Transcript
Patagonia Health 1:21
Balakrishna Subramani will be presenting today's webinar. He is joining us from Sam Analytics Solutions, where he is a lead cybersecurity analyst. With them, he has a wealth of knowledge and experience in his field. He is a lead analyst in cybersecurity. He does things like develop and implement solutions and strategies for cyber risk mitigation. He works with both small and medium-sized businesses and industrial control systems. He works in implementations, performing security assessments, designing and implementing mechanisms for security, data collection analysis, reporting and all of these things he does for both on-premises and in the cloud solutions. So we're so happy to have you with us today. Valu, we're going to be talking about these topics more in depth, specifically on how to help you do those things that were listed for recognizing threats and vulnerabilities, both at work, for your remote work and in your in the clinical setting, helping you to with the conceptual frameworks. Understand these security concepts in a holistic way. And we're going to make sure that you have references and resources for continuous self-learning, and for everybody that's attending the webinar today, we will be sending you a recording of it after the webinar. Alright, blue, I'll let you take it from here. Thank
Balakrishna Subramoney 2:52
You are, and good afternoon, good evening, and good morning, based on your time zone. So, cybersecurity is not very difficult in terms of a topic, but it can be quite involved. So in today's webinar, we're going to be looking at some of these concepts rather than all of these concepts. And before I actually get started with the, you know the little details about cybersecurity. Cybersecurity you can think of as a jigsaw puzzle. You cannot start solving a jigsaw puzzle from the left-hand side top corner. You need to put these pieces together as and when you can, and that is how I would like you to please look at this session. So, we are going to be covering various concepts. It may look or appear disconnected as we deal with it, but hopefully by the end of the session, you should be able to put all these pieces together and get your cyber security jigsaw puzzle assembled in your head. So, the first and foremost thing to understand is some kind of a model to work with. I call this model the dual world model, the two World model. So, think in terms of two worlds, one being real, the other being the digital world. So the real world is where we, you know, live, breathe, exercise and we engage in social activities. It's the physical world around us. We go on a picnic. The digital world is the world which is being created by Information and Communication Technology. So you engage in E commerce, you engage in banking, you also do delivery of health services. Now, this digital world is what we call cyberspace. So the important thing is, this particular session deals with cyberspace, and in cyberspace, there are basically three things. That make up cyberspace, hardware, software and networks. So what we are essentially looking at is how we are going to safeguard or protect secure hardware, which includes medical devices, incidentally, software, which is data, and applications and networks. So let's go further with this idea of a two world model, and let's see what cyber security is. So, I wanted to think of water in the real world, and I wanted to think in terms of information in the digital world. So, water is a commodity. It is utility. So is information. So the idea of cyber security is when you think in terms of the digital world. Imagine that you had reservoirs where you have water containers. Those are akin to hardware, the pipes in the canals through which water flows is like networks. So, an open canal where water could get contaminated is like an insecure network. So, I just want you to relate with this analogy, and in 90% of the cases, you will be able to answer the question regarding information security through this analogy. There may be exceptional situations, but most often, by just analyzing how water would be secured in a real world scenario, you could chance a guess at how information could get secured enough side in a cyber scenario. So we will continue with this cyber security. Then is physical security, which is securing hardware. Network Security. Please understand that network security means securing wired and wireless networks. So the important thing here is that when it comes to the purpose that is where we have software and applications now, software security is basically operating systems, firmware, applications and data, which is mainly the scope of this particular session. And we should not forget users. So, when it comes to consumers, you don't want people wasting water. Likewise, you don't want users behaving in a way in a loss of information or leakage of information. So the main purpose of cyber security is we want to contain and protect conserve information, like we will do in the real world scenario, vis a vis water, let's go one step further. What are information security objectives? Now, these three words will keep coming to you with any kind of literature that you read or any kind of conversations that you have with security professionals. They are called confidentiality, integrity and availability. So the concept here is that we want to make sure that information is not disclosed without authorization, which is a very, very central idea in today's session. We also want to make sure that nobody modifies things without proper permission. And we also have to ensure that availability is there all the time. So if a website goes down, it is a compromise on the availability of information. Likewise, in the real world, think in terms of you don't want water to be contaminated. So what you're going to do is you're going to take steps to prevent contamination. You want to take steps to detect contamination, and you're also going to take steps to correct it, which is what in security parlance, we call security controls. We will come to that in a minute. So continuing with this at this point, one thing I'd like to say is that if you have any questions, please do type it in the chat window.
