Tausight Features Patient Data Protection at HIMSS 2024

Tausight logo

Newsday: Patient Data Risks, Diversifying AI, and Inspiring Adaptability with David Ting

15th Jan 2024

January 15, 2024: David Ting, CTO and Founder at Tausight, joins Bill Russell for the news. They delve into the alarming trend of cybercriminals targeting patient data, raising the question: How does the value assigned to illicitly obtained personal health information impact both the healthcare industry and the patients themselves? The discussion then shifts to the intriguing concept of leveraging AI and technology in healthcare, pondering the potential efficiencies and ethical concerns. Could the integration of AI in hospital workflows dramatically reduce costs while raising concerns about the future role of human professionals in healthcare? And what about the paradox of progress, where advances in technology lead to both solutions and new challenges, especially in the realm of data security and privacy?

Key Points:

  • Patient Cyber Attacks
  • Ethical Security
  • Diversified AI Language Models
  • Patient Information Rights
  • Healthcare System Adaptability

Read on thisweekhealth.com.

 

Video Transcript:

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on This Week Health.

healthcare is, what, one quarter, close to one fifth of our economy. and it’s based on digital data. How can we not have an impact if we don’t secure that data? Welcome to Newsday A this week Health Newsroom Show. My name is Bill Russell. I’m a former C I O for a 16 hospital system and creator of this week health, A set of channels dedicated to keeping health IT staff current and engaged. For five years we’ve been making podcasts that amplify great thinking to propel healthcare forward.

Special thanks to our Newsday show partners and we have a lot of ’em this year, which I am really excited about. Cedar Sinai Accelerator. Clearsense, CrowdStrike,. Digital scientists, Optimum Healthcare IT, Pure Storage, SureTest, Tausight,, Lumeon and VMware. We appreciate them investing in our mission to develop the next generation of health leaders.

Now onto the show.

All right. It’s Newsday, and today I’m joined, this is our first episode of the year with David Ting with Tausight, and David, Happy New Year.

Happy New Year, Bill. And to the audience, hopefully 2024 will be a great year.

Yeah, should be a good year. although to be honest with you, you were on the last Newsday of the year. ’cause we did a show with four of us and we talked about things and you and Drex were not sharing a lot of positivity going into 2024 in terms of the cybersecurity landscape.

Let’s talk about some of that stuff. you and I were just touching on the. Extortion problem that’s starting to happen. This is a new trend where they’re actually going directly to the patient. Like they got all these patient records, they’re going directly to the patient and saying, give me 50 bucks, give me 100 bucks, give me 75, whatever it happens to be, whatever the number is. Is there a market for it? Is there like, 50 bucks is the right number or something? How do they come up with a number for heaven’s sake? But they’re doing this. I think that unfortunately, that’s the news from last year. It just occurred right at the end of the year. And it’s this new tech that’s basically, hey, Merry Christmas, Happy Holidays.

We have your record and pay us 50 so that we don’t sell it to the highest bidder who might do other awful things with it besides just having your data. And so the threat of, gee, I don’t want people to know this or They know me because they obviously email me and or phone me. They have all my info.

Didn’t happen to me, but we know people in Oklahoma where this occurred. People are getting the direct emails and that would be a very scary thing if I got an email saying, Hey, I have this info , about you. Would you pay 50 to get it off the list? So we don’t sell it to somebody who’s probably going to be nastier about extorting this data.

This is a new tack and a clever one. are they asking individuals to do 50 in Bitcoin? Are they actually taking credit cards? Are they taking Apple pay?

I am, I did not go down that route to ask, but that’s the logical question is how do you hide this, where the money goes but they also know you have no recourse.

They’re just basically saying we’re helping you expunge a record from a bad database. your is couched in some sort of protection for the attackers.

Let’s assume one of your kids just called you and said, Hey, I’m in Oklahoma. I just got this email. this is back to the, do we pay the ransom or not?

Is your recommendation to your kid, hey it’s 50 bucks, here’s how you get Bitcoin, here’s how you pay it just pay it. Or is it, you know what, you’re dealing with criminals. These people aren’t to be trusted. this is still a tough question, even when you get down to the individual.

