The Virtual CISO Podcast
The Virtual CISO Podcast

Episode · 2 weeks ago

How HIPAA Compliant Email is Revolutionizing Healthcare w/ Hoala Greevy


When it comes to healthcare InfoSec, it’s the Wild West. Most healthcare organizations just don’t have the necessary IT budgets to make it a priority.

But it should be a priority. The truth is a large number of hospitals have been targeted by ransomware in the last few years. 

Today’s guest, Hoala Greevy , Founder and CEO at Paubox , shares how his company is arming healthcare organizations with HIPAA-compliant email and APIs in their ongoing battle against cyber threats.

In this episode, we discuss:

- The current state of information security in healthcare

- How Paubox provides HIPAA-compliant email and APIs

- Where security and privacy in healthcare is headed

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here. 

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

You're, listening to the virtual C, sopodcast a frank discussion providing the best information, security, adviceand insights for security, it and business leaders if you're looking forno BS answers to your biggest security questions or simply want to stayinformed and proactive, welcome to the show day there and welcome to yet anotherepisode of the Virtual Seso podcast with you is always your host Johnburyand with me to day is hawala Grevy, Hallo Ha Hola how's it John. How are you today did you? Did you seewhat I did the low? I? No, no O my name not same. Let, as my name as well is now, is that now I know you're,Hawaiian or Hawaiian, you know, or in Hawaii minium ly by any chance. Doesthe fact that your name have those letters in it? Is there anysignificance for that now completely different meeting, just the coincidence,okay, yeah, it's cool! So thanks for thanks for coming on to a lookingforward to this conversation, always like to start super easy, tell us alittle bit about who you are and what is it that you do every day sure I'mthe fonder CEO of POW box. We provide seamless, encrypted compliant email inthe? U S, health care vertical. Our mission is to become the market leaderfor impecuniary in the US. I built the product in Hawaii pulling in alllighter, and I moved the company to San Francisco in two thousand and fifteenfor our launch and since then we over, we have over three thousand payingcustomers all fifty states, twelve countries, team of about fiftyemployees and three distinct producin. So before we get down to business,always asked the question: What what's your drink? A choice? Well,I'm in Hawaii right now, so it's coffee, but if it was later in a day it mightbe to Kila so depends on day all right. So, let's, let's you know, Iwas really interested in having this conversation, because my experience andhealth care is that the information security posture in our health caresystems is not quite what I think it should be. But I was you know anxiousto touch at with somebody like yourself who works in it. Every single day talka little bit about the current state of information, security in health careand whether or not that differs between the larger hospitals that you work withversus you know the smaller medical office programs yeah sure. So among ourthree thousand plus customers, we have a pretty good s, NB segment there anddrilling down into it. I, in my opinion, when it comes to compliance and Infosecstill the wild west. You know some dentists will go. Oh well that doesn'tapply. I don't need to do that. Smaller practices, you go up to the largerpract health care organizations and I guess of mine without any solid data toback it up is their MR deployments have evaporated it budget with nothing? Muchleft, for you know necessary security investments, but to be clear, that'sjust the hypothesis, so whole Industry Neto. I would agree I mean, like youknow. We do a little bit of work in the health care space and the reason it'sonly a little bit is because they really don't have the funding. Itappears to do what they need to do and they know that they're risk. I mean, Ifeel bad for some of the SISOS that I've spoken with because they knowwhere they are and they're just their hands are tied from a financialperspective. I know like even something as simple as investing in a propersecurity risk analysis, which is the first step of being hip a compliantthey're like. Oh, we got this little spread shit and I'm like look. Here'sthe OCR final guidance on risk assessment and they're like yeah yeah.I get it but yeah. I don't have the bucks yeah, as he said, it's requiredby law once a year at a minimum, an annual risk assessment and yeah. Mostof these folks are looking to check the... and invest the least a possible onaverage. Well, I think with, and I think that's what makes you guysvaluable and important to the health care industry right is that you theycan engage with a a single vendor and ittakes a lot of the risk off them. So talk a little bit about like Polo's hipa compliant. What does that mean? What makes you hip a compliant so at a highlevel for hippo compliance when it comes to data, you want to beencrypting did at rest, and you want to be encrypting data in motion, so wefocus on encrypting email data in motion, so I've been doing email for along time. That's my first job out of college. I One thousand nine hundredand ninety nine, so you're doing email. You know twenty two years and it's one of the oldest protocols ofthe Internet, S M tp, if not the oldest and the highest priority of the SMT Pprotocol is message: delivery, that's hard coded in right and a lowerpriority is message encryption. So if the receiving male server is notcapable of accepting a tls connection using starts, this is message:encryption emotion. It will automatically downgrade the connectionto clear text because it has to achieve its highest priority. Getting themessage there. This happens without the end users, knowledge or approval. Imean you can read mail headers and but they can get very confusing. You cansee the proof of the mal heaters, but this is why all the other competitorshave built Portora solutions or apt, because when you have a portal you canforce an https connection and a log in, but the thing that everyone hates right-seven steps. Fifteen minutes just three the message: The experience is evenworse. On a smart phone, I mean it's just terrible, and so what we've done?Because we've been doing this for so long is we just took the message,encryption component of the St Protocol and made it equal in priority tomessage delivery and that that's the break that we've done is re engineeringE S, Mt Protocol without breaking anything and then providing that as aservice for our customers and in health care turns out a lot of stuff. You'reemailing can be construed as protected health information and sensitive data,so the benefit we provide our customers is for flagship product. You set youremail gateway or your smart host, depending if you have an exchangeserver and all out on email gets routed to POW box. So we encrypt every emailfor every sender on every device. No change in behavior. You don't have toremember to type the word en crypt or secure in the subject win or any ofthat crap. It's just totally seemes and we just put a footer on the bottom,letting the recipient know that the center has taken diligence to encryptthe message and luckily for us, it's a head and glove fit with health careyeah. I know it sounds really interesting and I love the idea of thatfriction list, because you know I'm a security guy. I've been doing this along time and I understand the value of of Security Mel, but when it's notimplemented well, I hate it. You know it's such a hassle to deal with, so itsounds like what you're doing I correct my from roll. Is You know, they'rethey're, pointing their male server to you, you're, accepting a tls connectionfrom the mail service, so we know the email stays encrypted it during thatcourse you're encrypting local data and then you're, taking the responsibilityto ensure that, if you're going to deliver an email that is delivered inencrypted fashion on their behalf. Yes, so we for our encrypted email product.We do not allow unencrypted connections from our customers and in fact werequire our customers to establish at least the tls. One point two connection:We also support one point: Three: this is exact guidelines that the NSA'sguidance earlier this year in January...

