Newsday: Cybersecurity in the Next Year: ChatGPT, Ransomware, and Migrating Data

April 5, 2023: Drex DeFord, Executive Healthcare Strategist at Crowdstrike and David Ting, CTO and Founder of Tausight join Bill for the news. How has the nature of cyber threats evolved to include identity threat protection and why is this becoming increasingly important for organizations? What steps can organizations take to ensure that they are doing enough to protect their sensitive data and critical systems from cyber threats? How can they strike a balance between investing in robust security measures and maintaining the efficiency and flexibility of their operations? How can emerging technologies such as AI and ML be leveraged to enhance cybersecurity measures and better detect and respond to threats? What are some of the challenges associated with adopting these technologies, and how can they be addressed to maximize their impact on security outcomes?

Key Points:

  • Breach of the medical records of Congressional members
  • Identity theft, Identity protection, and Incident response
  • Incidents of hacking using legitimate credentials
  • Migrating data to Epic in Azure
  • Building and monitoring web APIs for cloud applications

Read on

Video Transcript:

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on This Week Health.

Cybersecurity is about paying attention to details. In all these stacks that we use, there’s so many buttons and dial. It’s very easy for you to lose the staff that knew how to use a tool that you don’t have now that problem’s only going to continue. And I think the integrated platforms are gonna come in and have to simplify it.

Welcome to Newsday A this week Health Newsroom Show. My name is Bill Russell. I’m a former C I O for a 16 hospital system and creator of this week health, A set of channels dedicated to keeping health IT staff current and engaged. For five years we’ve been making podcasts that amplify great thinking to propel healthcare forward.

Special thanks to our Newsday show partners and we have a lot of ’em this year, which I am really excited about. Cedar Sinai Accelerator. Clear sense crowd strike. Digital scientists, optimum Healthcare it, pure Storage Shore Test, Tao Site, Lumion and VMware. We appreciate them investing in our mission to develop the next generation of health leaders.

Now onto the show.

(Main)   📍 Here we are for the five conference. It’s a Newsday show. So we’re gonna be talking about the news and the news is essentially the conference cuz this is where we’re at. I have David Ting founder and CTO with Tausight and Drex DeFord. I rarely say your last name anymore.

ors down, man, it’s exciting.:

By the time this. No one. Well, everybody, nobody will remembers will be like concrete. It’ll be a boat show anyway. A boat show. They’re gonna come in and go. Where are those guys? Oh man. Hey, so I wanna talk let’s start with cybersecurity. We could. Talk GBT four. Cuz that’s the thing I’ve heard probably said more than anything else.

Yeah. Yeah. But I wanted to start with cybersecurity. What’s top of mind? What’s news about cybersecurity at this conference? David, we’ll start with you.

So I’ve had a lot of customer contacts hosted buyers. Yeah. Yeah. And it’s the hosted buyer meeting tipping Great. Yeah. I think the most alarming things were, gee, the Washington DC with the congressional medical records and how that’s going to open up a lot of government once it gets personal.

Exactly. Changes everything. I think that’s what they were saying Once it happens to the government officials and their families. Oh, wow. The awareness is going to be much higher.

So what actually happened there?

Somebody stole, broke in and got all the medical records for the I think it’s congressional members as well.

Yeah, congressional and maybe staffers too. And staffers, yeah. It’s quite a large tro.

So Congressional staffers that’s bad. That’s. But it’s raising more awareness. This CIO testified to that audience and she said, here’s where it becomes personal. And she said that the audience was much more receptive to the value of protecting the healthcare system.

What makes a breach bad? The Lehigh. Look I saw you posted Yeah. About that. I mean, it’s heartbreaking, right? It is. I mean, cancer patients exposed all sorts of photos Yeah. And whatnot. But, I’ve made the case on my show, and I don’t know if this is a proper case, but it’s not the sense of.

Of the data as much as it is the negligence potentially that goes on. That’s where I think is the unforgivable breach. If you haven’t done the due diligence, if you haven’t put the frameworks together, if the executive leadership team over and over again says, nah, we’re gonna move the money over here.

