Blue Screen of Health
This month’s episode of “News You Can Use” on HealthcareNOWRadio features news from the month of August 2024
The show that gives you a quick insight into the latest news, twists, turns and debacles going on in healthcare withmy friend and co-host Craig Joseph, MD (@CraigJoseph) Chief Medical Officer at Nordic Consulting Partners and myself, where every diagnosis comes with a side of humor. We hope you stay curious, stay engaged, and keep seeking the truth in healthcare in a world that thrives on information.
Buckle up as we dive into the ER of excitement, the ICU of irrationality, and the waiting room of wacky wisdom in this months show that features a review of:
- Crowdstrike and Cybersecurity
- Generative AI and New Use Cases
- Apollo 11 and NASA’s “Failure is not an Option” needed for Healthcare
This week, we’re diving headfirst into the latest healthcare debacles, much like a cat into a box, and talking Cybersecurity. You’ve heard of CrowdStrike, right? Many might not up until about a week ago, but apparently, it’s now common enough to be a verb! “Did you CrowdStrike that email?”—totally a thing. Anyway, this week, a minor glitch in their software caused a massive memory overrun, leading to a blue screen of death (BSOD) apocalypse on millions of machines, including those in healthcare settings. Imagine trying to run a CT scan and getting hit with a BSOD. Not ideal. The takeaway? Update your software and maybe don’t do it on a Friday afternoon. And while on the subject of Cybersecurity – watch out for insider bad actors!
AI’s Got Your Back
Craig goes deep into Chevron and the potential impact to healthcare and likely many other areas of established rules and regulations – suffice to say expect some chaos ahead. And we discuss the world of generative AI and the Vanderbilt University’s brilliant idea to improve doctor-patient communication. Instead of having doctors play 20 Questions with patients, why not let AI handle it? Patients type out their concerns, and AI steps in to ask all the pertinent questions before forwarding it to the doctor. It’s like having an efficient, albeit slightly annoying, personal assistant. This could save time and potentially reduce the number of times you hear, “Did you try turning it off and on again?” but for your health. Genius, right?
Finally, a quick nod to Apollo 11’s anniversary, the need for healthcare to have a “Failure is not an Option” attitude and a delightful memory from the movie “The Dish.” It’s based on the true story of how a small Australian town helped broadcast the moon landing. When prepping for the visit of American dignitaries, they played “Hawaii Five-O” instead of the American National Anthem.
Classic mix-up! If only every healthcare snafu could end on such a humorous note.
And there you have it, folks—a rollercoaster of healthcare hijinks. Until next time, I’m Dr. Nick, and he’s Dr. Craig, reminding you that in the realm of healthcare, expect the unexpected!
We hope you enjoy our take on the latest news and developments in healthcare and want to help you keep untangling the web of information, dodging the sensational pitfalls, and emerging victorious, albeit a little dizzy, on the other side. In the end, the stories we uncover, and the discussions we ignite, all shape the narrative of our shared future. We want to hear from you especially if you have topics covered or questions you’d like answered. You can reach out directly via the contact form on my website, or send a message on LinkedIn to Craig or me.
Until next week keep solving healthcare’s mysteries before they become your emergencies.
Listen live at 4:00 AM, 12:00 Noon or 8:00 PM ET, Monday through Friday for the next week at HealthcareNOW Radio. After that, you can listen on demand (See podcast information below.) Join the conversation on Twitter at #TheIncrementalist.
Listen along on HealthcareNowRadio or on SoundCloud
Raw Transcript
Nick van Terheyden
Welcome to the month of June. I’m Dr. Nick.
Craig Joseph
And I’m Dr. Craig.
Nick van Terheyden
This week we will be dissecting the latest healthcare news, unraveling the twists and turns and making sense of the debacle. Just remember,
Craig Joseph
life’s a lot like a breaking news story unpredictable, often absurd, and occasionally leaves you wondering if it’s all just a cosmic prank.
Nick van Terheyden
This week, we take a look at rings and pediatric patients.
Craig Joseph
And we dive into Chevron and general a generative AI.