...and then on the same side, we enforcethe same requirements when we send the email to their intended recipient. Now,if the recipient is not capable of handling a connection that high ordoesn't have tls at all, then we detect that on the fly and upload it to oursecure message center and then send that recipient a link to go and viewthe message now and then there's different levels of security. Ourcustomers can enforce on how much friction they want to impose on thatparticular message to get that gets, delivered and we've. We have two patterns around that, andso you know we're building an eye. People are fully as well yeah. I likethe I like that model you where what you're doing is you're creatingfriction for somebody because of their misgivings about their security posture.It almost incensed them to actually do what they should be doing, which is alow a tales. You know no crypted communication of their mail serverright so and what you do is that your client doesn't feel any pain. Anyfriction. It's just that if they've got people that are not so so that's a nicemodel, yeah you'd be surprised on, ironicallyenough. There's a lot of these email security appliances in the wildBarracoutas, a common offender by default, these appliances ship withouttls, an able and so they're sitting in front of this on Prim Exchange serveror something racked in a data center tls is not enabled. So it's strippingoff any sort of encryption coming in or going out of their exchange server. Alltheir email is flying through the Internet in plain text because of thissecurity appliance that got shipped by default with the thing disabled andthere's quite a few of them out there. So it's not as clear clad as you thinkyeah. It's just another great example of where people get budget to buyproduct. But then they don't get the budget for the training or to keep thetool updated and it's misconfigured and and they're when they've got a fullsense of security, and we see it all the time. So so it's not really thatsurprising to be, unfortunately, yeah so question for you, so you know whenyou think about hippo compliant email. I think the classic case that you thinkof is you protecting your apon communication. You know I'm working ata doctor's office, I'm sending something to somebody and I want tomake sure that I'm being hip O compliant. How is it different if Ihave to worry, if I may, in the medical profession, and someone might besending me Ephi in an email or something of that nature, you know, howdoes your solution handle that that particular use CASS yeah great questionso from a hip up strict interpretation?It's not required that you encrypt incoming communication, but we prideourselves on customer feedback and using it as a rolled map of what tobuild and win, and so enough customers started asking for it. So we rolled itout. So if a complimentary service that provides inbound security, whereby it'sa similar concept, we become the m x record for our customers domain name,therefore, routing all inbound traffic to US- and in this case, if the centeris offering an encrypted connection, will of course encrypted send it alongto our customer, assuming of course it's not a ransom, were fishing etc andwe'll put a little footer at the bottom, letting our customers know that weencrypted that inban email as well so again, not required for hip AP, but alot of people love it and, in addition to that, every paid customer of ours wealso provide them with a secure contact form. It's just the link with somedefault fields. You know you can use to dragon drop a PDF document, for exampleyou hit and we encrypt it to the customer. So another method, ourcustomers can use their patients or you know other doctors in the ecosystem tosend them and crypted email. So that's cool question for you, so so that Ilike what you said where you you have...

