody sees it, then they all act in the same.
And you have to work on best principles. I'm trying to do good here and support that.
Nick, Dr. Nick, thank you for your time. Appreciate it. It was a pleasure.
Bill. Thanks for 📍 having me.
Another great interview. I wanna thank everybody who spent time with us at the conferences. I love hearing from people on the front lines and it is Phenomen. That they have taken the time to share their wisdom and experience with the community, which is greatly appreciated. We also want to thank our channel sponsors one more time, who invest in our mission to develop the next generation of health leaders. They are Olive, Rubrik, 📍 Trellix, Medigate and F5. Thanks for listening. That's all for now.