We can take it up Alan when it's coming in your coming to you, because sometimes what happens is, when you're listening to a talk and you have a question, it kind of kind of gnaws you, then you kind of fix that, so just take the liberty to punch it in, and our moderator, Amanda, will just give me a shout out to let me know that there is a question in the chat window. I'm not looking at the chat window, incidentally, so let's continue. There is also another thing that I want you to be familiar with, which is cloud-based services. Now a lot of things today are based on services that come to you on demand. So gone are the days when you would install an application on your computer and you know, work with that application and not be connected to. Today, we are talking about a networked world, and when it comes to cloud services, the way I want you to think about it is that the NIST, which stands for National Institute for Standards and Technology, has come up with a model that is called the cloud computing model. And then that cloud computing model, what they did was they came up with three, so called service areas. Now these three service areas are called SaaS, PaaS and IAS. So the concept is any kind of hardware-related, plumbing aspects, those kinds of things belong to infrastructure, anything to do with operational aspects, like faucets, valves, pumps, electrical works which support the water system, all that comes under platform. And finally, right on top, you have software which is in the form of applications. So which means that if you think in terms of the cloud application, you are actually talking SaaS, okay, unlike a desktop application. Now let's look in terms of kind of switch and go to another area, which is data privacy. So what is this idea of data privacy? So I have a small scenario where here where a fictitious character, M is having a particular having a rare disease. Now, whether m is going to allow other people to know about this is M's right. And this idea is called data privacy, which means that information about me and my issues, or pluses, minuses are something that I need to take a call on and somebody else cannot take a call on it. And this is very, very applicable in the case of health care, which is why we are in this session today.
So the information that is something which is pertaining to me is normally called personally identifiable information, and in that category of personally identifiable information, one big chunk is phi, which is protected health information. So any business that is handling protected health information or PII is responsible for the safe keep of that information, because that is the promise that they're making to individuals whose data they are handling. Okay, and this is required by law. So that is why it is of interest to many businesses who are in the healthcare area and healthcare professionals to be aware of some of these cyber security practices. Now, I wanted to look at that model again, the two-world model, and I wanted to relate to this idea of digital identity. Now, mountains, rivers, all those are in the real world, in the virtual world. The entire virtual world is actually made up of interfaces.
So an interface is what gives you the experience of a virtual world, whether you're looking at watching TV, you're on your phone, or you're at work on a desktop or laptop or a tablet. Now, every real subject or every person in the real world has what are called digital identities in the virtual world or the digital world. So every one of us have multiple identities in the digital identities in the in cyberspace. Now the point here is that real subject can access the digital identity and its associated data. So, for every digital identity, you have associated data, and that is normally protected by what's called a password. So a password is an envelope around information in silo space. So one kind of an analogy that is given about password is lock and key, which is kind of okay, but I'd like you to please imagine an envelope which is the password. So, it is important that you have strong passwords. It's like having strong locks and good keys, right now, these pieces of information that are associated with their digital identity are normally called personally identifiable information.
The concept here of the principle of digital data privacy is that using personally identifiable information in cyberspace to not be able to get at who that person is. So if I'm able to identify using digital information as to who the real person is, then there's a problem with digital data. So this is what this whole idea of data privacy is all about. Now this information that is a digital. Identity, plus its associated data, is normally in the form of applications. So every application you will have a corresponding digital identity, and you need to protect it using a password. So, this is the whole concept of digital data privacy. Now I have a small story which I want to share with you, which is on the screen for you. I'd like you to just indulge me and read this. So there was this person called Craig who took a, you know, very enthusiastic marketing professional, who decided to take a photograph and put it on social media, unfortunate for him. It the photograph had some information about the patient, and she went to the office for civil rights, and then the Office of Civil Rights investigated that particular hospital, they found that they were not in compliance with E part stands for Health Insurance Portability and Accountability Act, which means that any hospital or any health care professional who's dealing with health care information about the patient should keep that information confidential and not disclosing so that is mandated by law. Now it appeared in this investigation, they found that this hospital was not in compliance. Now, this means, typically, it could be in penalties. It could mean, you know, a lot of basic issues and problems for management, loss of reputation. So many points come up which can be avoided. Now let's kind of move on to telehealth. So what is this idea of telehealth, the use of cyberspace in rendering health related services and information distribution that is tele. Health tele means afar or at a distance, and you're providing health-related services at a distance. Now, what is significant for us, from the point of view of today's discussion, is that in the real world, you have in person interactions, whereas in digital world, you will have cyber interactions. Now, if something were to come in the way of your cyber interaction, that would be a risk, but before we actually dive into that risk idea, we will have to do a small exercise. So let's do this exercise. What I want you to do is I want you to go to this particular website called menti.com, and I'm going to change my screen to show you the other one I
Balu 18:07
Uh, can you see my screen? It says menti.com on top, and it says, use the code 17246191, we can see that, yeah. So what I'd like you to do is, using a phone or your desktop, switch to another screen and go to this particular code and punch in any five applications that you use. Can you think of any applications top of the mind? Recall what are the applications you use. And in case you are not using any health-related applications that you can't think of, punch in any application that you comes to your mind. So as in, when you punch in those application names, they will come here for all of us to see. Now, please remember that we don't know who's punching in the information, so your IP and who you are is not tracked by this system. So just feel free to go to menti.com and start punching in the names of any five applications if they are health-related. Fine. Otherwise, no problem. I will just give you a couple of minutes to do this
.