...some ability to filter. If you will emails that mightbe malicious in nature, and things of that nature has any one ever requestthat I would think, is there any concept of almost like white listing anemail address? So in other words, let's say that I am a doctor and somebody WHO's. Not My patient sends memedical information before I've gotten. You know, they've become a patientthey've signed all the paperwork. Is there any way to do almost like a whitelisting? If you will of Hey, don't except only accept emails fromcustomers that we know or the inbound emails from customers that we know arealready already a patient of ours. Our system can be configured that way. Idon't know if anyone's using it that way, but it could be done yeah. Thatcan't be because I would seem to make sense to me, because, because I meanlike that, you know that way. You don't ever end up with Phi from somebody thatyou don't intend to have PHI from. I was whar. I was just thinking HealthCareis, the last American business segment to use email. It's just amazingto me. Even to this day, a lot of unanswered questions around using emailand health care, and that's probably one of those yeah. So I know you make a point on thewebsite of that. You Provide Hippo compliant Apis that that piqued, myinterest, who would be using your apis and why sure yeah. So we have a pobog email,API esus way to think of it would be a Hippocampi ant. Sane Group High Trust,certified Sangre, so we have a rest, API, SMT, PAPI and the most common use.Cases Right now are test results, ovid being classic use case. So you can sendthe test result straight to the persons in box. They don't have to log into aportal which data shows ninety three percent of them don't bother to anyway.You can also use it for personalized appointment reminders where human needto insert some Phi to really trigger the reminder, either to not eat beforea surgery or don't miss a certain appointment and then lastly, they'realso using it to send lab test results, which may contain say a PDF document,and that's really neat too, because you can deliver that straight to theirinbox in a compliant manner, without requiring your end users to log in, andyou know, for the boomers up there, they just they have a lot of problemswith tech and rightfully so they never grew up with it right. So, if you candeliver it Straightout in box and be compliant, that's a really good escapethere. Gotcha would that be and, like you know,the API would be being leveraged by like like what, like you know, epic orone of the or serter or one of their HMS. You know s systems. WOULD THAT BE?What would be would be calling your API to deliver the things you talked abouta second ago. We don't have the big ones on it, yetwe're in talks with some larger lab testing. Well, actually, we do havesome lab testing customers- some big ones, but the big E, Mr is not yet butconceptually yes, very much so okay makes it makes, makes total sense. Sohealth care is definitely one of our critical infrastructure agencies and weknow that the government has been very keen on issuing guidance recently. Soyou know up to and including the presidential executive order. ZeroTrust is a is a big topic of conversation where you guys, at from aPOW box perspective with Zero Trust Yeah for sure. So for our inboundsecurity product, which is, I was mentioning earlier again, we valuecustomer feedback, so we started getting customer saying hey. Why didthis get through your system right? So we got enough for these examples on ourhands and I started diving in deeper and what I realized, what they all hadin common was the fishing campaign will sent via American companyinfrastructure right. These bad actors were opening accounts on aws, go daddymale chip, Mal gun, IBM, etcetera and...

