This Week Health

Don't forget to subscribe!

August 23, 2021: Drex DeFord and Bill discuss post HIMSS. How did the in-person and digital versions of the event go? In a Chartis Group survey of 220 executives, 52% have not progressed beyond pilot stages for digital integration, 47% cite digital as a top organizational priority and 80% plan to increase their digital investments. The benefits of telehealth have become widely known on Earth but now it’s taking off in space. What is NASA’s game plan for dealing with the challenges that this brings? And the LockBit ransomware gang, who hit Accenture this week, are now recruiting insiders. Scary stuff.

Key Points:

  • Change is hard. The pandemic compelled a lot of us to do things that were not normal and were uncomfortable for us. [00:17:26
  • How do you provide healthcare in space? [00:18:35]
  • Speed is the key to cybersecurity operations [00:28:00
  • Ransomware attack. To pay or not to pay? [00:29:30
  • 3xDrex



This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Today, on this week, in health, it change is hard. The pandemic compelled a lot of us to do things that were not normal and were uncomfortable. For us,

it's Newsday. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current and engaged. Special thanks to Sirius Healthcare Health Lyrics and Worldwide Technology, who are our new state show sponsors for investing in our mission to develop the next generation of health IT leaders.

Uh, just a quick note before we get to our show. We launched a new podcast today in Health it, we look at one story every weekday morning, and we break it down from a health IT perspective. You can subscribe wherever you listen to podcasts at Apple, Google, Spotify, Stitcher, overcast, you name it, we're out there.

You could also go to today in health And now onto today's show. Today it is Newsday and this is our Post Him Show. We have some security events as usual. Unfortunately, telehealth and space and digital transformation seems to be stuck in autopilot Today we're joined by the incomparable Drex to Ford Drex, welcome back to the show.

Hey, thanks. It's always good to be with you. Glad to see you're doing well and. So we start with hims. Did you go, did you wind up making it? I did not make it. I, I canceled about a week and three days before. Mm-Hmm? . Mm-Hmm. . We were about two weeks out and we had sort of our own little staff huddle at CrowdStrike and said.

We're gonna, there's some events that we have already invested in that we're going, that we're sponsoring, and we'll continue to do that, but we won't attend in person, so we didn't attend live either. Yeah, so I, I got bits and pieces out of it. We're, we're gonna cover the story here and this is the best coverage you could possibly get when you have your own media company, which does.

They cover themselves and their CEO said they were thrilled with the numbers. They haven't released the numbers. They said they had 18,000 registrations just prior to the event. But you know, I, I, I talked to a couple people who were there. They said positive things. They said the conversations were a lot more.

Focused than they have been in the past. It was a lot easier to find the people you were trying to find if they were at the event, but it was sparsely attended. There's no getting around it. It was with regards to a himss, a normal 40,000 person event. It was much smaller than that on site, but, but again, a lot of digital presentations.

I've been looking at 'em and reading them some good presentations and I. I know. What did, what'd you hear about the event? Pretty much the same. I mean, I think I, 18,000 registrations, I don't know some fraction of that attended. I think there were a lot of people who canceled as they got closer and just attended digital only.

I had a lot of friends, a lot of folks that I knew who we had plans to meet up that wound up sending me notes and saying, we've changed our mind. If it was anywhere but Vegas, we could go. A lot of that kind of conversation. So I think there were a lot of folks who backed at the last minute, but I could totally see for the folks who went, you're not as rushed to rush through this conversation to get to the next conversation.

'cause there's nobody waiting in line or you, you take 10 minute appointments and turn 'em into 30 minute appointments. You've got a lot more time to have more in depth conversations. So that was probably good for the folks who. Who were there and, and involved in that kind of, uh, let, let me lemme throw a hypothetical at you.

If it had been in Orlando, would that have changed the, the rubric around this? Well, Orlandos is, I mean, it's as red as Las Vegas around Delta variant, right? So, no, probably not Orlando, but if it would've been in. I don't know. I'd have to look. I'd have to look at the map. , you know, I.