And that’s what I think is the unforgivable.

Yeah, I think there’s some,

The challenges of how much cybersecurity is enough to say you’re doing what the reasonable man would expect for a cybersecurity protection for your organization. That’s a tough line to find and I think a lot of this stuff that’s happening with Senator Warner and the report the recommendation that kind of came out, a lot of the comments that have come back on that, the conversation around whatever the terrible term is going to be, meaningful use for cyber.

And what goes along with that. We’ve talked about this, careful what you asked for when the government comes to help, sometimes there’s unintended consequences, but I think we’re gonna have to put something better together that helps organizations understand the expectations are this. Yes. And if they’re just recommendations, the poorest health systems are not gonna do that.

They’re not gonna do it until it’s mandatory. I think. So. So we have to be very thoughtful about what the mandatory is and what it means and how it’s implemented, and what the carrot, what the stick is, and how we’re gonna roll these things out and keep them running once we’ve got them out there.

As I think about cybersecurity and what’s next, I really don’t want to talk about what’s next 10 years from now, what’s next over the. next Year. What are the gaps that we’re starting to see people go, Hey, you know what, it was okay for that to be in the red or even the yellow last year, but this is probably something that needs to be moved on the security framework into the green.

Yeah, for us, One of the things that we’re seeing is we talk to customers and prospects and the work that we do in incident response identity protection, identity threat protection has become incredibly important. There was a long period of time where hackers hacked into your organization, but today, because you can be part of the target breach, Or some other breach and the bad guys have collected all the data from that breach.

All the customers, all the usernames, all the passwords. They have big data analytics people too who sit down with that data and cross reference it with names of people who work at hospital. Exactly. Healthcare organizations, and then say, maybe we should try this password on that account. The result is about 80% of major incidents that happen today Across the board involve logging in. These are bad guys who are logging in with legitimate credentials, so you’re not looking for a needle in a haystack. Now you’re looking for a specific piece of hay in the haystack because they look like they’re supposed to be there, and until they do something that they’re not supposed to do.

If you have traps set for that, Then you’re gonna be able to see them and find them and do something about it. But it’s a very challenging situation. Identity to me is kind of like the next big frontier that we’re attacking at CrowdStrike.

So you’re the founder, CTO, least likely to do your own marketing.

So, but I, but you really are, I know that. But that’s where I’m gonna go next, which is essentially it’s finding the what’d you say? Needle in the haystack. It’s not a needle in a haystack. It’s

hay that it’s a specific piece of hay in the haystack. Yeah.

But that’s what you guys are focused on. Yeah. Right. So, I mean, what does that look like to find They’re getting in legit, I just logged in as Dr. David Tang and I’m on your system now. I should only have access to Dr. David Tang’s patients and that kind of stuff. But I’ve broken out and now I’m starting to move some.

Are we able to see that they’re moving that stuff?

We can, with our technology, obviously we track what happens with the data. So we take a very data centric approach to say the thing that you want in addition to physical cyber, which is your infrastructure and all the pieces associated with that, is what happens to the logical cyber, the data that.

Your business or your powers, your business and, and what’s the ecosystem around that? Who uses it? What application touches it? Where is it going? Where’s it being stored? How is it being moved? And it’s all around the PHI data because at the end of the day, that’s what healthcare runs on. Yeah. And understanding that chain of custody and that chain of use starts to give us better visibility to how we can better protect it.

One of the things I’ve noticed is the audacity of the attackers these days they will stop at nothing to disrupt your system. Yep. Steal your data. Figure out how much data they can take away and extort you. So it’s the exploitative value of the medical records and the credit information, but it’s also in addition, the extortion value of, Hey, I’m gonna hold you ransom for the data that you own, and with my threat to release it to the public.

And you get hit twice.

Yeah, for sure. That extortion thing also now extends to the patients themselves. So you start to see adversaries calling patients and saying, we have inform. Let me give you a couple of pieces of it to sort of, that’s show you that I can, yeah. It’s terrible. There’s no limit to what they will go to these days.