...then launching their campaign. So youknow the R bl for the IP reputation check D mark check, DC check. It passesall known, email, security checks, of course, because it's being sent onAmerican company infrastructure, and so what we realized was hey. Thebarbarians are already in the castle. They've already crossed the mode. Weneed to come up with an additional piece of authentication in addition to what'salready out there, and so we created this thing called zero trust email werolled it out a few months ago, and what we're doing is we're focusing onthe multi factor, authentication component of a zero trust, and so inthis case we're requiring additional set of MFA between the male servicethemselves. So the process is invisible to the end user. But what we're sayingis hey. I know you are sending from Amazon ses, but I still don't trust you.I need one more piece of information and that piece of information is customfor each of our customers and it changes over time. So it's verydifficult to impersonate this information because it's it'spersonalized and it changes over time. So we've had some great feedback fromit so far, but you know it's an involving landscape. I mean we are inan unacknowledged war with you know hostile rogue states because at thesame time we were getting these complaints from our customers. You knowI'd be reading articles in the New York Times and Wall Street Journal, sayingRobe nations like China and Russia. They know that the FBI, the NSAetcetera they are not allowed to go and breakinto American companies and surveil their systems. It's considered out ofSCOPE. So that's precisely what they're doing they're setting up accounts onAmerican companies using you know like legitimate credit cards, legitimatebank accounts- and I think there's just so many of them created these companiescan't keep up so pretty hard landscape out there yeah. Iguess I would explain why I think it was yesterday. I saw an article popthat said: Fifty percent of America's hospital systems have been hit byransom where, in the last and period of time I think I think was a year or two,which I found somewhat staggering. Well Yeah I mean Phi data is, is worthmore in the black market. It's definitely a Volera ility and iron frustructure. These folks need a lot of help and you know we're here to do it.It's just an ever evolving landscape and I think the cloud based solution isbest these on premise devices. They can't keep up well, especially becauseI mean again another thing that I read recently, you know I don't know if itwas accurate, not, but somebody asserted that many, if not most healthcare systems, don't have any true information, security person orhospitals. Excuse me: Don't have a true information security person on staff which again see so things are yeah, theC so the CIO and the yeah I wouldn't be surprised yeah,which, which is tacken. I mean, and you know at that point. The idea that you'dhave fifty percent of it by a ransom were makes makes a lot of sense right.So, speaking of, like you know, people ending up on on the bad boys list so tospeak. I know that you have done a lot of work with the the H S. H, h s wallof shame, tell me a little bit about that yeah sure so. Federal law HIPPA,if you have a breach affecting five or hindered or more people, you'reacquired by law, to report it to the H S, health and Human Services withinthirty days, and then I gets posted on this site, which is nicknamed S, wallof shame and so to make it more digestible. Every month we do a powerbox hip a broach report and we just...

...kind of break it down into digestlittle chunks and to take away for the last four years that we've beendoing. It is the tools, common breach, point vectors: IT'S NOT LAPTOPS! It'snot paper, it's not the MR system, it's email and network servers or justservers, and that continues to this year. So, statistically, just using this data, the most likelybreach point is email in health care and I think that would apply probablyacross verticals yeah. So we do that every month yeah. I think I think ifyou know I mean I forget what the exact number is, but a very large percentageof some type of a social engineering, most frequently at least initiative viafishing right yeah password. He sets fishing impersonating, the CEO cf yeahyeah, it's it's ever ever changing yeah business email compromise is definitelya paint point in every in every vertical. So the idea that you wouldsee what you're saying isn't surprising so so question for we recently did somework. Conterai using was our first foray into leveraging some machinelearning to try to move security from a reactive to proactive stance, and itwas, I was pretty promising and really interesting and fun. For me, I wouldimagine you are you know you are processing millions of emails per dayand one of the core tenants of machine learning is having a large enough dataset to train. So it sounds seems to me, like you, have a fantastic dataset formachine learning. Is that something that's on your road map? Yeah? That's agreat east case there and we're currently training our datasets. Now,for those reasons you said John, so access to the data's free, it happens alot and the training set of this component. We're asking our customersdo via robot we've built, so we're collecting data now and then we'regoing to train it, and I'm expecting I'm pretty optimistic about the resultswe'll get so yes, that's definitely something we're already doing, and Isee ai as a pivotal part of our company's future. I think it's clearlythe future in our business that without a doubt, yeah yeah I'll, be I'll, be payingattention to see, see what you guys doing, because that sounds reallyexciting to me and I can see that it would be insanely, potentially insanelyuseful, so your model is really elegant. You know I like the way it works and itwould seem to me that it would work for any other client, not just the folks inhealth care. So I mean have you guys thought about using it outside of thehealth care space so like as an example, the Sivas security maturity modelcertification requirements. You know that encrypted email is a requirementfor a controlled on classified information. It would seem like thatwould be another potential good fit for you guys, yeah. Well, if our customers startasking for it will take, take a strong look at it. So that's kind of how webase our our approach to this stuff right now. Health care has been a wisechoice because, as a start up boiling the ocean probably doesn't work. So you know it's one set of laws. It's onecurrency gets one language from a sales and marketing perspective it. It reallyallows focus- and I mean it's just a huge industry- that's massively underserved, but we do have finance attorneys accountants. We have those customers on our platform,but it wouldn't be obvious to you if you came through a site because our ourlanguage and positioning is health care, but we do have other verticales yeah.It makes it makes a lot of sense to me. So Phi elements of Phi definitely fallinto what we would refer to these days. As personal information has defined byyou know: California, Consumer Privacy Act, you know Virginia's new law GDP.How does Polmak deal with personal...

