Sept. 25, 2023: David Ting, CTO and Founder of Tausight, joins Bill for the news live from HLTH23. Can the sphere of cyber security keep up with the accelerated rate of AI technology innovation and what are the risks of adopting new technologies like OpenAI’s GPT-4? As the digital landscape diversifies and grows, we confront the pressing question of how we can secure proliferating data, especially in the complex terrain of the cloud. Compounding these challenges, we reflect on the reputational and operational risks posed by large-scale data breaches and discuss potential mitigation strategies. How are organizations adapting to the financial pressures of maintaining an impregnable digital fortress? Join as they delve into these critical considerations within the ever-evolving landscape of cyber security.

Key Points:

• Cyber Security Challenges
• AI Technology Innovation
• Risks of Data Migration
• Reimagining Cyber Security
• Sustaining Digital Fortresses
• Data Breach Implications

News Articles:

• Boards Still Lack Cybersecurity Expertise
• Intel pitches the ‘AI PC’ at software developer event
• MGM, Ceasars Cyberattack Responses Required Brutal Choices

Read on thisweekhealth.com.

 

Video Transcript:

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on This Week Health.

Graphics, video processing, highly inaccessible at the time when we were doing research on it, to something you take for granted. You have no issues having four people on a Zoom on your phone. 30 years ago, that would have been impossible  (Intro) 📍

Welcome to Newsday A this week Health Newsroom Show. My name is Bill Russell. I’m a former C I O for a 16 hospital system and creator of this week health, A set of channels dedicated to keeping health IT staff current and engaged. For five years we’ve been making podcasts that amplify great thinking to propel healthcare forward.

Special thanks to our Newsday show partners and we have a lot of ’em this year, which I am really excited about. Cedar Sinai Accelerator. Clearsense, CrowdStrike,. Digital scientists, Optimum Healthcare IT, Pure Storage, SureTest, Tausight,, Lumeon and VMware. We appreciate them investing in our mission to develop the next generation of health leaders.

Now onto the show.

(Main) 📍 All right, here we are from the HLTH Conference in Vegas, and we’re going to do a live news today episode. David Ting? Nice to see you, Bill. CTO, founder? I am founder. Tausight, so we have your booth right here behind us.

You guys are in some sort of awards area. Yeah. What award did you get? I don’t know, but…

I don’t know, I don’t know, but it’s really great technology. Really good technology. I think we’re a good company.

You are a good company. I’m looking at some of these companies. It does seem to me, though Have you seen a booth yet that doesn’t have AI mentioned in their booth?

I’m looking at one right now that has it right in their name, but they bolded the AI in their names. I think every booth in here, the Microsoft booth, is awesome with the startups. Everything is ai. We’re gonna get to the conference, we’re gonna get to the AI stuff. I want to come back. We’re in Vegas.

We’re gonna revisit a story we talked about the last time. And it was MGM was hacked. But it turns out Caesar’s was hacked as well. Ransomware attacks, and they got in the old fashioned way, they called the help desk and said, reset my password. And oh, by the way, didn’t reset the target device for the dual factor authentication.

And they let ’em in. Regardless of how, how to get in. ’cause we talked about that extensively. The last time we talked the thing that was interesting was there was an article that discussed that Caesars opted to pay, right? $15 million. M G M decided not to pay, and MgM had well more in cost, pay more multiples, multiples than that $15 million.

I wanna talk to you about the strategy going into it. You’ve been in security for a while now. Is there a strategy going into it? Is there something that, as a healthcare provider or professional, they should be thinking about? I mean, taking that hard stance, is there a benefit of taking that hard stance and saying, we’re not going to pay?

I think there’s a real decision to make. Caesars deals with personal information, but it’s credit information at best. It’s not your personal health information. Right. So the loss. So what you call it is the shelf life of the data that you stole. Shelf life for data and patients lasts for their lifetime.

Data for the credit lasts until your bank… Right, so you change your credit card. So you change your credit card, or you may have to undergo monitering financial status, but it’s not the lifetime deal that you deal with in healthcare. So I think Caesars made a decision that it’s a financial transaction.

Yeah, let’s get over with it and move on. MGM said, never again, we won’t do this, and I think, they’re suffering through it like a lot of people in almost any of these ransomwares. If you look at WannaCry, MERS was out almost a year and a half before their shipping lines were back in operation.