So there’s two questions. I think. One is, have we gotten to the point where the reputational risk is enough that it’s actually impacting the financials of a health system or the reputation, the trust level of the organiz.

I think some of it depends on where the health system is, right?

Yes. If there’s a breach at a health system, a hospital, that’s the only hospital within a hundred miles of where you live, and it’s the only hospital that your employer will let you through your insurance plan go to, and there’s a breach, your decision. Doesn’t really exist. Your ability to kind of say, God, where I’m not gonna use those guys, I’m gonna choose these guys on my health plan next time.

That isn’t really an option. So yeah, I think it hurts and it certainly may hurt the fundraising arm of the healthcare organization to get new donations and Right. That, that kind of input to help make that, but it’s not a serious, unless you’re, I think it depends on competitive area.

If you’re in a competitive area, I think it.

I’ve heard different CIOs tell me that after a breach they can watch

Yeah. A little bit. The intake of patients and he one of ’em said they recognize that it would take up to two years for the same patients if they do come back. Oh, wow.

To basically regain trust. I thought, wow, that’s a really long window. He said, we have to, David show it.

I think I’m, the challenge is even in a fairly populous area, I’m connected to my primary care p. I’ve said before and it’s probably not a good taste, but there’s very few people that have seen me naked, but my primary care doctor have seen me naked.

And I want that number Always to remain pretty small. Correct. So it’s like that’s, I don’t want to go start seeing, and my wife will say the same thing. It’s like, I have an obgyn, I trust that obgyn. I’m not, regardless. I’m not going somewhere else. And to be honest with you, when we get that credit letter, like, Hey, we’re gonna protect your credit, we sort of just roll our eyes now.

Like how many of those can you have? How many, I mean, it feels like we. We all have 10 of those from breaches that have gotten more.

Yes, exactly. I wanna talk about ransomware cuz it’s a word. Maybe you’re hearing it more cuz you’re here in this area, but I haven’t heard it as much and it feels like I haven’t heard it as much in the industry.

Are we starting to win? Some battles there. I think cybersecurity programs sort of generally speaking at larger health systems are probably getting better, but at smaller health systems, mid-size and smaller health systems, where I think they still struggle for. Funding and resources, people and skill, the ability to do this well.

They’re still being hit. The adversaries have also sort of changed up tactics. Now, not only are they doing ransomware or maybe in some cases just saying, we’re not even gonna do ransomware. We’re just gonna get in and exfiltrate data, and then we’re gonna hold you hostage for the data.

Exactly. Like, we’re not going to. Or they do things that are just purely destructive, just to disrupt operations and then talk to you about getting your data back,

Through, that’s sort of the Lehigh Valley one was sort of like they took the data. Yes. They held onto it for a little bit, and then they came back to him and said, ratcheted it up.

Yeah. And so they’re getting more brazen. More brazen.

Definitely. There is no limit to their creativity in terms of how to exploit and extort. You When you talk about ransomware, my dentist’s office got attacked.

I mean, these are two dogs practice, so it’s broader. Yeah. And they came back after he fixed it, he thought he had fixed it and he said there was one window left open. They came back in. So he said 5% my list. Yeah.

A smaller health system CIO was talking to. Was sort of downtrodden, Hey, what’s going on?

That kind of stuff. Cutting 8% of their staff across the entire team. Now they’re an epic shop, so they have to worry about honor roll and so they, they can only cut so much of that staff and whatever. And so Cybersecurity’s gonna get hit testing is gonna get hit, so, you do the release and the testing and all that stuff.

Isn’t that like sowing the seeds for the next breach? And if they’re looking at you saying, look, you have to cut 8%, you know it’s gonna have to be cut. How do you stay ahead of it on a security set?

So I’ll just go back to the bigger picture.

The challenge with this, you’re going to, the support team is gonna have to cut 8% no matter what the support team is. Yes. They gotta cut 8%. Are we reducing then what we’re doing? In the delivery of care or other things by 8%.

Well, that’s what I’m concerned about. It’s cybersecurity. It’s not like you’re talking to the attackers saying, Hey, look, can you give us a reprieve over here?