Is it worth the noise of, 50 and you basically go, okay, maybe it will relieve me of having to deal with, clean up a lot of messes that I may inherit because my data got sold. When I go and apply for a mortgage, I may not be able to get it approved or a bank because somebody just abused my identity.

I think, based on their success of this attack new versions of this will come out. This is basically holding your data now and holding you hostage

all right, so let’s talk about the Integris, it’s funny because we were talking about this a little bit prior to show and we were talking about how good the customer service is from the attackers, like they want you to pay, they’re very responsive, the email is very friendly, it’s very, it’s written by a very friendly fellow for helping you.

Yeah, We’re here to help. And, we have access to this record. We’d like to take it out. We’d like to help you, would you like to pay? Oh, by the way, we’re going to make it easy for you. Just click this link, do whatever. They make it easy, but let’s take it from the other perspective.

Integrus. You’ve already been hacked. There’s nothing you can do from that perspective. What do you set up in order to coach your clients, help your clients, help the people in your communities? Or, is there something that you have to set up or think about if you’re Integrus? I think they’re following, I think, the FBI recommendation, which is don’t pay anything.

Yeah, we’ll let the legal firms deal with it because class action suits are already following this path they’re suing the hospital on behalf of the patients. There’s It’s going to be, I think 2024 will shake out to be the year of the new sets of class action lawsuits filed on behalf of the patients for their breach.

They, patients have had it. That’s my perspective. Yeah. I’m starting to sense that anger I’ve got three letters last year. Three. And you go, come on, can you not keep this thing under lock and key? Can you not do manage this better than having people say, oh, we’ll give you two years free credit monitoring?

Yeah, but they have all my other data, right? I have people who can’t file taxes because their social security number and their personal information got compromised. This has to stop. Yeah, that’s interesting. Let’s see, how long has it been? It’s been at least 10, maybe 15 years. I’ve had the credit monitoring reporting protection on my system.

So when I get those letters, I just ignore them even though I should take every one of them just to have the health system actually pay for it because they’ve caused this. But if you’ve been in technology for any period of time, like the people I know who really are in technology and really understand security.

Way back in the day where the ones who coached me and said, look your stuff will be compromised sometime in the next, whatever it’s going to be compromised. You might as well get this. protection on for you, your children, and keep it on forever. Because it’s just the world that we live in.

And I had somebody who really, NSA level, really understood security. And I asked them, I’m like what do you do? And it’s essentially they didn’t do online banking. They didn’t do online, like anything. I’m like, how do you function in our society? It’s and I think it’s becoming harder and harder to function in our society.

It gets harder and harder. Trust me, there are lots of things I don’t do. I’m trying to keep a small footprint, but even there, you count on your trusted organizations. If I go in there for medical care, I would expect that they would take My data as seriously as a bank does that handles my banking.

This is a, this is an election year. Should we expect this to be a campaign issue at some point? Would we be surprised if at one of these debates that somebody brings up, Hey, you know what? My health care record’s been compromised at three different organizations over the last two years. It’s created this kind of problem. what is this candidate? Could be a state candidate, could be a federal candidate. Do we expect I expect that to start to get to that level of consciousness. Don’t you?

I think what did I hear once from a CIO who said doctors are more concerned if their salaries were published than they would be if their medical records were published.

I said, oh, that’s a great perspective.

Yeah. there’s a certain amount of truth to that. If you thought about it, if I really wanted to cause disruption at a large company. If I could hack the salaries, the salaries nothing creates more chaos. Why is that person getting paid?

Oh my gosh. Yeah, no, it’s crazy stuff. you and I I know offline, we’ve talked about the state of New York and their plan moving forward the plan is to release money. To New York hospitals that can’t afford it for security to come to a certain level of security.

Now we have to determine what that level is and how that gets measured. And then how you qualify for that money. And what’s the cutoff of who can afford it and who can’t afford it. I think in our talks, we I expect that to start to become a common discussion across the country, although it’s tight economic times across the board, it’s tight economic times for states.

So it’s going to be hard for every state to do what New York is doing. I know, New York is doing it. What’s the other state that’s looking at doing it? California, I think.

Yeah, I don’t, California must have their own treasury. They just keep printing money because Economy, that’s pretty sizable.