Wow. A year and a half. Well, let’s take it a little different approach. We’ll take the article that you picked out, which is Wall Street Journal. Not enough cyber expertise on the board. Alright, so I’m putting you on my board. I’m a health system. What’s the conversation you want us to have?

We should probably have this discussion before an event, right? We should have a decision on how we’re going to approach it.

Everything from readiness to what is your game plan in a cyber attack? Should it happen? When it happens? How do you contain it? This is all the stuff that boards don’t typically talk about.

They talk about the financial resiliency. Now the whole… Trend is business resiliency, especially since everything in healthcare rides on the IT system.

Is it enough to have it as a subcommittee of the board? Because we don’t want to really talk about this on the board. So I read a couple of articles that were nice, interesting discussions on do you put a CISO on your board as you go through digital transformation.

It would make sense that the CISO would have knowledge of where all the stuff is, where’s all your application where’s your data being spread at, what would put you at risk.

But it’s interesting because that board is also going to be talking about should we acquire this physician practice and grow our, so you would need a special CISO.

I don’t know many CISO’s. Not in general,

I think we are starting to see that happening. I hear it. Nothing beats having the experience of a CISO that’s had boot grounds on the street kind of expertise, but at the same time the level of business decision making that you need at the board level.

For fear of CISO listeners, I would think the CIO is a better fit for boards.

I think there’s both sides of those discussions. I mean, they’re not as deep on the security side. But they see a general view. But they’ve been there. And they’ll understand the business of healthcare a little bit more and be able to participate in some of those conversations.

It’s a tough one. From a cyber perspective, I read a lot on both sides and the arguments have been really interesting. Do you need that boots on the street kind of experience to understand how your system could be compromised? Or do you just have it flow up through? The CIO.

But look, I mean, HR, we have subcommittees for people and different, various different things.

And we bring the people into the room who will give us, hey, here’s our current security framework and our posture and here’s the things we’re investing in. And then it’s the subcommittee’s job to go in, filter it, and then bring it up to the board and say, hey, look we have a serious discussion to be had here, which is.

And it should be made at the operating level, should be made at the subcommittee of the board level, should be made at the board level. Are we going to pay ransom or not? We need to make that decision today. I think so. Before we have the conversation. And let me explain to you what this means.

So, what it means is, and you can use the MGM Caesars example and say, look, what it means is, somebody wasn’t out at all. Somebody had, in a very sophisticated IT environment, was down for about 10 days. Now we saw with Scripps, 10 days becomes close to 30 days of disruption, serious disruption to a health system at Skylakes and some of these others.

So we need to have that conversation. Let me frame it up for you, or we’ll have people in the room to frame it up for you. Now we’ve got to decide. We do. What are we going to do? Is that a board level discussion, or is that an operating decision from the executive?

I think there are two things.

It’s the size of the impact. Potential impact. Did you get all my data, or did you get some? What’s the disruption to the business? I mean, I read the article from my University of Vermont, and how Jeff Bezos said it was the worst thing, even worse than the pandemic. Being out for the 10 or 2 weeks that they were out when they got compromised by ransomware.

It has to be a decision that I think that is The game plan has to be thought through in advance, so that when you do know the circumstances of what the size of the compromise and the extent. Casinos, their primary driver is business resiliency. Let’s get back to business the fastest way we can.

Healthcare, you’ve got to consider all the other dimensions. What’s the harm, potential harm to the patient? Do I really trust that my ransomware attacker is going to actually not hold my patient’s extortion based on the data that they’ve stolen? There’s a, I think there’s a very different dimension when you’re talking about ransomware attacks on health care versus an enterprise like this.

Yeah, it’s the type of data. It’s the type of data in the shelf life and the potential harm to the patient. No easy solution.

Let’s talk about this conference, and I think specifically, I mean, AI hovers above this room in every way, shape, or form. How, some of the things I’ve seen in the past two weeks, I’d love for you to comment on the So I just sat through a Microsoft announcement.

This will air after the embargo on that. So that’s good and I was at a conference last week for notable both are essentially looking at creating an AI Platform if you will, right so it’s not one technology. It’s several technologies layered to consume the information from healthcare. I think the biggest benefit I’m seeing from both of them is they’re taking that 80 percent of the data that’s been locked up for years, the unstructured data, and they’re making sense of it.

