Tell me in health, it we're going to take a look at the ATT breach and we're going to ask the question. Of are there any ramifications for breaches and how does that change our behavior? My name is bill Russell. I'm a former CIO for a 16 hospital system and creator this week health set of channels and events dedicated to transform healthcare. One connection at a time. Today's show is brought to you by artist site one platform, infinite possibilities for improving healthcare.

Our sites platform unlocks endless ways to relieve tension, reduce friction and make clinicians jobs easier. From telemedicine to virtual nursing and beyond. Explore the artists. I platform this at this week. health.com/artist site. Alright. Hey, you can find this story and all the new stories we cover this week.

health.com/news. We continue to do our fundraising for Alex's lemonade. Stand. If you get a chance, go ahead and hit our website. Top right hand corner. You can click on the logo. And give today, we're almost up to our goal of $150,000. And we are excited to spearhead the opportunity. For our community to give back.

And we thank you. One last thing, share this podcast with a friend or colleague who says foundation for daily or weekly discussions on the topics that are relevant to you in the industry, a form of mentoring. They can subscribe wherever you listen to podcasts. All right, let's get into it. This is, let's see. Where's the article from, it's hard to say it did a wired. So this article is from wired, the sweeping danger of at and T phone records breach. And let me give you the summary real quick at and T is disclosed a significant data breach impacting the call and text records of nearly all its customers. Let that sink in for a minute. All the call and text records of nearly all of its customers. So that means if you've called anyone, all your call history in your phone, if you're an 18 T customer, whoever you've called whenever you've called them is now. In nefarious, hands, all your texts that you ever texted, anyone is in nefarious hands. So they know a lot about you.

They already know a lot about you based on social media and harvesting and that kind of stuff. But now. They can sack this information away. And run it through their systems as the systems get smarter. They will be able to tell more and more things about you. These are things like texts to your kids, to your parents.

So although the breach didn't include the content of calls or texts. So it's saying that the texts, the actual texts themselves were not there. So I rescind. My previous comment. The stolen data is still poses significant privacy risks and could facilitate phishing attacks. And that's what they're going to do with it.

They're going to get access to other stuff. That you that are the crown jewels, access to the phishing attacks for your bank accounts, phishing attacks for your health record phishing attacks. For your I don't know, PayPal, whatever, where. However they can get money from you or a embarrassing information about you. It goes on the U S cybersecurity and infrastructure security agency. CYSA. Has issued an alert and while law enforcement has made some progress, including apprehended, at least one person, the stolen data is already being advertised on cyber crime marketplaces. And that's how this stuff works.

It's not Hey, one person has it and they're figuring it out. There is a whole economy. Of cybersecurity there. Or cyber hacks. So the cyber hackers have a whole economy. They have specialists in different aspects. Of breaking into a system, they contract for the things that they aren't good at, and they do the things they are good at. They actually rate the data and then there's a whole marketplace for selling that data.

And so that's, what's going on. And I was talking to drugs this afternoon and I asked him this question. Will anyone switch from at and T to another carrier. Now we have this conversation in healthcare all the time, and we say, it's really hard to switch doctors. You've been seeing this doctor for 10 years, 15 years. Some cases longer than that, are you really going to switch doctors?

If they have a breach? The answer to that is no. The switching is really difficult, really hard, really personal. You have to go through that whole process of getting to know somebody again. And so in the healthcare world, we have not seen significant ramifications for breaches leading to a mass Exodus of customers. However in the cell phone world, switching is not that hard.

We've by definition made it easier. We have the transportation of our phone numbers. We now have a digital Sims instead of physical SIM cards. I just swapped over a phone for my wife and my gosh. It's the easiest process ever. And I'd love a side note here. I love the iteration that apple has done on this over the years, and they just constantly tweaked until quite frankly, I set two phones next to each other.

The, all the information transferred, including the SIM card. And I picked it up and my wife was using it within. Five minutes. Had to log in and reconnect some things. Actually didn't have to reconnect. Some things just had to log in again. So we had to remember some passwords and that kind of stuff, but for the most part, They have made this as painless as possible to switch phones. With that being the case.

I go back to my question. It's easy to switch phones. It's easy to switch carriers. How many customers will at and T lose as a result of this breach. And my theory on this is not many.