Nick van Terheyden
First off this week, let’s have a look at CrowdStrike and cyber security. So CrowdStrike had not heard of that company. By the time I had, say, seven days ago,
Craig Joseph
I did I had heard of CrowdStrike. Some of the work I do involves cybersecurity. And so I was aware of their existence. Absolutely. Yeah,
Nick van Terheyden
no, I was too. It wasn’t a completely unknown to me, and certainly an area that I follow. But I think it’s now part of the general terminology that people use as a method of cursing at others, perhaps are you going to CrowdStrike that? That’s
Craig Joseph
nice. I like that. I feel like that it should become a it’s a verb. Now, maybe it’ll be an adjective at some point. Yeah, it was a it was a little apparently like a little tiny mistake in some, some software. And the good news is that, from a security standpoint, we want everyone to be up to date, you know, that’s one of the major problems is that someone identifies a hole in a computer code somewhere, and that can be can be used for by evil doers. And they say, this is the fix, all you got to do is apply this fix, and then a significant chunk of corporate America or the world does not apply the fix in a timely fashion. So. So we’ve gotten very smart, Dr. Nick, and we started just automatically applying some of these updates. And that’s the good news. And apparently, there’s also bad news. Right?
Nick van Terheyden
And let’s just clarify this for the benefit of everybody listening. In this particular instance, I think the the methodology is such that if you have CrowdStrike installed, I don’t think you get an option to decline. It’s not like the old updates that you get where you can say, oh, no, I’m gonna wait. I mean, like me, I’m probably on two or three versions old of OSX. This is a mandate, it just got pushed out, right? I
Craig Joseph
believe that is the case. And again, that’s not a bug, that’s a feature, right? The The idea is that, hey, we are going to be constantly updating our software, and we will push those updates to you. And you will automatically have the latest and greatest. That’s the pitch to the client, you don’t even have to do anything we’ll just write for you.
Nick van Terheyden
And I think it happens on a daily basis. That’s I was reading the download the study of what had gone on and this is a regular thing. And it was a tiny file. I think it was even a text file. Although it had a sis I think it was a sis suffix. So but it was actually text, it contained a signature or an expected signature. And what I read was because it had been malformed or mis typed or whatever, I don’t know exactly what the details of how that error occurred. It caused a memory overrun, that was the issue. But unlike a Mac, I’m going to say the Windows machines don’t deal with that terribly well. And it’s been a while since I’ve seen a blue screen.
Craig Joseph
We see a lot of them. It’s so much so that I saw several articles using B S O D BSOD, the abbreviation for blue screen of death. And I thought it you know, mainstream kind of newspapers where you don’t normally see that. And one of them actually said said b s o d and then in parentheses it said blue screen. And I’m like, Oh guys, you got it. You forgot to have different parts. But yeah, like there was a I saw a picture of a ticker was a CT scanner with a little Yes, that’s a little above it, which is, you know, apparently has posted the patient name and the study that’s being done and how much radiation the patient is getting and where and how and all that stuff and it was just the blue screen of death. And that’s pretty scary. So
Nick van Terheyden
here we are with, I would say one of the leading cybersecurity companies that you know, is its intent is good, although we’ve seen other instances Whether they’ve been duped and you know, have pushed out things, and not deliberately but you know, there was attempts to influence the content that they’re pushing out in this instance, they pushed it out, there was no nefarious actors. And, you know, that’s all part of the design. But it caused just enormous and I heard this described as the largest, and I know was only 8.5 million machines. But the widespread impact, which I believe you personally, felt, I’ve gotta say, I didn’t I live in a totally Mac universe in this household. So I was totally in Italy.
Craig Joseph
Oh, sure. You’re disparaging me now. That’s fine. That’s fine. I am also an Apple fanboy. But yeah, I was supposed to go on a business trip, it was just an overnight trip. And I fly on Delta Airlines. And then they canceled one of my flights. And so I was not able to go. And so this was a it was also I mean, we talked about health care, obviously. And this affected many, many healthcare systems, many, although for a small amount of time, but still, when the electronic health record goes down. And again, just to be clear, everyone should be everyone that’s having trouble from delta to any other any other company. They’re all pointing their finger at a CrowdStrike, mostly in a little bit at Microsoft. And as well, they should, because it wasn’t the electronic health records software, right, that failed, it was the servers upon which those things run. So how
Nick van Terheyden
do you protect against this? Well, what is the answer?
Craig Joseph
There, well, don’t push out bad code on a Friday afternoon.