And they’re making it actionable for population health. Hey, you’re of a certain age, whatever, you should get a colonoscopy or a mammography or whatever it is. They’re making that stuff actionable. FACTS is coming in, becoming actionable almost immediately. So that’s what the platforms are really all about, is getting the data to an actionable state.

And for me, it seems like we’re getting to a point where the promise of taking healthcare digital is finally being realized. Like, for years, you could see a doctor and say, oh, we’ve done all this stuff, what have we gotten for it? Well, we’re starting to see some really interesting use cases come about.

Because once all that data is ready to be acted upon, Now I mean, and that’s just the making it ready to be activated. Now we still have that natural language front end. We have the reasoning engine. Correct. And we have the ability to modify and shape the output. Right.

I’m curious, what does this mean? Are we at an interesting, are we at an inflection point? Are we at the starting line for something really interesting?

I think so. I think you just walk around any of these startup ventures, all these little booths out there, every one of those. has AI embedded in there. Everything that deals with taking care of your health, or some part of your body, is expressed in some AI based solution out here, which is…

How much of it is AI washing?

I think it’s a little bit of that, but I think there’s legit… The platform for doing AI, for the inferencing, for the analysis, for the ability to correlate large amounts of data, we’re starting to see it. It’s highly accessible now, right?

I think it’s… Technologies have evolved.

The thing that you and I’ve always talked about is hardware is going to lead us into new grounds and Intel’s announcement of their Meteor Lake and their AI chip capability that’s coming out this December means we’ll have a whole new generation of PC machines, servers that will all be AI enabled.

So all these algorithms that we’re building, the larger, more sophisticated models, that’s all going to be realizable right at your fingertips. That’s a huge shift. I did report on the Intel story, and to be honest with you, I struggled a little bit on the use case. I guess privacy, like you could have AI use cases local to a PC.

I mean, is there an aspect of this I’m missing? I really couldn’t come up with the use cases. I was struggling.

Okay, so what Intel has advertised is that they can use it for a variety of things that you can do at home. generating new videos, generating augmented imaging, but it’s also the engine that will drive NLP, natural language processing, the ability to do generative AI transformers, all that can now run on your PCs, on your servers, things that we used to struggle with becomes easy.

So the thing that has made Zoom, for example, possible, or video teleconferencing, It’s the whole capability that we’ve added into the chip to do video processing and graphic processing, which 20 years ago, 30 years ago, was way out of reach. You’d need a specialized hardware to do that. So imagine the next generation of devices that could monitor your personal biometrics to say, Hey, Bill, cut back on those things and get more exercise or become your personal assistant.

I think. Trends are all vectoring in the right direction where, again, the ability to analyze large amounts of information, distill it down, and apply it to a customized environment is what AI is going to allow you to do. So, trends that work for health and aging, I see a couple of these apps out there.

How do you get, how do you age better? That’s going to be driven by data, but applied to you, specifically. I think that’s where the promise of AI is going to be.

📍 📍  We’ll get back to our show in just a minute. We have an excellent webinar coming up for you in November. We had an excellent conversation about AI in September with three academic medical centers around the topic of artificial intelligence.

It really was exceptional, and we released it on our podcast channel so that we could share it with a wider audience. I wanted to explore that topic a little bit more, and I asked a couple of additional health systems to join us to explore the use of generative AI and other forms of artificial intelligence to see if we can identify some pragmatic approaches to how health systems are looking at taking advantage of this technology.

The webinar is on November 2nd, 1pm Eastern Time, 10am Pacific Time. You can reserve your spot on ThisWeekHealth. com and one of the things we love is that you can submit your questions in advance and we can make sure that we, answer those questions and keep the webinar relevant to the things that you’re looking to talk about.

So, please join us November 2nd, 1 p. m. Eastern Time, 10 a. m. Pacific Time. Now, back to our show. 📍

Did I talk to you about Dr. GPT? It’s funny. No, it was funny when I read it. I did a story, I said, Dr. GPT. And in the title, I said, No, really, it’s a thing.

So, essentially, this it’s a physician went out and used Lambda 2, which is openly available, and then trained it with a bunch of accessible models to train it. And it’s so small, that it fits on your phone. And so it doesn’t go out into the cloud and whatever, it like, keeps all the info local it’s doing it’s reasoning locally and whatnot.

And he open sourced it, by the way, Dr. GPT is open source, like you can go to town and go with whatever’s next. And I was looking at that and I thought, okay, maybe not that interesting for the U. S. Although interesting, because we pretty much have internet. It’s ubiquitous here. We, not a big deal.