Um, Orlando, I would've been better than Vegas. 'cause Vegas, there's no way to control the environment because e even though Orlando might be red, the Orlando Convention Center is a pretty self-contained. I mean, if you're doing a conference there, there's nobody else there. It's not like they're doing, they're not tied into casinos and other people.

You, on your way to your room and back, you don't have any choice except to go through crowded rooms with other people. As it was. I think you got the, did you see the email where a couple people did? Did, yeah. Yeah. Test positive. Yeah. I posted about that this morning on three extracts, but I got the note and then I'm like, oh no, I hope this isn't like the beginning of something, um, big.

But it's the three people tested positive that they know of so far. I can tell you I got lots of videos from the people that I did know that went to the conference. I got videos from them regularly every night of lots of parties without masks and people not social distancing and all of that. So I think there were a lot of people who went and were in the bubble and stayed in the bubble of the conference and went to their room and came back to the bubble that were probably

Safer, but I also think there was probably an illusion of safety because there were also people who were leaving the bubble, behaving not great in the evening, and then coming back to the bubble the next day. Everybody's vaccinated. Everybody has masks, but as we see right now, there's tons of like breakthrough in infections that you don't have symptoms for.

Then you get. People who aren't vaccinated, infected, and it's just, I don't know. It's tough. Yeah. I mean, well, the, the, the good news is everybody who went to the event was vaccinated. Right? So they had that process in place. And we know that the, the breakthrough cases is, is, uh, somewhere around 5%. It's not, I mean, the unvaccinated, it's like 90% of the cases.

And Sure, sure. Some somewhere in the single digits is the breakthrough cases. So. Even, even if there was a significant outbreak amongst the people who went to himss, it's, it's still gonna be a, a fairly known low number. I'm not minimizing that. I'm just saying that I think they did everything they possibly could do to make it as safe as they could short of just canceling it.

Yeah. Yeah. And I think you're gonna have in-person conference, you know, they had, as they had a significant number of protocols in place and, and then you have to rely on the people who come to, to do the right thing after that. How did you follow the conference? I mean, did you follow it at all or did you just go back into your work?

I went pretty much back into my work schedule. There were . Digital events. I, I almost watched everything that I've watched so far has been, or during the conference, and then since the conference has been on demand, I don't think I saw anything live and that's just a schedule dictating things that I wanna see.

I. And like you said, I think the digital content, this is another one of those things that's happened over the course of the pandemic, is that in the beginning, things switched to digital and they were all pretty terrible and difficult to use and hard to find the thing that you were looking for and seeing it.

Consuming it, all of that. And we've gotten better and better and better at that over time. And I think that they did a decent job of, uh, presenting the content that they intended to present in the digital format. They did it pretty well. Yeah, absolutely. Did you watch stuff live or did you just stop? I watched, uh, I watched nothing live.

I will, I will say this, I reached out to a bunch of people that were giving presentations. I recorded my first one yesterday. And it was around population health and data around the clinically integrated network. That was a good recording and that's how I'm, I'm sort of following it. I, I picked the education presentations that I think would be valuable to the community and they sent me their deck and I'm having them on the show and I'm interviewing 'em 'cause That's great.

Those presentations are great for best practices and to really get an idea of what's working. I, I'm a huge proponent of being a, a fast follower. The first one through the wall tends to get hurt, but the fast followers tend to do well because somebody has found a gate that's open and you can just walk through it.

Yeah. Um, sense. Yeah. That's, that the practical part of this, right? The, for the people who go first and get lots of scars. They usually have really good stories to tell that give me the few practical things that I need to use that I didn't have to learn by, like you said, crashing through the wall at top speed and getting all those scars myself.