Balu 20:05
Take your time. Do it slowly. I'd like everyone to participate in this, because that way, what happens is we have a collaborative experience in terms of how this whole thing looks. We understand what kind of applications people are working on.
Balu 21:02
Are you able to see the answers coming up? I do not see them. Just want to be sure that participants have seen the responses that are being posted by others as well.
Patagonia Health 21:19
I've got the my presentations Patagonia, but I Don't see any answers.
Patagonia Health 21:41
And our comments for the presentation, we also have some answers that were sent there. So some applications that were listed are Patagonia, which would be our EHR system, Outlook, Facebook, Instagram, also optim.
Balu 21:59
So let let me just maybe share my screen again. Tell me whether it's I was here.
Balu 22:15
So these are some of the things that people have punched in. Okay, now, in the interest of time, I'm going to kind of move on. So as you can see, some of these applications. You have epic, you have Mylogin, you have Patagonia Health. So you have various kinds of applications that are being used. Now the question is, let's move into a totally different area where we talk in terms of risk, and let's see what is there in store for us there. If you have any questions, please ask. Let me go back to my slideshow. Are you
Balu 23:02
able to see my show now? So, Rachel, we are okay. So what we are going to think about is risk is an event that stops you from fulfilling an objective. So that is the fundamental idea of risk. So if you are trying to reach out to a doctor and the doctor is not available, it's a risk because your objective was to reach out to this doctor, this doctor is not reachable. Now that is a compromise on the availability in terms of cyber interaction. Similarly, if you try to reach out and you are being taken to the wrong website and somebody has actually tampered with that website, then it is a loss of integrity in a cyber interaction. That's a risk. Similarly, in the event you are thinking in terms of, let us say, a patient's data, and that particular data has accidentally been seen by somebody who's not authorized to see it, that's a risk. And those are it's a risks to the confidentiality of information.
So data leak is a very, very important angle to what we're talking about now. There are three important things about risk, threat, and vulnerabilities, so I just wanted to keep these three words in the back of your mind. And we are in today's session. We are very keen on understanding what the threats are in the area of telehealth. So let's get into that. And. See what the threats are in health care in general? Now, I'm going to explain and get into details of the first two, phishing and ransomware. So, before I get into the next slide, I just want to touch upon third-party risks and medical device security vulnerabilities. So, imagine a case where you have an insulin pump.
And most devices today are what are called Smart. A device is considered smart if it can manage, can be managed or operated using software. So, if it needs software for its operation or management. Such devices are considered smart. Now, there are a lot of smart medical devices. Now imagine that something goes wrong with that particular software and the device doesn't operate properly. Now, that is called a medical device security vulnerability. One weakness is that you don't protect your devices with a password. You're using outdated systems. These are examples of security vulnerabilities at a device level. Another kind of thing is third-party risks. Now, what is this idea of third-party here? What we're talking about is you are buying the system from somebody, or you ask somebody to do a particular service. Now information leaks through that particular person, or a system supplied by a third-party didn't work properly or compromised your security. Those are called third-party risks. A main example is HVAC systems. So what happens is, you are asking somebody to come over in order to take care of the air conditioning in the hospital, and it so happens that that person's system, that company's system did something with the hospital's network. Those kinds of things do happen. So those are things that you need to take care of for third-party risks. Now, let me tell you something more about ransomware. I want to illustrate how a ransomware attack takes place so that you can visually reconstruct the scenario and hopefully protect yourself the next time around. Now, this is a schematic of a network. So a network has different kinds of devices all put together, let us say there is a person on laptop c5 who you know, clicks on a link or does something, and this particular user lands up installing a program without their knowledge. Okay, now what happens is that this program that is residing here runs and it replicates itself, so after a few minutes, hours or days, it is in all systems of a network.