...information and what what's your plansthere yeah? So for the C CPA, that's the California Consumer Privacy Actthat went into effect earlier this January I check the fine print and whenit comes to Phi, there's an amendment that got put into it that exempts Phifrom the C CPA. So it kind of says: Hey, that's Phi and it stays in hip. Aeverything else under this thing is c CPA. So that's one piece: that'scovered or exempt, there's a similar thing when it comes to the datarequirements around the perper regulation. If there's an overlapbetween furn hip, a hip, opake precedent so kind of a similar stancethere, but you know: Fed Ramp, CPA GDP R, we'll take the same approach. If wesee a pattern amongst our customers or potential customers will go that routeand I think it's a matter of time before we get pulled into it. So then,that's supposed to take customer fee back yeah. Well, I mean you know. Onething is good for you, right is you're already high trust certified, as Iunderstand it, and high trust is a fairly large lift. I mean that's, not athat's, not a certification, it's easy to get so it speaks to you having avery comprehensive security program in plays so getting to c MM C or gettingto an eight hundred, a D N, seventy one or getting to a fed Ram. While it willrequire some effort, it's not going to be some Herculean task because youalready have a very good security program. Yeah shocks. That's preciselywhy we chose high trust enough. Customers were asking for it. So that'swhy we pursued it and not suck to. We just didn't, have a lot of peopleasking for sock to our FREDRO. So that's why we chose that. Definitely ajourney. I lived it. We were the first email encryption company to get it.That was a big lift and I'm happy we did it. It was a tangible road map for us to level upour security posture as a start up, because you know you're building theplan as you fall out of a building the parachute as you fall out of the plane.So I'm grateful for it and I'm hoping you're right when it comes to Fred Ramp.I haven't done a lot of research on on those just yet mainly due, because nota lot of customers asking for it. Yeah the or the one in which you might ifyou're working in at this at the state, local educational level, fed ramp, spunoff. There's a there's, a program called State Ramda, which is forentities that might not be doing work in the federal space, but need to getto a high level at the station. So the states built a program based on Fed Ram,so that'd be another one to kind of throw into the the back of your brainthere that at some point you probably end up stacking on top of the stuffthat you already have. You know when we our first high trust auditor. He took alook at our business and he goes dude in a couple of years. You just going tohave guys like me, coming in your office left and right research of everyday this and that just that would be a sign of success when you got guys likeme, just cycling in and out for all the stuff you got to maintain, and I waslike: Oh okay. Well, you know in a weird way- that's sort. I never thoughtabout that, but in a weird way that's sort of like you know. I know we allbitch about paying taxes, but when your tax book gets really really high,that's not a bad thing right, because I'm easy. I made a lot of money yeah soand the same thing with you right. You know when you're at to station bill,you know, gets to be crazy and you've got fed ramp and you've got eye. So anyou got high trust and you got you know, and then you know cms yeah, that's notnecessarily a bad thing right. You know that that means you got a lot ofclients, they're right, demanding a lot of evidence that you guys are doinggood things so yeah. Those are those are sort of good problems to have rightyeah. Those would be deep mouts for sure those are. Those are tangible,malts yeah, so you spend every day all day and inthe health care space talk a little bit about where you think security inprivacy will go in health care. You know over the next couple of years. Youknow is their light at the end of the... the tunnel for us, because this isyou know at the end of the day, it is like I'm glad to promote your productfor selfish reasons, and the selfish reason is that now I've had my medicalinformation leaked multiple times. People get hurt by bad informationsecurity, so the more folks that are on your platform, the less likely it isthat mine and the other people have listened to data gets out there. Sowhere do you think this is going yeah? So thanks for that question, as itrelates to hip a- I don't think that's going anywhere. So I think that'ssomething you can bank on from a from a business perspective when it comes toprivacy, I think we're going to see more states creating their own one offs,like California, did when it comes to privacy laws and then at some pointsthe feds will step in to create a nation wide privacy act just tosimplify things. However, I think this will take someyears to happen. The big tech monopolies out there will be inclinedto steer their armies of lobbyists to kill such a maneuver and, in the end,what I think will happen is a new privacy. Amendment will be added tohippo and we've seen this in the past before with the Hipocritas Act thatcame into effect in two thousand and three, the High Tech Tack, two thousandand nine and the breach notification rule in two thousand and nine hip byitself was an act in one thousand nine hundred and ninety six. So it seems tobe an evolving piece of legislation and I think they're going to attack on aprivacy act, and you know the monopolies will probably let it throughbecause that's not really their business, but when it comes to privacyin general, for some of them, that's the entire business model. So I'mimagine they'd steer their lobbyists to kill something like that. You know it'sactually interesting. You see diverse activity there, so there was agroup, and I forget it was. It was a group of the big guys it was the GoogleMicrosoft Apple. You know a combination like that that actually lobbied for afederal regulation. They were pushing for it not against it and the reason wewere pushing for it was they didn't want to have to deal with fiftyindependent state regulations. Like I mean I think, they're recognizing likeokay. This happened with you know California, S B. Was it three fourteenright, the you know, the the first of the privacy breach notification, lawsright and then over the course of the next fifteen years. Fifty states endedup launching them right. So I think one of the concerns is that they don't wantto have fifty state privacy laws, and then you know two hundred countryprivacy laws to deal with. So I think in a sense having one national you know, one national private CLO would actuallybe easier for them. So it'll be interesting to see where this goes. Ido think you're right I mean. I do think me on privacy, a privacyamendment on to hippo. I've heard other people talk about that as well, andthat would also get complicated right because, if you're dealing withhypodiapente you're dealing with non Hippadai, now you're navigating UN, yetanother regulation to deal with, so I'm hoping they figure it out, because youknow the that kind of level of complexity isn't good for any of usright it just drives up. Friction drives up cost for all of us right withprobably a minimal actual value. You know to the to the extra dollar spentyeah. I can see our scenario playing out as well. John. In that case, Iwould probably guess the Federal Privacy Act would probably not have alot of teeth in it and provide these monopolies with a lot of outs. Theyprobably push it for that direction. Yeah Oh yeah, yeah, yeah, they yeah. There was a youknow the I heard someone say it was on a moviewhere they said if, if you're not paying for the product, your date isthe product. So yeah these companies, these big guys yeah these big guys donot they don't want to lose their cash cowright. You know that you know we think it. Oh! This is great. I get this emailfor free. I get the SIZZ application for free, no N, not exactly guys yeah.That's the common phrase for VPS right.