Yeah. Alright, so let's hit some of the stuff that was covered in there. So HIMSS did a survey ahead of time. This is the. Article titled The Digital Revolution has Begun, but 52% of executives have not progressed beyond the pilot stage. Alright, so they did a survey. This was presented by, let's see, first person Tom Sal, who's the senior partner with the charters group, talked about the findings.

And he talked to 220 executives on issues such as digital health, machine learning, ai. Here's some of the things that are interesting. Again, 52% of the digital transformation projects have not progressed beyond pilot stage, and I. Let's see. But they understand the need for digital transformation, so they're not progressing beyond pilot stage, but they understand the need close to half site digital as a top organizational priority and 80% plan to increase digital investments.

That's interesting. Executives question whether making an investment is the best way to begin, but a good warning sign. Is needed is that new technology plus old organization equals costly old organization. Most, 80% said they believe commercial payments need to grow to support long-term financial health.

So I wanna talk to you about those two things real quick. So the first, these projects are getting stuck in pilot and I, I think that's pretty interesting. I think it, it is interesting because it doesn't understand the, what the word pilot means. I'm with you. So isn't a pilot, like, Hey, we have this theory.

Or we have this, the, it, it, it, it is the scientific method, right? We, you and I have talked about this before by this thing that we think is gonna help our system, help our population, help quality. Let's pilot something small real quick. So we canter, determine whether it'll work and then we will start to.

To work it out. It should be something that's quick. It's a test and it provides feedback. Yeah. Why are these things getting stuck? What do you think is happening? I mean, I think you're right. Some of this is the just misunderstanding of what a pilot actually is. Pilots have defined beginnings, defined ends, and certain things that you were looking for in the.

Execution of the pilot that help you make a decision about what you're going to do next. This is why this whole 52% are still stuck in pilot program thing concerns me because if you think about pilots as something that is either a success or a failure, then that's not really a pilot. That's some project that you tried to roll out that either worked or didn't.

If you think of pilots as a success or we learned, that's really what pilots are and they have a defined endpoint. Then another decision tree about, are we going to do this? Are we gonna scale it? Are we gonna make an investment? Did this give us enough information to make another set of decisions that we wanna make about digital health?

And so if you're doing pilots right. They're not a thing that you start and get stuck with forever and then become an operational technology that people become addicted to and then you have to run them forever in pilot mode. That's not a pilot, that's just a bad project. Yeah, and we've, we've talked about this with startup companies 'cause they get really frustrated 'cause they need to make money and they need a revenue stream.

They're in startup mode and they will, uh, they'll get caught in pilot hell where they're doing like 10 pilots for different health systems, but they're not. Making any money. Sure. But, and, and, and then they just get stuck because people lose interest in the pilots. It doesn't have enough momentum. It doesn't go through to the end, and they're like, man, this is just death for them.

It's just death for a lot of things. How do we change that at health systems? How do we get health systems to understand how to structure a good pilot and how to move it forward? I think that's at least part of it, right. Some of this is tied into good governance structure and making sure that if you're gonna do pilots, you're gonna do pilots projects.

You do it in a way that is clear to, uh, everyone involved, including the primary stakeholders, and they understand that there's a start and a stop point. Because if you don't, then that's where you wind up in this situation. That's bad for both the health system, bad for it because now they've gotta continue to sort of run and support this thing that they didn't maybe really want to get involved in long term.

And like you said, bad for the startup, especially if it's a product from an early stage company, they keep making changes and making adjustments to try to make. Their product better for you in hopes that you're eventually going to buy it. And what they find out is that you've actually dragged them out into the middle of the lake and drowned them.

Right? That is not what anybody wants. 'cause that's not good for digital health in general. For those people watching on YouTube, you're gonna see that I'm having chair issues. So my, my chair is like going up and down. It is what it is. I'm just gonna keep going here. It's like a Saturday Night Live skit.

Some, it, it really is . I I just keep popping it up and going back down. But, uh, the ending phrase here, most, 88%. So 220 executives from health systems said they believe commercial payments need to grow to support long-term financial health. That's, uh, that's interesting to me. 'cause I think that's. That's flying in the face of what I believe is going to happen, which is we have such pressure against the growing cost of healthcare across the board that there, there health systems need to find another way to be financially healthy.