Now, at this point, it starts communicating with the bad guys who are outside the network. Now, once this communication is established, what the bad guys are able to do is they are able to give directives to that particular program on any one of these computers. So what they would do is that they would slowly take control from remotely, that is, and one fine day, what they're going to do is, when they are ready, they are going to just encrypt all the systems, and they're going to send you a ransom. So now the organization that is the victim of this kind of attack is completely taken away because they didn't expect this, and all the systems are encrypted and nobody is able to use anything. Now, this is exactly what we need to avoid.
So, from a cybersecurity practice point of view, what we'd normally tell users is don't click on malicious links, which means that you have to check and examine a link before you click it. Don't go, you know, click crazy on links and open every single thing, because that is when you're putting yourself and your organization to risk like this situation. Another thing is to install antivirus and anti-malware software on your endpoint and secure your endpoint because that way, a program that gets installed gets wiped out. Immediately, or you get an alert saying that listen a malicious program has gotten installed your system. The other point is, you must be careful about network traffic. What's going on in the network? Once you're clear about that, then you know that in the event you're communicating with the wrong kind of systems, you can stop that communication. So these are various steps that you take, and which is what is called cyber security, which we will talk about a little more towards the end of this session.
Now let's look at the next thing, which I want you to think about, which is phishing. Now, you have to be careful, and you have to be you must be in a position to spot a phishing email. Now, what is Phishing? Phishing is I'm clicking you into giving me some information. So, for example, I will call you up and say, Hey, listen, I'm the parent of this particular person you know who came in as your patient. Can you please tell me what is the blood pressure reading now, as per law, you're not supposed to reveal that information unless and until I can establish that I'm a person who has been authorized to get that information. So now let's say I trick you into giving it to me. I'll give you false evidence, or you are not able to you are in a hurry doing something else, and you're not able to check my credentials, and you will land up giving the information. Now that is an example of phishing, and it would amount to a disclosure, okay? Now, these kinds of disclosures and these kinds of things, events that take place are called security incidents. So when information is disclosed without authorization, it becomes a second deal. Now imagine this situation in this particular phishing email, if you notice, it says that it is from Microsoft, but the email address is something different. Now, these are signs that somebody is trying to get information from you by clicking you.
So, if you don't look at it properly, you're going to fall prey to this kind of attack. Similarly, I wanted to think in terms of the link. So before clicking anything, just hover over it. Don't click it. So the saying is, hover to discover, just go over the link and you'll find that it is going to hangouts.google.com, whereas the email is from Microsoft. So this, this should kind of, you know, get your antennas up, and you should say, Hey, listen, I think I'm being fished. The other kind of thing to look for is the content of the email itself. So most phishing emails will have what are called they will they'll have a call to action. They'll say, do this. Click this. Do that. Those are all signs. Call me. Send me this information. Those are all signs of phishing. So but most important thing is just look at the anatomy of a phishing email and make sure that you identify a phishing email. You're able to detect it and don't act on phishing emails, or don't act on suspicious emails. This is a legitimate email where you see that all information matches and you are able to correlate the email address with the link URL and stuff.
Quickly, I just want to touch upon the idea of security controls. So there are three aspects you need to think of in when you think of security controls, of prevention, detection and correction. Backups of information is a very, very good example of correction, because it is the capability to respond and recover from a security incident. So backup phi, backup PII, backup critical information. Don't disclose critical information, take steps to prevent the disclosure of critical information. Also detect, be on monitor. Look out where information can leak in my scheme of things, security hygiene. Now it is important that you know, you healthcare professionals. I don't need to say much. So. You need to think in terms of a certain habit. And once you get into that habit, you know, so thought you reap an act, kind of, and you saw an act to reap a habit. So the idea is you need to be in a position to get into a certain routine where you are not likely to get victimized by certain kinds of attacks. So here are some examples. Secure endpoints connect to authorized networks.