But when you think about places. Where where it’s the internet isn’t as solid, and you want to be able to talk to a doctor, your child just fell, your child’s doing whatever, and having that thing, yeah, having that thing local to go, hey, what about this? Right. Is pretty interesting. Now, I’m sure it needs to go through studies, we need to see how it responds, but it’s, instead of chat GPT, it’s literally trained on health data.

Health textbook data and that kind of stuff is what he was utilizing. And so you would think there wouldn’t be as much hallucinations because it’s getting, it’s summarizing data straight from there. I know you’re worried about hallucinations. I’m always worried about hallucinations. I know. It’s but when it gets smaller and gets more accessible and more accessible…

It’s more personalized. It’s more personalized, right. And that’s what Bill Gates saw. When Bill Gates was asked about this technology, he said… We will all have

personal assistance. Oh yeah, I mean, we didn’t believe personal computers were going to be affordable when, before the PC came out. Hardware drove the costs down, all of a sudden, boom.

We are now, we can’t live without them. Graphics, video processing , highly inaccessible at the time when we were doing research on it, to something you take for granted. You have no issues having four people on a Zoom on your phone. 30 years ago, that would have been impossible, given the bandwidth restrictions, memory restriction, processing.

Now, the ability to have embedded AI is going to mean you can do full time, real time translations of languages. You can have your local expert that will respond to you, again, using local processing. So, you’re a big believer in that the hardware is driving this. NVIDIA sort of owns the chip market, but we’re seeing a lot of players.

I’m not sure if it was Google, but I remember one of the big players essentially is making their own chips. It could be AWS, I don’t remember. I’m not sure about AWS, but I know any of these firms that want to stay in this business is going to end up building chip hardware or supporting a platform that will enable them.

So, Intel has their OpenVINO, which is the, gee, my software layer above any hardware processor. So you could bring your models to me and I will run it. In the best way I can on the local platform. These are all advances that I think over the next five years are going to make huge improvements. But we’re getting back to the age where, it used to be the mainframe took up this massive room and that kind of stuff.

We don’t see it today, but if you went to an AWS data center…

It’s a data farm that’s the size of a city. Yeah, they’re massive. And there is I’m seeing more and more talk, finally. Around the environmental impact of these things. There’s a lot of processing going on and it’s, it utilizes an awful lot of electricity.

It’s carbon footprint and all that stuff, so a lot of them are trying to be carbon neutral. Unlike the data mining folks that are trying to mine from crypto coins, that goes through a lot of, generally a lot of carbon for the points that they find. We have the same issue with ai. If you have these server farms that are sitting out there, Chewing, I think I read one estimate, they chew more power than a small city.

Angry electrons need to be pushed a lot. A lot of coal has to be burned, a lot of fossil fuels, but credit to them, they’re all focused on how do they make this thing more green and leverage renewable energy. Yeah, it’s interesting when I was at St. Joe’s in Southern California, we were getting out of the data center business, we moved it all to Las Vegas.

And people were like, Las Vegas, why would you do that? . one of the things that was interesting to me is when we came up and looked at the data center in Vegas, was they used an awful lot of outside air. And I said to them, how can you use outside air? It’s so hot here. They said, well, come back here in about 10 hours, because it’s high desert.

When the sun goes down, it gets really cool. And they were pumping a lot of outside air in. Which is a lot better than trying to cool with those computer room air conditioners and whatnot. And they had a whole bunch of different technologies that they were using to essentially drop down the, so the economics

for them was just cooling alone. Cooling alone.

Yeah. Well, it’s it’s power consumption, but a lot of 📍 the processing and whatnot is every time you have that angry electron moving, generates heat. Yes. And if we don’t keep those places cool, in fact there’s been some experiments of actually having these data centers underwater.

There’s been some where they said, let’s see how hot we can leave it and still have these machines function. Seriously, they said, well, we’re trying to keep them at like 60 some odd degrees. Let’s see if it can operate at 65 degrees. Because that 5 degrees, as we know in our homes, that’s a lot of money.

So the electrical engineer in me always worries about heat in semiconductors.

Yes, I would imagine. Or underwater. I don’t imagine semiconductors do well in water.

Yeah, you could use, you could heat transfer without putting the thing underwater, I’m sure. But angry electrons generate heat.