And one of, one of the things I've always talked about, and I always wondered is in every other industry that we were in, we've seen technology come in and really drive significant efficiencies, cost savings, efficient processes. Driving better collections, you name it. It's really helped the overall process, but in healthcare, it just seems to pile on and build the cost, but doesn't seem to drive that same level of efficiency as it does in other industries.

Has that been your experience or are we starting to see that change a little bit? I am lucky enough to have been involved over the course of my career in. Toyota Lean Production Systems, sort of thinking at a couple of my organizations and just thinking about performance improvement and process improvement and how much waste there is in the system currently, and a lot of that is driven by bureaucracy and the reality that in many healthcare systems.

Physicians are not employees, and so we have a tendency to bend and flex and try to accommodate them, which means that we do things that may not be the most efficient things in the world, and that isn't just from an IT perspective. That includes things like orthopedic fixation sets that we use in the or.

We make lots of exceptions and do lots of things that are inefficient because we want to . The, the primary producers in our organization happy. And it's not just that, it's lots of other stuff. So the system is kind of built to encourage us to be inefficient. And our tendency, I think, growing up in healthcare is to think that our inefficient processes are the best.

Practices in a lot of way, which encourages us to ask for more money, not to look internally at how we do things and see how we could be more efficient. I think there's a lot of efficiency still to be gained inside of the delivery of healthcare, both on the clinical side and the business side and even in research and, and I think we're gonna get the pressure to.

To make that internal look happen and to become more efficient. 'cause if we don't, I think you create the situation where you become the target to be acquired as opposed to being the acquiring organization. So the decision ultimately is yours, I think. Yeah, I agree. There's two more findings in this hospital at home seems to be taking root and, and, and growing.

And the other is that. Physicians in general across this survey have said they are more willing to stick with the digital tools that they have adopted through the pandemic post pandemic. And I, I don't think that's surprising to me. I think, again, it was a massive pilot of a lot of digital tools and the physicians are looking at it going, Hey.

This worked for me, this didn't work for me, and I think they'll incorporate some of those things as they move forward. That seems to be pretty obvious to me. Yeah, change is hard and I. I think the pandemic compelled a lot of us to do things that were not normal and were uncomfortable for us. But in a short period of time, those things became comfortable, and so again, I'm gonna keep using the tools that are working for me because I really don't want to change back or I don't wanna do something different.

So when you have a compelling event that causes people to change their habits and their behavior, they do it, but then it's hard to get them to change again. I think that's part of what you see there. So there, there's two things that I usually talk to you about whenever you're on the show. By the way, I'm at my exact low point, so I'm not gonna fix my chair.

This is as low as I guess you tip the camera down. Just tip the camera down a little. Yeah, I'd, I'd love to, but it's too far away from my arm. So the two topics I'd like to talk to you about, one is . Space because you're, you're a space nerd. And, uh, the second is cyber events. There been some of those. But let's start with the space one, because I think it's interesting.

There's a healthcare finance news article and they had the, was it Chief Medical Officer at the LBJ Space Center for NASA was there talking about their program? Think about, so how do you provide health in space? Is it a combination of. Telehealth and hospital at home, essentially. Remote patient monitoring and those kinds of things because you're not doing like a visit, right.

They're they're not saying, Hey, there's something wrong. We'll send an ambulance out. So, yeah. Yeah. Is that what it is? Is, is a combination of those technologies? Yeah. I mean, I think it starts with the, we only send extremely healthy people into space, right. That have been tested. End to end upside down and make sure that they don't have any emerging issues.

And then is that, is that still the case with this emerging space tourism thing? That's an interesting point. I think with space tourism, what you will find is that the duration of those flights are so short that it's more like if you had a medical emergency and you were in a commercial airplane today, they could, maybe they can do something like divert the flight.