Don’t attack here. Here. Do you wish these attack surfaces? We’d like to take off the table for a little while, if that’s okay. Yeah, no, I mean it does. It shows the seeds for. In the operations space, people taking shortcuts or not quite finishing projects or dotting the i’s and crossing the T’s, which creates vulnerabilities that then ultimately are exploited by bad guys when they come in on the cybersecurity side of the house.

It’s the same thing. You can have. 65 pieces of software that you’re using to monitor your cybersecurity space. But if you’re not actually watching all of those dials Exactly, yeah. Then, you’re burned. I think that’s the right point. You have fewer people to monitor the dials.

I think more things get dropped. Cybersecurity is about paying attention to details. In all these stacks that we use, there’s so many buttons and dial. It’s very easy for you to lose the staff that knew how to use a tool that you don’t have now that problem’s only going to continue. And I think the integrated platforms are gonna come in and have to simplify it.

I think it drives toward risk too, right? The conversation of, yes, we can cut by 8%, but here’s the new risk that we will be handing back to the organization to accept.

It’s interesting, you’ve gotta be clear on that because that’s the conversation I had with him. I’m like, just make it clear. If you’re gonna stop doing testing on releases, you have to make it clear to the clinical staff.

You have to make it clear. It’s more likely we’re gonna have downtime. Unscheduled downtime, because things aren’t gonna work the way that we.

We’re talking the EHR here. Like, was just gonna say it’s a little scary. I do wanna talk about those pervasive systems. I saw an article about Microsoft sort of getting under the microscope from from a federal level looking at their security practices and those kind of things.

We have a lot of those kinds of systems, not just Microsoft. We have the EHR platform. We have the e r P platform. We have and everybody here would like to be a platform, right? Sure. To some sort. How do we evaluate the practices and the readiness, of those systems?

You think Microsoft would be way ahead of this? I was kind of surprised to see the article, to be honest with you.

Yeah. I’m trying not to get too Microsoft Bashy here, but Right. But from the Microsoft

perspective when you look at companies like Microsoft, they are many things to many people, they’re word Excel, and PowerPoint and SQL databases and email and lots of other things.

And they have a security card. The challenge is that the generator, by and large of urgent security patching requirements is Microsoft. And so you have to ask yourself , do I ask Microsoft to secure my software because it’s a software I’ve offered Microsoft that needs to be patched and protected.

And so there’s just some of this logic that you have to kind of go through, I think when you talk to those companies to understand. What a better decision might be when it comes to cybersecurity.

But David, you talked about your solution to finding the hay in the haystack kind of thing. When we’ve talked about moving to a cloud, I’ve talked to three CIOs who said Epic in Azure.

We are moving to Epic in Azure. Does that create a different environment or do we just have to start looking at it at a more granular level?

I think we’re in that hybrid phase where we have even increased our surface area of concern. Do I have my on-prem? Do I have my hybrid environment secured?

What data do I migrate into the cloud? How do I monitor the stuff that goes into the cloud? How are my users using the cloud? I think challenges are multiply. Just because your data centers migrated, it doesn’t mean your, security is reduced there’s just more connectors. They’re. more Places where your data is moving to. I think for the time being, as we’ve worked through the hybrid transition, it’s gonna be more challenging.

To be honest.

Cloud security actually introduces A lot more variations of the risk. Right, exactly. And folks who are really good. Exactly. they’re. For, even for folks who are really good at running cybersecurity programs for products that are on premise, shifting to the cloud is a whole different ballgame.

Exactly. And so we see a lot of breaches that happen with products in the cloud that again, are kind of back to the basics. Yeah. It’s simple misconfigurations that have left a door open that somebody can just walk in because it’s, an open port, an.

Just, and then you have the other surface area of attack, which is all these web APIs are being built for these cloud applications.

And who’s monitoring that for, how well are those being built? How are those being holes? Are those exactly, how do they test them? How do they pen test them? Because now you’re out in the breeze. We know adversaries love that too. Cuz if they can get into an API stream, absolutely. They get everything. The stream.