Nick van Terheyden
That was the other date selection seriously on a Friday, although it’s a daily thing, perhaps that was a total random, alright,
Craig Joseph
so then don’t push out bad code. You know, the problem. Again, this is a this is the this is the problem we face, right? From a design perspective, it makes complete sense, to keep your software up to date, the cybercriminals are always innovating and changing. And so the defensive software must also constantly be you know, you know, changing and improving and, but, you know, I read that 298 of the Fortune 500 companies, so, three fifths of the Fortune 500, companies run CrowdStrike. And so, which is great if you’re, if you work at CrowdStrike, or yours, your your stock or shareholder and CrowdStrike, but not so great for the economy. And, and so, you know, I don’t know that there’s an easy answer to this and affects everything, again, from airlines, to healthcare systems to, to everyone that’s running a machine. I heard commentator today say we finally had y2k, we never had y2k. In the year 2000. We had it, we had it this week with all those computers going down at once. Certainly, if there were more competitors, this would just mean there would be a smaller footprint for any one cybersecurity company. And so that that might help. I think that we’ve made great improvements and developing software, you know, in terms of how to kind of program it to be more reliable. However, we can see already that we’re moving away from humans creating software to bots, and AI is creating software with humans kind of overseeing. So I’m not sure if that’s good or bad.
Nick van Terheyden
Yeah, I forget where the article was. But I want to say it was a hell of the review of the healthcare organizations, and the ones that did the best, in terms of dealing with this, were the ones that had run scenarios, precisely like this for downtime. So if I was to pull anything from a learning standpoint, what can you do? So, you know, to your point, I don’t think you can switch off these updates, that doesn’t make sense that goes against the sort of principles of this to protect you on an ongoing basis. And, you know, to your point of the CT, why is it on a CT or MRI, I forget, which doesn’t matter. Why is it on that machine? Because those machines are potential targets, you only have to read the story about the attack on a Vegas casino that was started through a goldfish tank and the technology in that goldfish tank. So you know, jump off points in the network, all of that. So you have to protect all of your endpoints and, you know, more and more endpoints there because we connect everything. But the prep work is to actually go through real downtime, you know, and I don’t think that’s just a Paper exercise, you can’t just sort of all sit around and say, Okay, we don’t have the EMR, what are we going to do? You actually have to run this as a real scenario. And I think I talked about this a few months ago when I was part of the activity in the hospital. And, you know, it was there was a lot of learning opportunities in that. And yeah, it was difficult because it was running concurrent with real activity and a busy er and all the rest of it. But I can only imagine that the value of that having it’s muscle memory is my sense of that. So I think, you know, practice that that whole principle and try and sort of establish what could happen. I don’t think I know, this wasn’t on anybody’s bingo card, at least, nobody’s claiming it so far. So you know, what, what they say is that things that haven’t happened before happen all the time. And one of them. Yeah, I forget who says it, but I, whoever it was, well said. So. Alright. So there’s your principles, but from from a security standpoint, and you know, we’ve talked about this at length, let’s just briefly talk about guising as challenge and you know, this one, it just struck me, it’s one of the most difficult areas to sort of focus on from a cybersecurity standpoint, they have essentially accused a former employee of nuance in this particular instance, who was essentially working behind the scenes pulling data and then reselling it, he had all sorts of fake IDs, machines to create them and stuff. So it’s what they call the insider or the insider threat, the insider job. Just truly shocking. And I struggle with understanding why people end up going down this pathway, but I have to believe that’s not what he intended to do when he started work. Somehow, he, you know, could happen to you, right?
Craig Joseph
Well, it’s money, money is the reason and the only reason it can’t bid typically the reason, obviously, I don’t know that in this case, but yeah, this was a contractor. So not even an employee of the health system, but a contractor. And as I think we all know, every complicated endeavor, company, organization, whatever, has an army of behind the scenes, folks that don’t work for them, but work on contracts in certain areas, and just bring their expertise to this little focal area. And and, and so the you know, the risk, is there that someone who has to be given security to do all kinds of things. Does uses that power for no good and it’s hard to find them because they are allowed to be there poking around do things. Mostly, that’s what you’re paying them. Right? How do you police the police? Right? It’s very high,
Nick van Terheyden
the super, super level administrators, and I’m, you know, this, this gets to sort of nuclear technology. And how do you police the Minuteman missiles and to people to independence? And it’s every James Bond story that we’ve ever watched? Or read or whatever? Yeah, no, very, super challenging. All right. So moving on, Chevron, aside from being a gas station, or is it a company I forget? Which? Can you explain it? Yeah.