These are important things, so don't, don't think in terms of attending to your patient information sitting at Starbucks which has an insecure virus. Be aware. Another thing is, a lot of organizations today are taking care of these small things where, if somebody calls in and says, you know, I'm value calling, you don't repeat that name, you don't repeat the credit card number to check and verify, because somebody who's around you can perhaps collect that information and go against value. Similarly, protect all access using a password. And this point on the right-hand side, second row is very important. Be alert when receiving and responding to calls, emails, messages, social media posts. So don't discuss patients in social media, you know, things like that, because you're likely to you're liable to get into trouble. And even in the medical device, if it is behaving strangely, please call up tech support. Don't just ignore alerts that the device is providing you before I close up for question and answers. What I want to say here is that I quickly want to come up with, you know, this could be very prescriptive. I apologize, but I just wanted to think about these things when it comes to handling PII and or phi.
Balu 37:21
So the thing here is that don't get curious. That's the first point. Mainly.
Balu 37:36
There is also this other point, which I'd like you to keep in the back of your mind. Never send email sensitive PII to personal email accounts. So, for example, it is better to send if Balu is part of a pharmaceutical company or if he's part of a practice. It is better to send information to the official account rather than the personal. So discourage people from sending information to your personal account. Similarly, avoid sending information to people's personal account, send it to their official accounts, and also protect hard copy, sensitive PII. So let us say you are working from home, and there are a lot of paperwork. You know, though you can say, I trust my spouse. I can trust people at home. It is important, from a technical standpoint, that you know, you don't keep things lying around. You make sure that you are protecting sensitive information from your in any place where it is likely to leak or get disclosed. Safeguard the organization's media. So if you have a hard disk, or if you have a USB containing some information, please just don't leave it in the car seat and go away, or just don't leave it on a table lying somewhere. Similarly, when it comes to USBs, please don't get curious to know what is inside a USB, because a lot of man that is propagating using USBs. So if you have a USB, make sure you sanitize it first before you use it. Another thing is to make sure that you mark things correctly so that there is no misuse. And of course, this is cannot be overstated, be alert regarding social engineering and phishing calls. Phishing can take place using messaging, emails calls. So those are things to be watching out for. So if, finally, you must take special steps to dispose of PII. There was one particular, I think, I don't remember the name of the pharma company, but they were just. Disposing of some invoices and those kinds of things in the trash. And they came, they were caught, and they were penalized because they were not following procedures. So you cannot throw away paper in the trash. You'll have to dispose it in the right way, by shredding it and those kinds of things. Similarly with electronic media, make sure you sanitize it. So this is basically what I have for today. So if you have any specific questions, please ask otherwise. I hand it back to
Patagonia Health 40:40
Bulu. Actually, I have a question. So you gave us a lot of really good things to think about, as far as when people are using telehealth to make sure, just like on social media and in pictures and other things, not to have anybody have any information in the background that sensitive patient data that people could see in the video, also just to make sure that we're not within earshot of anybody talking about this protected health information, that when we're on the telehealth calls, nobody's going to hear anything that they shouldn't. But can you talk a little bit more about you said to be careful about the network that you're joining, like obviously being in a Starbucks where people can overhear us talking about patient information would be a bad move. But if people are working remotely. What are the standards or what kind of things should we be considering if we're using telehealth outside of the clinical setting, if we're working remotely somewhere, what kind of things do we need to think about in terms of the network we're joining? Sure.
Balu 41:33
Thank you. Nice question, networking and security around networking is very critical in today's day and age, because every system is network. Now, if you're working from home, the way networking occurs is that you have what is called an Internet service provider who gives you a device that is like a modem or router so that particular network device has software and it can be accessed. The important point is, the minute you receive it and install it, you must change the default settings in terms of password on that particular device. So if you have any kind of networking device at home, ensure that it is not having the default passwords or factory settings, because that way, what happens is any third-party can get to it and change settings. Those kinds of things should be under your control. This is the first and foremost thing when it comes to home networks. The second thing is that be aware of what are devices that you are using to connect. So in the event you are accessing that particular router and you find that there are more devices than you have, then you know there is another person who is using your connection. Now, in the area of wireless, it's a huge problem because you cannot see how many people are accessing your access point. So, it is very critical that you figure out the correct configuration for your access point. Now, the way wireless networks are built is there are several generations of them, and the more modern particular wireless network is, the more secure it is. And what we are interested in when it comes to security or wireless networks, is the protocol that is being used. So I don't want to go into the names of the protocols, but what I wanted to please think about this, find out what is protocol the particular access point, which is a wireless networking device, is using, and make sure that it is using a secure protocol. So these are two things. Another thing is that whenever you connect to a particular network if you don't trust that particular network, wired or wireless, don't engage in transactions that are typical, like, for example, don't get into a bank account using the airport network. That would be normal but at the same time you just want to browse CNN or browse New York Times, that's fine. You can do it from an app, so you must be aware of those things come to mind immediately. We
Patagonia Health 44:40
I also have another question: talking about those other devices, can a wireless keyboard and or a mouse be hacked, or can a wireless printer be used at home?