That’s always been my. That just because I now have it in the cloud and outside of the perimeter of my on-prem solution, who is it opened up to for these exploits?

one is on CSO priorities for:

We have Eric Decker within our mountain, Shauna Hofer with St. Luke’s Health System out of Boise, Idaho, and Vic Aurora with Hospital four Special Surgery. And we are gonna delve into what are the priorities for security? What are we seeing? What are the new threat? What is top of mind for this group? If you wanna be a part of these webinars and we would love to have you be a part of them, go ahead and sign up.

You can go to our website this week,, top right hand corner, you’ll see our webinar. And when you get to that page, go ahead and fill out your information. Don’t forget to put a question in there. one of the things that we do, I think that is pretty distinct is we. like for today’s webinar, we had 50 some odd questions that we utilized, in order to make sure that the conversation is the conversation that you want us to have with these executives.

So really appreciate you guys being a part of it and look forward to seeing you on that webinar. Now, back to the show.

I’m gonna try to ask a question here and it’s, and I’m gonna form it as I go cause it’s gonna be kind of goofy. G PT four has been mentioned way, I mean, there used to be a hype cycle where the thing I expect to see, the next one that we see from Gartner where the hype cycle, they’ve like increased the level.

Did they have to make the charts smaller to how high the upper rate. But my thesis on why that is, is. There’s a hype cycle, right? And so a bunch of people started using it and it exceeded their expectations. And that was like, Hey, have you guys looked at, have you looked at? And then people went out and use it again and they go, wow.

Oh wow. This is a basic gpt, the gpt. Four I mean the, I don’t know, it may be a fast track to the slope of Enlightenment or the slope of Enlightenment conversation may mostly be around. How are you integrating this into your product or into your software? I’m gonna come back to security, but it feels to me like open AI somehow.

Got first mover advantage over Google and I don’t know how they did it. I’m not sure anybody else understands how they did it. Like all of a sudden, cuz Google had all of those, a lot of those capabilities, right? I won’t say all of those, but a lot of those capabilities and then all of a sudden open AI came in, it went from three to three, five to four, like overnight.

Now they’re opening up the API and they’re doing partnerships and you’re sitting there going, wow, that was. Like what just happened here? Yeah.

Yeah. It’s the accelerated rated which AI technologies is being innovated and adopted. I think that’s only going to accelerate, but the always the concern is that AI will build on, its.

Itself to be even faster, to basically have that multiplier applying AI to improve its own ai. And what would that do you know when AI’s now able to write code? I’ve tested a bunch of different examples. It’s kind of scary actually, in every software engineer. I know my job is gonna be done in five years.

It’s gonna be a program. Well, you’re a true coder. I mean, you’re probably a hacker like that. I’m very much a hacker. Yeah. But us hackers now, you could use it. We can use it. Like I did, I wrote a, this is plugin for WordPress, and I just went in and said, it went, and I’m like, I don’t like those variables.

So I went back and said, can I change it? I said, Hey, because I have other code in there. I’m like, I want you to match my variables and when I’m using it, just sort of dropped it in or give four other options for these two lines of code and it’ll rewrite. Like if something doesn’t. You can go line by line and kind of just try things out. You don’t have to be a coder, so it’ll figure out so.

Well, I do want to talk, I do want talk about potential, but I do want to talk about cybersecurity. One of the things that we do all the time is we just give our information away. Right, and I’m thinking about how physicians are gonna use it. I got a phone call early on in my CIO career, and it was from Dropbox, and they said, Hey, congratulations.

You’re one of the largest users of Dropbox. We don’t have a contract. We don’t have contract. We didn’t have any agreement. I talked to people, they were just like, we’re not using Dropbox, but our physicians were using it because it was a nice, effective way to share. PHI information with, and I’m like, oh, we’ve gotta rope this in as quickly as we can.

That same thing’s gonna happen with g PT form. Absolutely. It’s already happened. Right? Physicians aren’t getting, are you using it to write notes? Notes? Prior They’re using it to write. Yeah. And I’m sitting there going, okay, if they’re doing that, then they’re feeding information into that prompts.