But how can we function when healthcare is, what, one quarter, close to one fifth of our economy. And it’s backed, and it’s based on digital data. How can we not have an impact if we don’t secure that data?

here’s the thing I have proposed in past, and everyone just brushes it off as you’re insane.

But as the consumer, and that term is used very loosely in healthcare, I understand that. I’d like to have the option. to have my record expunged from a health system. I haven’t been there since I was a baby. And I don’t want any of that information over there.

And, I feel like, first of all, there should be a way for me to know where my data exists. And then there should be a way for me to say, you know what, I don’t want you to have it. Transfer it to, I don’t know, transfer it to Tefka? Transfer it somewhere that I trust. they’re investing in the right security model and the right security plan.

And it could be maybe it’s potentially just the local health system that I’m a part of, and I trust them for whatever reason, or maybe it’s some federal entity or some Tefka’s not a federal entity, but whatever, it is, IT’s a trusted entity. It’s almost the same concept as the honest broker for de identified data.

It’s I want my data held in a secure location. Where there’s a higher standard. TSA we pay for the TSA based on our airplane tickets having a TSA charge. Should there be the same kind of concept that says, hey, when you come in for a visit, there is a nickel that’s added to your bill to help secure your data.

Why can’t that be done? That’s, it just seems crazy that we immediately slapped out 15 or 20 to the airplane ticket, hired 200, 000 or plus TSA agents, added all this infrastructure. And nobody complained about it. And yet, we’re losing data right and left, and everybody goes, oh, it’s too expensive. It just doesn’t make sense.

That’s my humble opinion as both a patient and somebody who talks to a lot of these organizations that have been breached. It’s sad. It’s not, it’s wrong. Yeah, shout out to TSA though. I’ve been, to be honest with you, I’ve traveled a little lately. And that has come a long way. It has come a long way.

They outsourced it to Leidos, it appears. Because I see their logo all over the place on TSA stuff now. And it functions pretty well. I still get annoyed every now and then, but it’s, it’s not what it was when we first started Post, 20 years ago. And everybody complained and everything was retrofitted.

There was tons of tie wraps everywhere to hold things together. Do you remember that? Every, all the signs. What you’re describing is a, an accurate depiction of what security looks like in healthcare. I was going to say that when I made that reference, I said, wait that’s how we do it today.

Is it going to take 20 years? But TSA succeeded because they slapped the charge on every ticket. We had a TSA charge.

Yeah you’ve got to fund it. You absolutely have to have a funding and you have to have a model that says, hey, To suck it up, we’re going to have to add it to the cost of your care. It’s a flat fee.

It has to be funded in a mechanism like that, that the rest of the organization can’t touch.

Correct. I look at it every time I go, okay. At first I was annoyed by it. It’s okay, what are they really doing for the, but then over time we get used to it.

It’s just tacked on and transactional fee. Yeah.

So it’s like gas tax, lots of water that you have to pay for in the air.

Yeah, I know. Yeah that’s a whole nother, we can get on the airline stories, it just cracks me up. It’s can I have a thing of peanuts? It’s yeah, that’s, 2 and 25 cents.

I’m like, it’s five peanuts. Like we gotta be free. What are we doing? like the idea of. flat fee on every every transaction in the health system. again, as long as that doesn’t get touched. And I’m saying it doesn’t even get touched by the CIO. It goes to security, period. It has to be that way.

Otherwise, it will become a part of the budget and it will get ripped up and distributed. It has to be dedicated toward, to it. I as a patient. would not mind if that were the case.

I agree. You glossed over my idea of being able to go to the health system and say, look, I need you to lose my record before I have to pay the hacker to lose my record.

But the hacker only loses it out of their database, not out of the hospital’s database. But I think there will be a need for trusted storage for all these records if we prove out that. Healthcare systems can’t secure it themselves. I think that was the motivation for people to say, just put it in the cloud.

Not to give people an idea, but, if the health systems aren’t going to put that tax on and funnel it to security, then the states should put that tax on every healthcare transaction and then force that money to be used for security. That way, there’s, a tax. The problem is, people can’t afford healthcare now.

And the price keeps going up and, it’s not a progressive tax. essentially it hits. The poor harder than it hits the wealthy.