Balu 44:52
So wireless printers? Yes, because what happens is printers, many printers these days talk out. Into the internet to vendor sites, controlled portals and things like that. So it is possible that a printer can be from an external system, whereas when we think in terms of keyboards and mice, they also can be hacked, but the kind of range that we are talking about is much, much limited, so that way you will not be able to get to it very, very easily, and you cannot do much harm. So it depends upon the kind of device
Patagonia Health 45:42
also talk some about passwords and how important having a good password is to protect your security. How valuable, beyond just traditional passwords, is something like two-factor authentication,
Balu 45:53
Sure, sure. So imagine a situation where you're having a lot, and you have the main door. Now, the main door of a house needs a solid lock, because it is something that is facing outside. So what we say is that devices that are at the periphery of a network, peripheral devices, which are also called perimeter devices, should be protected with very, very strong passwords. When I say very strong passwords, there are two aspects to a password. One is the length of a password, the other is the complexity of a password. So, a strong password is both long and complex. The other aspect is, imagine a lock which is having one very good key versus a lock that is having two separate keys. Now that kind of a combination is much more secure, which is akin to two factor authentication. So two-factor authentication is like having two keys into the same block, and unless you have both, you cannot access or open that system. Now the way it works is, you are a password is some piece of information that is either you know, or something you have it with you, or it is part of you. So, information that you know is like the traditional password and past phrases. Information that you have is like a card a chip, information that is part of you is biomedical. So two factor means they try to use a combination of these three pieces of information to authenticate you. So a two factor authentication would go something like, you enter your password, and then it sends you an email, then you connect the email token from the email and enter the token. Now it has you have entered two pieces of information to identify yourself, which is called two factor, not multi-factor, authentication. And one last thing about two factor authentication is that in the event you're going in for two factor authentication, there are different points of view on it. People are slowly moving to a situation where they are just talking in terms of security tokens, rather than ideas of remembering passport and two FA so there is a shift in the industry where people are talking about a different form of different forms of authentication, so just keep that in the back of your mind, and in the event you need to remember a lot of passwords, because you are dealing with a lot of applications, some people recommend password managers. I'm not going to suggest any password manager view, but think in terms of password. So that is regarding passwords and two-factor authentication.
Patagonia Health 49:11
Great. And have one more question, in terms of telehealth, you had talked about SAS, I asked past and how there are different applications and hardware and software issues and all these things to consider when we're talking about telehealth specifically, and there are different options that people can use. Like, maybe they're using a zoom client, or maybe they're using, you know, an integrated telehealth solution to their EHR perhaps. Like, what are the security things to consider and the different options that there are for using telehealth, like, what are the things to think about in terms of, how can we be the most secure on those applications?
Balu 49:50
Right? So one of the things about application security, particularly, is that you must source your application from a reputable source, and it can take place, and you must use only licensed software. Don't use software. Just download a piece of software and start using try to make sure that you are having a copy that is from an authorized vendor. Similarly, if you're downloading apps and things like that from stores like App Store or Google store or whichever store, you must be aware that there are certain risks associated with downloading and installing them. So be sure that you understand those risks, you are accepting those specific issues. And the most important point regarding application security is make sure that you patch your systems as and when a vendor advisory or an update comes up. So if you are still using Windows 2000, something wrong, you need to upgrade. So, when it comes to applications, make sure that you're using the latest and best versions that the vendor is providing. I hope that answers your question. It
Patagonia Health 51:18
does. Thank you so much. And I think that's all the questions that we had. If you want to just go to the last slide and make sure that I give everybody your information, if you guys would like to reach out to blue, if you have more questions about cybersecurity, or cybersecurity and telehealth, or any of the things that we covered today, you can reach him at blue@samanalytics.com, and if you'd like to go over to their website to learn more about what they do at tam analytics, we've provided their their website address for you. And if you would just like some more information about Patagonia Health and our electronic health record system, our integrated telehealth solutions and the security that we have on our end and our products, you can reach us at Patagonia Health and I hope that everybody enjoyed this great health IT webinar. Thank you again. Bully for coming out and sharing all that information with us today. It was really informative.
Balu 52:14
Thank you so much for having me and wishing everybody a wonderful time.
Patagonia Health 52:19
All right, thanks, guys. Have a great rest of your afternoon.