What information are they feeding into that prompt? Can they feed PHI into that? Of course they could. They could feed phi.

We’re thinking of using it to generate samples, for example.

Yeah. It looks Giving it away. We’re not even logging. I mean, I guess you do log into us, do log in.

You do log in, but we’re giving that information away. Is that an attack factor we need to start worrying about?

Oh, I think so. I think we’re feeding data into the cloud, into all these services, into all these applications in ways that it. Doesn’t have visibility in change.

It’s So my Dropbox story Oh yeah. Is probably happening all the time. It happens all the time. I mean, I think we, we have a chronic third party risk management challenge in healthcare, because we use software as a service. We don’t build a lot of stuff ourselves. We use software as a service. So all of our data’s going into somebody else’s cloud somewhere that.

Centers of gravity, where if the bad guys can’t break into that system, they get 25 or 55 health systems data all together, not just one organization. So those organizations become targets and it’s easier to be able to get access to those things without going through the normal permission process of supply chain and all of that.

If you’re in a health system, you have a credit card and you can sort of file a claim next month. You can go out and just buy a lot of things yourself. So department heads are going out and doing things like Dropbox or other stuff. They’re just doing it on their own. Creating exposure for your organization.

That in, in on my own matters. Yeah. All signing off on risk workflows, signing off on risk. They’re not approved to sign off of. Well, you were in California. I mean, we had physician practices that were foundation members. I think people think we have a. Over those things. Yeah. We didn’t have much authority over those physician practices.

Right. And so they could do some silly things with information that was connected. And then essentially when they get breached, though, we are the falls back to the Yes.

The largest, largest, largest, the largest entity. Right. I do wanna talk I want geek out a little bit on the potential. And we start, started down that path.

The programming aspect of it is really interesting to me. And I think we’re gonna spawn a generation of prompters people who know how to interact with AI correctly. And it’s interesting. So my camera person is, On the other side here, her job is to take these notes and she just graduated from college like two months ago, but she’s gonna take these notes and turn it into a note for our mm-hmm. podcast. And it’ll be a couple paragraphs of what we talked about. She has no idea what, half of stuff. She started using GPT four and she writes really great notes and I, so I said to her, I’m like, how do you know so much about clinical background? Because we do a lot of clip and she’s just like, I put it in the chat, G P T and spit it out, and there it is.

I’m like, that’s give me a two paragraph summary of the thing that I’m gonna give you, and then it just comes out.

I did a whole FAQ section just based. Say, Hey, what would it do if I threw it in there? It was pretty good. And your FAQs are no, the FAQs are hand edited, but you know, a lot of the stuff could be boiler plate generated using tape.

So it’s not quite hallucinations. I mean, cuz we hear that thing of, it’s been trained on some good data and bad data and it can generate some bad right things, but it could also generate stuff that the human looks at and goes, that’s pretty, it’s good. Yes. But we should edit. Right.

That’s why we hand review everything.

You and I talked about coding though and you were saying, Hey, let’s just assume I don’t want it to write code. I just wanted to document my code.

You can do that too. It’ll read it. It’ll insert whatever out. Yeah.

But the ability for it to write code is what I think is going to be somewhat scary because you don’t need to understand the interface of APIs anymore cuz APIs interfaces are the details, right?

You just want to say, functionally, I want the thing to do this. Can you dovetail it into this API and it will just, the API is built as standard work, right? So it’s also a really easy thing for it to understand. Oh, exactly. Well, here’s how I flow that because I know what all of these, I know how API reference see these linkages.

And I think in a couple of years did you guys saw the release where they just showed it up? Picture of a website and it went from seeing the website. Now this hasn’t been released yet, but essentially it looked at the picture, the image of the website, and it said, okay, here’s your HTML code, here’s your Java script code, here’s your whatever.

And it just sort of dropped it all out. And I’m sitting there going, all right, that just turned your ui ux people into, I mean, design let’s assume they’re not gonna write the final code, but they literally could say, we have a demo of this in two. Yeah, they could write it out and say, all right, here’s the demo.