I’m not saying it’s universally equitable to apply that, but how else can you do it?

But, we have a lot of taxes that are that way.

The gas tax is that way. if you’re an Uber driver and you’re only making X amount of dollars, that gas tax hits you a lot harder than it hits me because I Quite frankly, do a lot of my work right here, so I’m glad to be in the car.\   📍 📍  welcome to This Week Health, where every morning is an opportunity to transform your day with the power of health IT knowledge. Dive into our diverse podcasts on Spotify or Apple Music. Featuring shows like Today and Keynote, bringing you insights from the forefront of healthcare technology. But there’s more.

Our daily Insight emails deliver the latest health IT news directly to your inbox, ensuring you’re always one step ahead. And for those on the go moments, our weekly Clip Notes summarize key points from our content, making it easier to stay informed, engaged. and aware of what’s going on in the industry.

And don’t forget to visit our revamped website, especially the news section at This Week Health News. It’s your curated hub for the most relevant news selected and summarized for your convenience. This Week Health is more than a platform. It’s your daily partner in navigating the ever evolving world of health IT.

Subscribe, follow, and become a part of a community that’s shaping the future of healthcare. This Week Health, where your journey into health IT excellence begins every day.

Interesting. This is an interesting conversation. Interesting way to go in the beginning. I have to commend you. We’ve done a whole show and we didn’t talk about AI. That I think it’s going to be a year of AI, new ways of leveraging it new ways that people are going to leverage AI for interesting problems, I think, as we get more comfortable with what language models can be, I can see a programming language model, I can see a design language model for engineering,

Why should we be having, today we have this first pass, ChatGPT. Oh, we trained it on a variety of everything. I think we’re going to see more specific language models that are dedicated to specific topics, where the relationships between the various topics are automatically learned by the language model and then able to be leveraged. I’m a design engineer looking at a structural member, all the requirements To meet compliance and physical properties and cost barriers should all be embedded in a language model that can say, hey, that bolt that you’re trying to bolt these two pieces, that’s undersized for the job, as opposed to the engineer who has to say, gee, it’s a one inch bolt that should hold, and maybe I put a specific tensile strength on the bolt, check the language model, The knowledge model, I prefer to call it a knowledge model versus a language model.

It should have that concept built in and be part of your design validation.

Yeah, absolutely. The language model is going to define those individual tools that you’re talking about. The knowledge model, and I like that terminology, is what I’ve been talking about with people. I believe there’s going to come a time when, if I have a security question, I’m going to get on the phone and call you and direct.

You’re more In tune with what’s going on there, you spend a lot more time in that space than I do. And if I had a question about data, I’m going to call Charles Boise if I have a question about, it’s the knowledge models are going to start to work that way where it’s okay.

I’m going to outsource this question over to the science model, to the engineering model, to the whatever. I think that’s one of the things that’s going to happen, but I think the other thing that’s going to happen is we’re just going to have the enterprise, the entire hospital enterprise, workflow, outputs, financials, whatever.

It’s going to wash over this knowledge network. All the time. Yes. Instead of us having to go, Hey, we should do a study on this and a study on that. You’ve already done it. It’s just going to pop it up and say, Hey, you realize if you make this change in this change. You’ll probably save eight million dollars a year.

And you’ll look at it and go And one day you’ll get the note that says, why do we need all these people around? We computers can do this better than they can.

Yeah or it’ll generate warnings. Like somebody will sit there and go I’m going to order this supply. And it’ll pop it up saying, every time you order this supply, because it’s a one off, it’s costing you this.

Consider ordering this one There’s just so many options now.

And I think we’re going to have to start thinking in terms of how these things are working together. This is the same way technology always evolves. out and we do these point solutions.

But at some point, I think there’s going to be fabric, a framework sits, that we need to be thinking about how all these things are going to work together. It’s going to be interesting. So we didn’t get out of the show without talking about AI, but at least we touched on it.

I remember years ago when the concept of the paperless office first came out.

It was a time when we had secretaries and Steno. Takers, note takers, who would then convert your conversations into type written pages to circulate. Yeah. And everybody laughed and go paperless office. Really? You know what will happen to all those typewriters? All those typewriter technicians, all the people who train?