I think this article is more about people who go to the International Space Station and are there for a month, over a year at a time. And so I think when it comes to space tourism, once you get to particular point of flight duration, there's probably gonna be a lot more conversations about how do you take care of those patients?

Should they need care, uh, while they're in space. It's a, it's a different program. I think NASA sends really healthy people to space and then they have an amazing team on the ground who, for years has dealt with, have, have really sort of built protocols around medical emergencies and, and all kinds of emergencies.

And how do you deal with them. The article talks about you can't really have an MRI machine on orbit, but they use a lot of ultrasound. Yes. And so astronauts who have to kind of be experts at everything, right? They have to know how to fix the toilet. They have to know how to run the experiments that they're running.

And for some of them, they actually have to do things like. Control the robotic arm or be able to sort of move the space station out of the way of space debris. And one of the pieces of training they get is kind of like little mini EMT. How do you use ultrasound? And then they're coached by people from the ground.

If there's something going on, move it a little bit more this way. This way. Remember that technique we taught you in training where you move the wand like this and. They're able to send information back, and certainly there are lifeboats there. If something really seriously hap you know, seriously bad happened, you needed to get somebody off the ship.

You could. And as as we go farther out, they're gonna be taking doctors, aren't they? Well. I think they kind of have to start to think about when we go further out for longer duration flight. There probably will have to be physicians on board. But you know, this is one of those things where we have sub-specialized so much in healthcare that just having a physician on board may not be enough because they may not be experts in the subsystem.

That is having a problem in a fellow astronaut. So I think the team approach of having people on the ground who can communicate with you and you know, give you all the essentially telehealth consultation that you can, you can take, I. We'll, we'll be good. At some point, the flights get so distant that there's this significant delay in that consultation, and so doing this stuff in real time may become very difficult and that'll require us to be innovative and creative and come up with new ways of handling.

One of the things I'm looking forward to seeing is how these hospital at home programs play out. Because they are, they're, they're not simple logistical challenges. They're, they're pretty complex logistical challenges in terms of getting the technology in the home, identifying the right patients that you can care for from the home, having workflows with the right level of care at the right time in the home, the right monitoring, again, technology, the whole infrastructure and those kind of things.

There's a lot of moving parts in that. And Mayo's out in front. Kaiser's out in front, and there's a couple others I, I think Mercy outta St. Louis is out in front. mountains out in front, but we're now, we're gonna have this group of people that's the next wave coming through. I think there's a an awful lot of logistics and challenges around that that is gonna make it a little harder than what I think people think it is.

It's really a combination of a lot of different things we've been doing over the year, so maybe that makes it easier, but we really do have to knit it together pretty well in order for it to work. Yeah, there's, you know, something to this tied to the sort of previous conversation of the people who go through the wall first, take all the scars and all the beatings and the people who come after have a much easier time of it.

Not that it's easy because it's not gonna be easy. But the decision tree is greatly reduced, right? We're gonna use hospital at home for these kinds of patients only who have these kinds of diseases because we have these kinds of professionals that can be involved in that kind of care. We're not gonna do hospital to home for.

20 things we're gonna do hospital home for two things. That gives organizations a chance to sort of build up their experience and their confidence that they can do this well, and then they can expand and grow after that. All right, let's talk cybersecurity. Not 'cause you're on, but because it keeps coming up in the news.

Right? Right. Scripts. So scripts had to announce their financials and so they announced the, the revenue loss from the event was $113 million and. That was partially lost revenue and partially cost of remediating the cyber event and those kind of things. They're gonna, they're going to be able to get some of that money back, but I think the max is about 15 million in insurance.

Mm-Hmm. , cyber insurance and other insurance claims. So essentially what you're looking at is potentially a hundred million dollars out of pocket. Does that now become, I, I, I just did this today show where I said, look, the, I would know these numbers backwards and forwards, and Scripps is roughly a $3 billion health system, roughly, I don't know, 16 to 18,000 employees, roughly 3000 physicians.