And they go, yeah, we really like that. And then you go back to the code organization and say, and you’ve got a boiler plate. Yeah. All software is developed in an iterative fashion. You start with the first working instance and then you tweak little bits of it to get to where you want it to be. But what about these other companies?

What about like Adobe? Adobe has Adobe xd. And I don’t know if you’ve ever used it. I use it all the time for like graphical designs and websites and this kinda stuff. Why wouldn’t they utilize Open ai, do a deal with Open AI and say, here’s your Adobe xc. Oh, by the way, you ready for code? Boom, click the button, press the button, boom out.

It pops it. It’s just one of many things I think it could do. I think AI in innovation’s going to grow exponentially in the next couple of.

Even. Even for me personally, just I write a lot and I present a lot, so I’ll often sit down and sort of bang some stuff into the chat, G p t around, this is kind of where I’m going.

Can you make some suggestions for an outline? And it’ll come back. Of an outline, which I won’t necessarily like, but it will cause me to think about things that I wouldn’t have thought about otherwise. Exactly. So it makes me a better writer or a better creator of content because it’s like my writing buddy.

It’s like my writing partner. It’s making suggestions. And it’s not offended when I say, that’s crap. We’re not, I’m not doing that but you have made me think of something else. And then we can refine that in our ongoing conversation. I mean, it is a little creepy. It is. You start to feel like it is a partner of yours and well helping you do some stuff.

Somebody was saying to me, it’s not gonna replace a doctor. I’m like, it’s not meant to replace a doctor. It’s a minion for the doctor. Yeah. Yeah. It’s like, Hey, I need you to do this task, this such, this. Bill Gates we’ll close with this. Bill Gates was talking about this and he goes you’re getting a glimpse into what the future looks like.

Exactly. And the future is each one of us will have a personal AI assistant. And it will take the information that we give it and it’ll say, oh, you hike. Hey, there’s a sailing. The one who use it the more it knows about you. Yeah. And he said, we used to go out to a site and say, Hey, give me all the different airlines.

Instead, our personal assistant will say, Hey, I see you’re going from Seattle to Nashville. I’ll keep an eye on. The airlines and try to find you the lowest price on the airlines that you prefer. Yeah. I know that you have miles on this and this, each one of us with a personal assistant.

Oh, I think so. I think that’s ultimate dream, very viable. You have a digital assistant instead of that dog. Remember the dog, the personal assistant. More clipping or they clippy clip now they we’re going back. I but this one’s really powerful. Yeah. It’s ones very powerful. I think the ability for it to infer the ability for it to include its own.

Options as part of the generative side.

What’s the trough of disillusionment is there a trough of disillusionment that you can envision right now? I think people right now are so enamored with what it can do, that it’s gonna be a long time before there’s a trough of disillusionment of, gee, I wanted to go to Nashville.

You sent me to Washington. Or

I think there’s this weird situation of like, we had such low expectations and we all got blown away by how good it was. Exactly. And that’s, we’re gonna

raise our expectations to meet that. We’re gonna start having these conversations. Where’s my personal digital?

Exactly. I thought we were gonna have flying cars.

Not better gonna happen. And we will end on flying cars. Gentlemen, thank you. Thank you. Really appreciate it. Appreciate it, bill.

Thank you. Great decks. Oh yeah.

📍 And that is the news. If I were a CIO today, I think what I would do is I’d have every team member listening to a show just like this one, and trying to have conversations with them after the show about what they’ve learned.

and what we can apply to our health system. If you wanna support this week Health, one of the ways you can do that is you can recommend our channels to a peer or to one of your staff members. We have two channels this week, health Newsroom, and this week Health Conference. You can check them out anywhere you listen to podcasts, which is a lot of places apple, Google, , overcast, Spotify, you name it, you could find it there. You could also find us on. And of course you could go to our website this week,, and we want to thank our new state partners again, a lot of ’em, and we appreciate their participation in this show.

Cedar Sinai Accelerator Clear Sense CrowdStrike, digital Scientists, optimum Pure Storage. Sure. Test Tao, site Lumion and VMware who have 📍 invested in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.