It's the VP for the ear ly pro yeah. Unfortunately, I don't think mostpeople realize that all right, so we beat this up pretty good. Did I missanything? Is there anything else that you'd like to cover with regards to thecool stuff that you guys are doing over there pobog? Oh man thanks John Yeah.We're really fired up on email, ai. You know we like to talk to our customers,and one thing we've noticed during the pandemic is they've taken advantage ofa project they've wanted to eliminate for some years and that's getting ridof the facts machine and, if you're, not in health care. This may seembizarre, but it is the default form of communication. It is the dominant formof communication and health care, so they can't ditch the facts numberbecause of the the entities they deal with, but they did go efat right andagain, that's just such a dated thing. But you know people are health. CARE ishealth care, and so what that means is there's more email coming in,especially on the fax side, and what we see is a tremendousopportunity for work for automation, as it relates to email coming into anenterprise, and so we rolled out po box email, AI, it's part of one of ourproduct lines. We've got our first paid customer using it, and this concept ofwork for automation, I think, is really powerful. So we're looking forward tofurther building that out and I really think I'll open up new plates for us toautomate work flows on our cup for our customers in a compliant high trustcertified manner. I think skys a limit on that one. So pretty fight out gotyou so so when you say automation right, so let me take a guess: You're right, afact comes in through the emails and currently what somebody does they getthat email they open it up. They might look at that and then they'll enterdate into some system over here right. Any more is the idea that your ai would be able to look at thatfacts understand what that facts was about extract. Some of that informationand, let's say populate that in the Mr directly for that person yeah, that'sexactly it we'd work with the customer to build a robot to identify a certaintype of email pass. The message in put the data intothe Mr. I mean these folks that do this. They don't like doing it anyway, andit's error. prome. It's rot! It's repetitive! It's a prime candidate forwork for automation, which is a segment of a I right, robotic process,automation or R PA. So there's a lot of work up front, integrating with theparticular Mr. so that's where we're cutting our teeth on now is buildingout functionality, and then you know we can read leverage over. You knoweconomies of scale once we get all this stuff done, but yeah, that's a classicexample and our customers are fired up on this thing. Another one is welearned this during a zoom social mixer, we dide these corporate voice, mailsystems that are sending emails of audio files. If you don't answer yourextension and so they're, terrified of them listening to it in public on theirsmartphone. So what we did is we hooked into NL, P, natural language processingand we transcribe the audio file of that message and we insert the textinto the email. So now they get the email with theattachment still there, but we've inserted the voice male transcriptionand that one's been a home run off the gate, because it lowers the riskprofile of this one particular thing that they need to pay attention to theend: users love it because they don't want to download the attachment anyway,because it takes too long and it's accurate enough, where it's reliable,they just scroll on their phone and read the thing because of course, someof these contained Phi right. So a lot of sensitive stuff coming in thesevoice mills. So that's another exciting...