I would know these numbers backwards and forwards because if I were going to my board asking for money, and I would be right now saying, look, if you wanna make sure we don't have a a hundred million dollars event. I need like 10% of that money this year. Yeah. To, to really shore some things up to make sure that we're not the one that's in the news.

We're not taking a 30 day downtime and we're not taking a hundred million dollars hit to our bottom line, and that we're not even talking about reputation at this point. We're just talking $30. No, for sure. I mean, the things that don't appear in there are things like. When you have a big foundation that relies on contributions from, uh, donors, what's that impact been that doesn't, you know, necessarily figure in and, and maybe it's been nothing, right?

But, but that kind of impact doesn't figure into some of the figures that you, that you see here. And there's some math behind this too, right? We do some really interesting business value analysis, uh, products with . Prospects and potential clients. As we sort of talk through the whole, how do you justify the expense?

How do you wind up paying for cybersecurity when sometimes it's a hard case to make, and so things like taking that 113 million and dividing it by the number of employees that you have in the organization. That number is way higher than the number we use in our business value analysis. And so the reality is, I think as we continue to have these incidents and we go through these things, as those kinds of data are disclosed, health systems can continue to use that kind of data to make their case.

As you're saying, we say this all the time, it's not, it's not an if, it's a win. And in fact, I would make the argument that at most health systems. To use an analogy, there are bad guys prowling the halls every day trying all the doors. It's not if they're going to be there, they are there already. It's just they haven't tried the right doorknob yet if we've gotten better.

So if I were ACO today. I would be, you know, I'd want to be able to detect, to detect, right. That's one of the keys is I wanna know that bad guys are prowling around. Not that I may not be able to keep them from prowling around and getting in because there's, there's an awful lot of, I mean, as we talked about before, I mean, the attack surface is so, so large, but I wanna be able to detect them very quickly and be able to respond or remediate, but I'm more worried about the ransom I, I get the phone call.

It looks like a network problem. It feels like this. And then all of a sudden you realize, oh no, it's ransomware. I get that phone call. I wanna know that I can get us back up and running. Not in 30 days, but I don't know. 10 days, five days, yeah, two days. Uh, are we making progress there, do you think? Yeah, I mean, I think it depends on the organization and the partners that they've chosen, and I don't wanna turn this into a CrowdStrike commercial, but I mean, speed is the key to the operation, right?

The ability to be able to see that someone's in and be able to determine that someone's in and they're actually doing nefarious things, and then being able to kick them out before they can actually move laterally and do other kinds of crazy damage, which becomes a much bigger . Incident response kind of event that you have to deal with.

So speed is the key to everything. And if you have the right partners, if you have the right sort of setup in your security program and your infrastructure, you can create the situation where you've got that you can see bad guys immediately and you can kick them out before they do any damage or before they do any damage beyond maybe the machine that they're on.

And then if you, and then . You can put that machine back in service right away. You also eliminate kind of the cost of . Today's standard, which is we're just gonna re-image that machine, which doesn't really solve any of the problems because you don't know what happened. You don't know why or how the bad guy got in or what they, what they were specifically doing.

You often blow away all those forensics in the interest of getting the machine back in service so that the person who is using it can get back to work. So there are ways to do it today, but you know, not everyone's there. So there's a. If there's an article here, I'll be honest, I haven't read it yet. The title caught my eye, which is ransomware Attacks to Pay or Not to Pay.

And is there ever an instance where you look at a health system and and say, go ahead and pay because you, the pipeline paid and somebody else paid? I mean, so people are paying. Is there ever an instance where you're look at a health system and say, yeah, go ahead and pay. So personally, , this is me. That's high risk, right?

It's a high risk. You're, it's, well, I mean, look, here's the bottom line. You're already dealing with a criminal who's broken in and locked up all your stuff, and now you can't get to it. And so if you decide to pay, first of all, you're dealing with a criminal, so maybe they'll keep their word and maybe they won't, and their word is that they're gonna give you a decryption key.