And I think that leads me to consider a problem that's going on in our society. And I don't usually talk about societal problems. Especially on a day following a weekend where there was an assassination attempt on a former president. But I'm going to talk about a societal problem that I think is starting to permeate our culture and it is throwing our hands up.

We've given up and said, privacy is a pipe dream. Everybody has our information and that's just the way the world is going to be. And that may be true in some cases that may be true. We've given away too much already. For example, every time I record a podcast, I'm giving away my voice signature. So somebody doing a deep fake on me at this point is fairly easy.

There's so much. Content so many words out there. Not that they need a lot of them, to be honest with you. They could probably collect enough in a single phone call with you. To create a deep fake of your voice alone, but there's also video out there of me as well. I don't think it would be all that hard as watching a video over the weekend of, um, LinkedIn is Reid Hoffman, Reed Hoffman, and his his deep fake read. It's a full-blown video simulation of Reed Hoffman.

It's consumed all of his stuff and their response to things as Reed Hoffman would. And he uses it too. He has conversations with it. He, uses it for various videos that he has out there. That's where we're going. They capture your voice in a way they go, I'm worried about defects, but I'm worried more about the posture that we've taken. With regard to privacy and what that means, we've thrown our hands up and said my healthcare system's getting breached.

My bank's getting breached. My cell phone carriers getting breached the us government's getting breached. The biggest breach of all was the us government, where they essentially hacked into the database of all the people who have served. And got really personal information on all those people.

And you're like, wow. And what is our defense against that? What can we do or actually, what are they going to do? With it, are we ever safe? Do we have to take different approaches? Anyway, I'll bring this back to health care. And the two things I think about with healthcare is this one, we are consolidating a lot of data. Have we taken the necessary security precautions around that data?

I think specifically about Truvada. I think about the stuff that may I was doing. I think about the stuff that epic has done. Think about how much data has been consolidated around epic at this point. You get the picture, we've consolidated a lot of the information or we just make it easier for the hackers in the long run. Not that we want distributed data all over the place. And that kind of thing. That would make doing the work that much harder, but how much more vigilant we have to be around security when we are consolidating data of this magnitude. That's the first thing I think the second is. The impact on the health system, when there is a breach. I've had consultants talk to me about the reputational risk and couple of the other risks. Losing clients and that kind of stuff, it doesn't seem to be happening.

The only time it happens is when you have to go on diversion, because there's a significant breach. There's a. There is a ransomware attack that takes the systems down for, 20, 30, 40 days. And they have to, you have to go on diversion and send patients elsewhere outside of that, I'm not seeing it.

I'm not seeing where you lose patients as a result of this. I'm not seeing the reputational risk. The other question I have to ask is. I don't see Mayo getting hacked. I don't see, some of these major systems getting hacked. What do they know? What are they doing as a health system that we're not doing? Probably worth exploring, probably worth understanding. I'm a little limited as to what I can do on the podcast because most of the really good organizations are not going to talk about cybersecurity on a podcast or should they. And reveal their their strategies, their plan, their approaches.

So it would be like it would be like interviewing Zelensky of Ukraine and having him go, yeah, we're moving our troops north. And we're thinking of utilizing these kinds of weapons. You just wouldn't do that. You're not going to give the attacking foes the information on what your defensive plans are and neither should any cybersecurity, professional or CIO for that matter or CEO for that matter. You shouldn't talk the enemy, nor should you give them enough information. To plan or or pull off an attack.

But with that being said I'm worried about our or our security or our. Our view of privacy at this point. But I'm wondering if there's any ramifications to health systems outside of the obvious. 30 days out and that kind of stuff to these days. Anyway, sweeping danger of at and T phone records breach on wired July 15th on our website.

You can check it out. It's a pretty massive breach and I'm concerned that these massive breaches. Change Ascension 18 and T are becoming more common. That's what I'm thinking about today and that's all for today. Don't forget, share this podcast with a friend or colleague. You said as a foundation for mentoring, maybe you guys can answer these questions.

Maybe there's a good conversation to be had.

We want to thank our partners, specifically artist site for helping to make this happen and supporting our mission to develop the 📍 next generation of health leaders. Thanks for listening. That's all for now.