Craig Joseph
So there was a, first of all, let’s be clear, I’m a physician, not a lawyer. But but there’s there’s a fine line. God, there’s a fine line between both of those. I think we all agree in the United States here, at least. But I’ve been listening some podcasts and reading up a little bit. And basically, I think 4030 3040 years ago, there was a case called Chevron versus someone. And basically, it was it was, it was an argument, it was a argument about who gets to interpret legislation that is passed, laws that are made that are somewhat ambiguous. So the Congress passes a law that says that the Department of Fisheries should be able to ensure that observers make sure that fishing companies aren’t overfishing, right. Something kind of, yeah, it’s really clear to you and me what that means. But then how do we get down to the details? And there’s a term called Chevron deference, which was from this case from I think 30 years ago or so. Chevron deference said, Well, if it’s unclear, but it and if a federal agency and again, under the executive branch, has has said we’re going to interpret it this way. And if that’s a reasonable interpretation, again, reasonable based on what The court things then they went. So if I send so this case was challenged, in fact, by that fishery example that there was a, there was an interpretation by one of the the federal agencies that, in fact, you fishing company have to pay for independent observers to be on your boats to make sure that you’re following all the rules. And Congress never actually said that Congress said that there shouldn’t be observers, and they shouldn’t be under the under the kind of auspices of the government, but not necessarily government employees. Again, I’m oversimplifying it, but you can imagine. So typically, if we were following the the jurisprudence that has been happening in the US for many decades, deference would be given to the federal agency and say, well, that’s a reasonable interpretation of an ambiguous law. It’s Congress can’t possibly legislate for every single possibility. And courts are required to just say, yes, that’s fine. If that’s what the Fish and Wildlife Authority says, then that’s what happens. Well, the Supreme Court overturned that precedents and said no more to Chevron deference and said, in fact, if it’s unclear, then that’s what courts are for. And the courts should make these decisions, not the not a an agency under the auspices of the of the federal government. And so Ron roe. Yeah, so that’s a big win if you own a fishing company, but it’s it throws a wrench into lots of things. So now, if the FDA, now we’re going to come to healthcare, and talk about how this might affect health care, and again, we’re talking about something that just happened a month ago. If I think that the FDA made a mistake in approving a certain medication, because they miss a miss studied it or misinterpreted a study that a third party had done, I can sue the FDA always have been able to sue the FDA. But in the past, my lawsuit would most likely get thrown out because of Chevron deference paths. They say, well, listen, the FDA is the organization and they made a reasonable interpretation of a ambiguous law. And hence, we’re not going to entertain you have no you’re out of here. You can’t you can’t win. Well, now, it’s gonna go to court. And that’s not going to get thrown out. And that question might be is most likely now to be decided not by experts at the FDA. But in fact, by a judge. Now, you can have multiple interpretations of it. It’s a little scary to me, because FDA and DEA and all these other organizations that have three letter acronyms, surely they make mistakes, no question about that. But but they have experts there that are that really understand the big picture and the fine details. And most judges are lawyers, I think they’re all lawyers, who generally don’t have expertise, and then are counting on their judgment based on understanding very complicated things, from expert witnesses on both sides of the issue. So good or bad, it’s going to change a lot of things. And so it’s, it’s a little bit unnerving. When you take kind of a core tenant of how the government’s functioned, and turn it upside down.