Then there's the reality that sometimes. These are not the world's greatest software developers that are in this business. They're really good at encrypting decrypting. They don't really care that much about decrypting, so maybe they, we didn't spend enough time on that code, man. We should have really debugged it a little bit more.

So you may give them the $10 million and they may give you decryption keys, but. Maybe it works and maybe it doesn't. And even if it does, you've created a situation where you've now, um, identified yourself as a willing victim and that you're going to pay. So they are going to come back. You know, this isn't a one-time dance that you're doing right.

And you've put a bunch of money into the, the dark underground of cyber criminals, which as we've talked about on the show before. Isn't one person who breaks in and then does launches, ransomware, and then negotiates with you and collects the ransom and gives you the the keys. This is a whole crazy underground economy of cyber criminals who I.

Have sub-specialized as far as being able to get credentials and they sell 'em on the black market to the team. That is really good at going in and casing the joint right and figuring out where all the crown jewels are, and then mapping all that out, coming back out, selling that information on the dark web to the person who is to the team that is really good at launching ransomware and negotiating for, for payment.

These are major, major corporations. I saw something the other day that said if you took. The cybersecurity criminal, the amount of money that has been made through ransomware over the past year or two, that it would be like the third or fourth largest economy in the world. It's a magnificently done, engineered run by real CEOs.

Kind of business that is in the business of stealing stuff from you. So you have to, you have to be prepared for that. All right, so lock bit ransomware, recruiting insiders to breach corporate networks. Couple things there. One is I'm not familiar with lock bit. This is fairly new to me. So any, any wisdom you can impart on that.

A ransomware gang that has, I don't know, really great software that is super good at encrypting stuff. Very, very fast. And now apparently not only locks up the system but puts wallpaper up on the machines that says, Hey, if you wanna give up any of your credentials and passwords, you can become an affiliate.

And uh, oh golly. Like, what the hell, . Sorry. So is that what it means? Recruiting it? When they say recruiting insiders? Is that after the attack has been launched or are they recruiting insiders to launch the attacks? Well, based on what I've read, I think it's more about recruiting insiders to, you can make money for your credentials and your password, so you would hope that nobody would take them up on that, but.

I just don't know anymore. That's interesting. It is an HR issue. You need to have, if you have any disgruntled employees, they are, they're potential targets for people, and if they identify who the disgruntled employees are, they could have an accomplice within I. We had 19,000 employees at at St. Joe's.

I'm sure one of 'em was disgruntled enough to be coerced or underpaid enough to be coerced to help for a certain amount of money. Right? That's right. That that's a, that's a very real problem. Having spent 20 years in the US Air Force and had a top secret clearance, most of that time. The amount of background investigations and things that you go through specifically because of this, right?

Everybody's, you wanna make sure they're not in a position to be coerced. You wanna make sure that they're not a position to be, you know, bribed or blackmailed. And we don't do that with all of our employees. We certainly don't have that kind of a machine, but it is the kind of thing that you need to make sure.

We all do, but I think we could all do better. We all need to have the machine set up so that when you're engaged with hr, you're about to let somebody go, that everybody's ready while you're in the meeting. Having the conversation about somebody's fired. I. All of their accounts should be turned off. All the things that they have access to should be turned off.

And that in some cases, even employees who decide to leave on their own, you'll wanna do some, in some forensic investigations on what did they download and what have they transferred, and those kinds of things. Because you just don't know and, and you have to protect yourself. Yeah. I know at, uh, consulting organizations I've been at over the years, we were very.

Curious as to what people were downloading and taking. And they kept coming up with more and more sophisticated ways to make sure that people couldn't do that. But speaking of consulting firms, so Accenture downplays, ransomware attack as lock gang leaks corporate data, and that is one of the, one of the risks here, right?