Hard to swap out that server underwater. It’s exactly… My understanding is what they did when they put it underwater is it was a true cloud fabric kind of thing.

And if a server went down, it just, the software operated around it. And they just waited until enough of them sort of went bad. And then they brought it to the surface and rebuilt it. Cause that’s, what’s going to happen. They’re going to go bad and then they just shut them down.

I don’t know.

Or batteries in your Tesla. Or bad blocks on a magnetic disk. Right? You work around them.

Well, last question. What are you going to be looking at at this conference? What do you hope to find while you’re here?

I’m looking at a lot of AI usage. A lot of people are looking at how do you leverage the data out of the PHI that you’re finding with AI.

A lot of the conversation’s got to be around Especially around what we do, we find PHI in real time as your users generate them, so finding the ecosystem of people who can leverage the latency, the reduction in latency versus, gee, I have it in my data store or somewhere where I know the PHIs, or the people that care about having immediate access to PHIs.

As soon as the doctor wrote a note, boom, I found it, I’ll tell you about it, and you can do something with it. Putting it into a chat GPT to create a better summary because it’s real time. We’re getting to a point where the time lag between creation and analysis has got to be reduced. There’s got to be partners out there that can understand the immediacy, the value in immediacy of getting access to patient records as it’s being generated.

data I keep reading is 85 percent of all patient records. are non structured data. It’s the stuff that people write. And the other data point I read is the 36 percent CAGR in the amount of data that’s being generated in healthcare year over year. Doubling every two years. That’s crazy. How do you make sense of all that data and get the value out of it in terms of improving patient care and improving outcomes and efficiencies?

That’s all going to be relying on how fast can we identify that it’s critical data, how fast can we analyze it, how fast can we put it into our model and augment our model and distill it. The value of AI in a larger context is the ability to take huge amounts of data now and really quickly take advantage of the models you’ve already had built to distill it down to things that are relevant.

I think the CIO in me is thinking about the remediation. So I’m going to bring your tools in. It’s going to identify all this stuff. It’s going to generate a whole bunch of work. But what I’ve seen AI be able to do is act as an intelligent broker, if you will. And I’d like to be able to, in natural language, say Hey, that data store, move it over here.

That, move it into this file system. And really take the amount of time it takes for us to respond to what we find. To make it very quick. In fact, not require IT staff to do it. But… I actually have a clinician go, Hey, move this to the secure data store. And it moves it and it’s somewhere where IT knows how to keep it safe.

I think a lot of those remediation, automation, are going to become, as more AI has been built the platform that will be able to do it manually, first it’s sort of like walk, crawl, run. Yeah. Let’s make sure we know what we’re trying to do from a policy. We’ll have to do it manually, and then slowly automate it, and then bring in more intelligence to do this in a more organized fashion.

Walk, crawl, run in healthcare used to mean three years. Can’t do that anymore. Can’t do that anymore. I mean, it feels to me like, and we talked about this too. I mean, last Thanksgiving, all of a sudden, a couple of people were talking about ChatGPT, by the time we got to Christmas, everybody was talking about it.

And so now I’m sitting there going, hey with the kind of tools that we have available, I’m seeing progress being made in healthcare.

It’s exponential. At a very rapid pace. It’s really increasing.

And it needs to be in every area, including IT operations, IT administration, and security.

Well, it’s compounded by the fact that there are not enough people to do the work.

Right. So automation has to be part critical. Intel AI can help you be quantum. You can use the quants, the numbers, to drive your decisions versus subjective decision makers. David, have a great conference. Thank you. Same here. Thank you for having me.

And that is the news. If I were a CIO today, I think what I would do is I’d have every team member listening to a show just like this one, and trying to have conversations with them after the show about what they’ve learned. and what we can apply to our health system. If you wanna support this week Health, one of the ways you can do that is you can recommend our channels to a peer or to one of your staff members. We have two channels this week, health Newsroom, and this week Health Conference. You can check them out anywhere you listen to podcasts, which is a lot of places apple, Google, , overcast, Spotify, you name it, you could find it there. You could also find us on. And of course you could go to our website this week, health.com, and we want to thank our new state partners again, a lot of ’em, and we appreciate their participation in this show.

Cedar Sinai Accelerator Clearsense, CrowdStrike, digital Scientists, optimum, Pure Storage, Suretest, tausight, Lumeon, and VMware who have invested in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.