There was a whole transition that occurred and I remember when the first word processors came out and everybody go, oh my goodness. Look at all the changes that we could now e effect. Now we don’t think anything of doing our own word processing, doing our own document generation, sharing it globally.

The speed with which transformations occur are much faster than we think. I think the scenarios you described above totally possible within the next five to ten years.

Yeah. Do you still use paper at all for anything? Just because placemats.

You crack me up.

I still have a paper notebook that I take notes and everybody notices I reach look down and they go, oh, David’s writing notes.

Exactly. I have a daily planner. It keeps my life in order and over my shoulder, you can see all My journals for the last 10 years. No, last 8 years over my shoulder. The thing is, I don’t have to worry about the PHI in there. Exactly,

it’s more secure in paper. We always used to joke and say you could never get 50 patients records, 100 patients records out of the hospital without it weighing down 25, 30 pounds of stuff to carry.

Yes. Now, you could lose it in a flash.

Yeah, literally. David, always great to start the year with you. And Chime Vive, you going to HIMSS? What are you doing? I’m going to VIVE. You’re going to VIVE. That’s what I’m scheduled for.

Okay. Not going to HIMSS this year?

I have to check with my boss. I have no idea.

I have no idea. the woman who runs our marketing has control over that. She’ll go, you’re going to this meeting. You’re going to that conference. I go, yes, ma’am.

I will close with this, they have these one on one meetings at, I think at the VIVE conference and, I was talking to somebody who was talking to you just prior and I was standing there with your CEO for Tausight and I said, Oh, what did you talk to David about? He’s Oh, woodworking. We were talking about, some wood project or that kind of stuff. I have to admit, I know who that was and I have to admit I was pretty guilty of it because we’re talking about getting fingers sawn off in these old tabletop saws.

And I bought a brand new one that, you could fix a hot dog on it and it would stop it. It’s just funny though, because the marketing person, the CEO is just rolling their eyes and they’re like, We paid for him to sit there and talk about woodworking with somebody who could just as easily get on a Zoom call or something and talk about woodworking.

It’s okay. I’m yeah, that’s why we do business. We do business with people we like. Exactly.

I’m not out there only to tell people what we could do for them. It’s also, think the thing that has really I recognize in healthcare, it’s a community. I don’t see these folks.

I hadn’t seen these folks for a long time. We got caught up talking about, Hey, what have you spent COVID time doing? And I said I hunkered down in my workshop and we were, I was building stuff and he said, Oh, me too. And we started, deviated down this path of keeping your fingers from getting sawn off by.

So there you have it. If you’re going to do a VIVE one on one event. Pick Tausight if you want to talk about woodworking and David would be more than happy to. I’d be more than happy to entertain you on that. That’s awesome.

Bill, thank you. Thanks, David. Appreciate it, as always.

And that is the news. If I were a CIO today, I think what I would do is I’d have every team member listening to a show just like this one, and trying to have conversations with them after the show about what they’ve learned. and what we can apply to our health system. If you wanna support this week Health, one of the ways you can do that is you can recommend our channels to a peer or to one of your staff members. We have two channels this week, health Newsroom, and this week Health Conference. You can check them out anywhere you listen to podcasts, which is a lot of places apple, Google, , overcast, Spotify, you name it, you could find it there. You could also find us on. And of course you could go to our website this week, health.com, and we want to thank our new state partners again, a lot of ’em, and we appreciate their participation in this show.

Cedar Sinai Accelerator Clearsense, CrowdStrike, digital Scientists, optimum, Pure Storage, Suretest, tausight, Lumeon, and VMware who have 📍 invested in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.

Tausight was founded in 2018 by the co-founder and former CTO of Imprivata, David Ting, with the vision of reducing healthcare-specific cybersecurity incidents by simplifying the way hospitals and healthcare systems detect and manage PHI risk in today’s decentralized healthcare ecosystems. Applying breakthroughs in ML/Federated Learning and NLP, and a detailed understanding of clinical workflows, Tausight developed a revolutionary and affordable, situational PHI awareness platform, giving time back to IT security staff, enabling the free exchange of PHI/EHI, and allowing clinicians to work securely from any device or location.

© 2023 Tausight Inc. All rights reserved.