...use case we've already built. That wasour first robot and disguise the limit man I mean. If we look at our business there isn't anything that happens onour business. That doesn't happen in email receipts in voices, renewals,notification, billing reminders, a lot of this stuff can be automated toa billing system, EDME, etc. I mean skys a limit, dude skies, the limityeah. It makes sense because if you think about it I mean what percentageof people sit all day reacting to. I mean processing, email right. They. Iread an email. I take action based on what's going on in the email, if thataction doesn't require critical thinking right, why couldn't it be? Youknow some level of automation be applied in the enterprise. There's anentire department dedicates this stuff, so you can reassign them. You canshrink them. You can. I mean, there's just all kinds of ways to do it andthese folks don't even like doing the work anyway. This particular work rightbecause it's better suited for a robot. You want to let the humans do thingsthat involve judgment and making decisions on limited sets of data. Thisstuff is perfectly suited for a robot and it all is basically revolvingaround transactional email right. So if we can identify transactional, email ore fax, then we can identify the business processes for our customersthat we can suggest the automate, and if you, Google, the term email ai, Imean John There's not much out there. Man, I mean it's a completely wide open,Linescu here and we're hoping to provide business leadership to furtherdefine what exactly email ai is, and this isn't hype anymore. This may havebeen hype in two thousand and fifteen. This is the real deal and we're alreadydoing it exciting stuff man I'm looking forward to it. So I always ask give mea fictional character or if you like, a real world person who you think wouldmake an amazing, a horrible sea, so in a healthy organization, and why YeahYeah? That's a great woman, Michael Scott, for sure that's a that's a slamdon! Because, let me you know when the Prince of Nigeria emails you asking forhelp. You know you help them. I mean yeah. If anyone doesn't record, if anyonedoesn't recognize the office reference you're no longer allowed to listen tothis podcast, all right anything else. So if folkswant to get in touch with you, what's easiest way to get in touch with you,you know I have a unique name so ho Ala Greevy, you find me on Linkedin twitter,very much opposed anything. FACEBOOK does so. I am not on anything facebookrelated, but definitely on twitter and think ten yeah. Okay, so you didn'treact to my Aloha when we started so I'm going to try one more and I don'tknow how to exactly say it. I probably use it somewhat non contextualize, butI think it's supposed to show appreciation. Mahalo yeah is that theright was second to Mahala, new law. Thank you very much, but yeah my yeahall right. Well, I got half of it, so you got to give it you I get. I getpoints for trying right. Oh lots of points ban for sure hell man! Thank you so much for comingon. I appreciate it best to lock and, like I said, I genuinely appreciatewhat you're doing to protect but to protect all of the people that aregoing to the healthcare providers every day you guys are providing a lot ofvalue right on John Thanks, so follow you've been listening to the virtual C,so podcast, as you probably figured out, we really enjoy information security.So if there's a question we haven't yet answered, or you need some help, youcan reach us at Info at Tibi point security and to ensure you never missan episode to subscribe to the show in your favorite podcast player until nexttime. Let's be careful out there,...

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (69)