Nick van Terheyden
Well, I’m just gonna say, I have heard counter positions, that suggests that, you know, that also opens up the FDA to be able to fight things that you know, have been ruled against them potentially. But you know, generically, I’ve got to say it feels like a bunch of people that don’t have the qualifications or the understanding of the underlying technology, medicine, science, who knows who went to law school, or whatever, are now creating decision so it feels like a lot of chaos. So watch this space, we’ll certainly be watching this space. Moving on. What about the use of Gen I Gen AI focused on creating responses from the doctor you said you saw this as this sounded interesting to me. I mean, let me summarize essentially, you take Jenna AI and instead of responding to patients, questions, you play some interference before they send the question, do a q&a with the patient in the interaction to gather all the necessary information so that what you submit to the physician they can now actually respond with quick answers because they’ve got all the information as opposed to the usual exchange. Well, what about this? Did you ask them Hey, blah, blah, blah? I sounds like a great idea. I gotta say,
Craig Joseph
it’s it was It was eye opening to me a bunch sort of this is an article that came out this month from Vanderbilt University. And yeah, the traditional approach and by traditional I mean, being being done in the last year, right, because we’re talking about generative AI itself. We’re not talking about traditional, it’s like, Oh, back in the day, what do you mean? I mean, 2023, back when we, when we were young and dumb, 2023 back in the day, so, yeah, the idea was, hey, can physicians are being overwhelmed with patient questions being sent in through the patient portal? How can we help physicians? Well, let’s help physicians and so hey, why don’t we draft a response and maybe save the physician some time so that they can just look at that and go, Yeah, that’s a good answer to the question. And hit send, and it goes much faster. The approach at Vanderbilt was the opposite. Really, just like you said, hey, the patient’s about to the patient is about to send a message that says, Hey, Doc, can you prescribe that antibiotic that you that we used before? Because I have another bladder infection? Thanks. Right, that message was about to be sent out. And then the AI kind of intercedes, it was Whoa, whoa, whoa, here’s some things that might help the doctor respond a little bit better, such as, Do you have fever? Do you have back pain? Is there any blood in your urine? Do you know? What was the name of the antibiotic? Do you remember what it was? You know, those kinds of things? Because often what happens is there’s a back and forth. Because you you tell me you have a UTI. And then I have to ask you about the symptoms. And then you tell me you’ve got some symptoms, but it’s still unclear. So I ask you another question. And that’s going back and forth. And wouldn’t it be better if we could try to get most of the answers to the questions right there in the first pass, and then we can determine, you know, very quickly how to deal with this with this issue. And so it’s the first time it seems like an interesting, interesting approach. It’s, it’s not formatted. So it’s not like you go through a list and you pick urinary tract infection, and then goes, Ah, urinary tract infection, let me ask you these five questions. So it’s, it really is kind of a unique approach, and just looking at what you typed, and probably, at this point, not even looking at your history, because that’s still a little complicated for the LLM to do. I
Nick van Terheyden
know, no, I think that’s essentially clever. And what it makes me think is, you know, undiscovered country, we just, we haven’t explored all of the potential and I think that will continue to expand. So a couple of brief items. So on my discovery through physician advisor, sir certification and going through some of the training, I discovered the pediatric care, based on the 2012, this was Medicaid coverage 51% of neonatal stays for children, compared to 26.4, is covered by Medicaid. And it increased over the preceding years, I’m sure continues to, and represents about 59% of all inpatient days for children’s hospitals, which is striking because they pay at about 8080 cents on the dollar, which I’m just gonna say statement of fact, it was a shocker to me. And, you know, I’m, I don’t know, I’d be interested to hear from the listeners, what are your thoughts, what are your things but let’s finish if we may, with Apollo 11, which I think 16th of July was the date that it launched, it comes up every year for me, I was a space now I was reading Dr. Jane, she has to she listened to watch the Twitter feed that essentially recreates it, you know, Twitter, I forget what the name of the handle was, you know, 10 tweet, nine tweet. So, you know, kind of interesting if you could follow it. And, you know, as things happen, and you know, all Paul, but my particular memory of this was from the dish, which is based on a true story, which you know, was the dish that received the transmissions from the actual walk on the moon because it was in Australia and the earth was facing that way. And it starred Sam Neill. And the particular piece that really stood out to me was the preparation that they this small town in Australia made for the visit of the American dignitaries and you know, they were asked to prep the American National Anthem, and they played the Australian National Anthem, which was God Save the Queen at the time and then please remain upstanding for the American National Anthem. And what did we hear? Dad? Yeah, Ah, absolutely priceless Hawaii
Craig Joseph
Five O.
Nick van Terheyden
I, and I cannot establish the true veracity but it doesn’t matter to me. It was fantastic. I’m for it.
Craig Joseph
It’s brilliant.
Nick van Terheyden
It was truly brilliant. We find ourselves at the end of another episode exploring health care’s mysteries before they become your emergencies. Until next time, I’m Dr. Nick. And
Craig Joseph
I’m Dr. Craig.