And Accenture's probably, yeah, I mean, uh, definitely well funded. Definitely smart group of people and they were able to get in, get to some corporate data, and now they're, they're posting it out there. Does that mean there's no hope for any of us ? No. I, I don't think that's what it means. And you get different sides of this story too.

I. That's where a lot of the investigation, part of a post breach and incident response is really important. There are bad guys posting stuff that they say they got from Accenture, but it maybe wasn't necessarily from this breach. I mean, who knows? This is what the investigation needs to kind of reveal is this is this data that was already available on the dark web and.

This K is, uh, posting this stuff and making these claims because they have some other reason to try to make Accenture look bad. I mean, if you read Accenture's part of the story, they say this was just a scratch. Somebody got in. Definitely somebody got in. We don't think they downloaded anything. We resolved the attack, uh, very quickly and went.

Put everything back in service so the devil's in the details in the, in the, in the investigation. And I'm sure more of more will come out on this preach. We'll learn more of the facts as time goes on. Interesting. Drex, any other stories or anything else going on that you want to wanna discuss? I just saw this morning, T-Mobile had a breach too.

There's. Several healthcare systems that have recently had breaches that have driven diverting ambulances and postponing surgeries and those kinds of things. It feels like it we're on the daily now it feels like, I mean, it's not really the daily, but it feels like every week there's at least one or two of these in healthcare, which is really frightening critical infrastructure, right?

People will depend on this. If you are in the middle of . I don't know. I'm making this up, but if you're in the middle of South Dakota and your hospital gets breached, then you have to divert ambulances. I mean, the nearest hospital might be a hundred miles away. It's not, this is really, really serious, so we gotta keep working on it.

We gotta keep working on it, making it better. Yeah, so I, the most recent one I saw about was Ohio Health, and I saw that on three x Drex text 4 8 4 8 4 8 to um, to Drex to four eight drex to four eight. 4 8, 4 8. I haven't done that in a while. Sorry about that. Are you, are you still getting those out or is that getting hard?

I have, I hit a little bit of a slack. I was a little slacker for a while, but I'm back to it now. It's not, it's not that it's harder. There's plenty of stuff to share with people. For me, it's more about time to just setting down and cranking it out. So. People are always asking me, it's like, are you worried about all the oncoming competition in podcasts?

And I, I always say the same thing. No, not really. I said, because I know how hard this is to be consistent and do it every week and do the daily show every day, and that kinda stuff. And I'm like, most of these podcasts will start and end well before we stop doing this. So, but you know, and there's so much news and there's so much specialization and subspecialization that.

The beauty of, I think the space that you're in is that people don't have to just tune into one podcast. They can listen to lots of different podcasts, even if they're in the same niche, because they pick up different pieces of news from those different channels, and they don't have to listen to it real time.

Right. The other thing you've created is this asynchronous ability to like, I can listen to this when I run, or when I . When I'm in the gym or on the drive home. So yeah, that's why we're gonna launch multiple new shows next year. So we'll see. We'll see what happens. Drax always a pleasure to talk to you.

I'm sorry, my chair is so far down. I look like I, I look like mini me now. I'm so low. Low in the, uh, chair. Sorry about that. Same, same, same here, man. Always good to be with you. You look good. I don't care what they say. , I. Hey, thanks again. Take care. What a great discussion. If you know of someone that might benefit from our channel, from these kinds of discussions, please forward them a note.

Perhaps your team, your staff. I know if I were ACIO today, I would have every one of my team members listening to this show. It's it's conference level value every week. They can subscribe on our website this week,, or they can go wherever you listen to podcasts. Apple, Google. . Overcast, which is what I use, uh, Spotify, Stitcher, you name it.

We're out there. They can find us. Go ahead, subscribe today. Send a note to someone and have them subscribe as well. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders. Those are VMware, Hillrom, Starbridge advisors, Aruba and McAfee.

Thanks for listening. That's all for now.


Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved