Episode 62: The Big Risks For Data Security In Healthcare w. Jason Culotta

Aug 31, 2020

This Episode

Jason Culotta

You Will Learn

– Jason Discusses how Coronavirus has impacted the IT and Cyber world
– Jason explains why physicians should be worried about the security of their information. Patient information, such as a PHI, is very valuable information on something like the dark web.
– Jason Shares stories of clients of his who have been hit with cyber attacks that have put their businesses on hold.\
– Should you use LastPass?

Resources & Links

This week, I am joined by information technology expert, Jason Culotta. Jason and I discuss the importance of cybersecurity in today’s business world. Jason will use real examples from clients to explain the dangers that you can be faced with when your information is hacked. We also discuss some easy tips to keep your information secure as well as how Jason and his team at Encompass defend their clients.

Justin (01:13):
I’m very pleased to be joined today by Jason Culotta. Jason is the director of information technology at encompass healthcare data solutions. And he’s here to talk to me a little bit today about protecting your data, cyber security and these types of considerations, which in the era of coronavirus and more and more decentralized healthcare. It’s a, it’s a big concern for a lot of physicians and practices. So Jason, welcome.

Jason Culotta (01:36):
Thank you. Thank you for having me. Thank you for your time. Just that I really am passionate about this this topic and then just every day of what we do and helping our professionals walk along and the whole cybersecurity journey. So thank you.

Justin (01:52):
Yeah. Tell us a little bit about what you do with encompass.

Jason Culotta (01:55):
So when compass I started as a systems engineer and a systems engineer for who about 24, 25 years. Love to be in the trenches day, right? Love to be turning up as zeros and ones here and there. Did a lot of management for clients over the years and stepped up into the director role and now lead a group of professionals myself, as well as being able to connect with them and lead and guide them in this it journey of ours.

Justin (02:25):
So as a director of information technology, whenever somebody comes to you and says, Jason, we have concerns about our cyber security protocol, or we’re not sure that we’re protected the way that we ought to be. Tell, tell me how that process works when they come to somebody like you.

Jason Culotta (02:40):
So usually when somebody approaches me, the first thing I want to do is put it into layman terms with them to really be able to communicate with them in a sense of that. They, it’s not a foreign language. They understand what I’m talking about and that they can comprehend. And if they don’t to keep speaking into that until they can understand what we’re talking about.

Justin (03:03):
And I’m sure there’s like a wide variety, you know, there’s, I’m sure you’ve probably you help out like a sole practitioner pain doctor with like a medical assistant and an NP all the way up to more. I would call them like institutional, you know, bigger systems and with more robust infrastructure. Tell me a little bit about when you think about cybersecurity, first of all, what are those, those things have in common, the single doctor, as well as the big institution, and then what are some of the key differences that you try to help physicians and, you know, patients and all of the stakeholders. So you try to help help them sort of implement solutions?

Jason Culotta (03:40):
Well, for me the size does not matter the environment there’s not one more important than the other. They’re all the same to me. There are a practice that needs to be running with their infrastructure, which is it nowadays that needs to be protected and that needs to not get in a way of their practice so that they can do what they need to do. And I don’t have to worry about the equipment and behind the black curtain they’re in the closet.

Justin (04:10):
Yeah. I was reading an article in preparation for this call. There was a recent article in medical economics. We’ll link to it in the show notes. So anybody listening, anesthesia success.com/ 62, we’ll have references to all the things we’re going to talk about here today. You know, there will be some good resources you don’t want to check out, but they were talking about just in the era of COVID telemedicine is getting much more popular and tech is being relied upon to a much greater extent. People operating remotely sometimes like employees and physicians using like personal hardware to do things remotely. And it’s creating new vulnerabilities from a cybersecurity standpoint. So maybe take a minute and talk about some of the challenges that you’re seeing right now, maybe a story or two about the era of coronavirus and what does this mean for sort of the it infrastructure?

Jason Culotta (04:58):
Yeah. so that’s our, that’s our struggles. We like to control as an it group. What we can have control of as soon as it’s the BYO D age comes about, that’s when you’re actually supporting everything from a to Z, right? Instead of really being able to control your standards and being able to manage those standards. Of course we would limit ourselves if we just looked at that piece and we could not support outside of that because kind of like a quarterback, you gotta be flexible. You gotta be able to read the defense in a sense of folks are gonna have all different types of devices and situations that they need to connect to their corporate infrastructure to be able to get their work done. So for us, we need to be able to support that, but also recommend, and maybe even at one point, bring them up to speed or bring their equipment into a place that’s a little more secure in as following protocol and just basic it standards and processes.

Justin (06:03):
Yeah. From a data standpoint, we’re talking about this like data protect your data. That’s sort of a, you know, it’s kind of vague. So if I’m a, if I’m a bad actor, I’m a person out there sitting in a dark room and some undisclosed location, who’s trying to get hack into a healthcare system. What, what is in there, what’s in the database of some hospital or some surgery center what’s in there that I’m trying to get and what am I going to do with it, hypothetically.

Jason Culotta (06:28):
Gotcha. So there’s, what’s called Phi public health information. And first of all, usually for the hacker, it’s a, it’s a challenge. It’s like a puzzle. I need to get into the fortress. Right. And that’s where the goal is. And really it is the gold cause on the black market, on the dark web, that goal turns into dollars. And so that patient information, whether they can resell it for identity theft, that can be used it’s your personal information that thereafter, that’s usually what they’re going for,

Justin (07:04):
The personal information, which they then want to monetize. And the danger is that identity theft, you know, linking to my address and social and, and using that to open up, you know, lines of credit and the names of in the case of a physician, all your patients are not going to have potentially like credit cards opened up that are going to not be actually owned by the patient. And that’s that, that’s the downside? What systems are we talking about here? Cause obviously there’s like the EMR where everything lives. As far as the health information, we’ve got email, we’ve got other communication, we’ve got a lot of different software platforms. So there is there one or another of them that you see as like more of a, this one is really a problem. Every time we see an issue it’s like a, this type of issue or that type of this type of vulnerability getting exploited. Is there a particular thing to a common pain point when hackers are trying to access health information?

Jason Culotta (07:55):
Yes. And I’ll give you an example and it still goes on to this day. There’s the basic practices of patching your servers and patching does a great thing. It it closes a wound so to speak so that the hackers cause they’ll exploit, they’ll figure out that weak point, that wound and go for it. And most of the time it’s as simple as just applying these windows and operating system updates. For step one, sometimes it’s setting up multifactor authentication, making it two steps in order to be able to connect. But we had one surgery center that when I was looking through the event logs one day when we had just brought him on boy, I noticed it was just every second in the event, viewer log line that somebody was sending a username and password two of them every second and just 24 seven.

Jason Culotta (08:46):
So that raised my alarm. What they were trying to do is remote in, on port 33 89, which is a known port, which again, hackers that back in the day, it was great. People would remote in on that port. They would go through the door to get into your network and remote into their terminal server and be able to get into their EHR. Well, the bad actors out there know that door. So they exploited. And what we ended up doing was we shut it down and we ended up putting VPN virtual private network connection in place. So it’s a two step process. You connect to the VPN, which connects you to your network and then you’re able to remote it. And that stuff that completely but it was very scary because once you start seeing that and we’ve had another practice that we weren’t taking care of, their it support at the time that on super bowl Sunday one year that’s when they got attacked and the bad actor use that same situation where they exploited a username and password, and then basically encrypt everything, ransomware, all the servers, which were all physical and all the workstations physical.

Jason Culotta (09:57):
So that took them down for at least a couple of weeks. They ended up having to play some, pay some Bitcoin to get their data back so they could keep their business running. I mean, you talking about a multimillion dollar operation. So it was, it was pretty scary.

Jason Culotta (10:34):
Yes. Yeah. And they’re dead in the water at that point now most. Oh yeah. Correct. And what did you go to good old paper? A lot of, a lot of practices. Usually what we work with is we try to have them a backup strategy because technology is great in technology can fail. What are some of the other mediums that we could go to as a backup? Right. so a lot of, a lot of places will go to backup with paper. And what have you still slows things down? We don’t have immediate access to the patient records. They won’t have immediate access to getting x-rays transferred over to the certain systems. And what have you. So you losing a lot of money once that happens.

Justin (11:27):
Yeah. And then it creates this huge backlog of analog data that then needs to be digitized. And so your, your business, your practice is still running at the same pace, but then you need to do this like catch up like three weeks from now after you’ve paid the million dollar Bitcoin ransom. Correct.

Jason Culotta (11:46):
Yeah. You’re paying it both ends, you know when you do have,

Justin (11:50):
Have you you know, I’m curious with the ransomware cases to which you’ve been exposed, do you see that it, and there’s like a pretty famous one with Fitbit, I guess a few weeks ago to where it was, the Fitbit got hit with this ransomware and they were down for a few days. And obviously that’s not medical records in the normal sense, but it’s definitely that personal data and Fitbit was stuck with this same question of, do we wire Bitcoin or, or whatever, or, or do we try to, you know, technologically address this vulnerability? And I think they did end up, I think they officially, they didn’t say that they paid it, but they said we’re up and running now kind of like, don’t, don’t worry about the details. I’m probably a little kind of bachelor, not wanting to admit that they had to pay off the bad actor, but you know, do you see that whenever a ransomware attack happens, do you see that it’s like, there’s an exchange of, you know, funds and then it works, or do you see like sometimes people pay and it doesn’t work? Or how does that usually work?

Jason Culotta (12:50):
So back in the day, you were always told don’t pay, don’t pay, don’t pay, well, put yourself in the shoes of the one, you know, having your practice up and running. All of a sudden it comes to a halt. And you’re like, if I pay, I can keep my practice up. Or if I don’t pay, I don’t have my data anymore. And we’ll go into backups later on. So most people pay these bad actors, great salesman. They got a great business philosophy in business. And what they do is, is the Bitcoin is not that much. You talk in $6,000, 10,000. They’re not going to say a million dollars where you’re like, well, there’s no way we can pay. They make it feasible for you to pay you, pay it. And then why would somebody not give you the encryption key because that’s bad business. And then you’ll talk about it to other people. And then people will go right back to that. Don’t pay them, don’t pay them. So they want business businesses. Good on a bad scale. They want you to pay it that way. They give you the key good business. You’ll tell others, pay it, pay it, pay it.

Justin (13:57):
Yeah. So with the cases you’ve dealed with dealt with, or that you’ve heard about is that kind of the price range, like six to 10 to 20 grand,

Jason Culotta (14:04):
It was with a couple of clients we worked with that’s, that’s what it was. You know, but I guess it depends on the organization. Again, business people, they probably look at the type of business and profile and then figure out what’s a good sales margin.

Justin (14:21):
Yeah. That makes sense. I mean, if it’s like 10 grand, you know, it would, it would probably make sense for somebody to just, if that happens on super bowl Sunday, you should stroke that check at 7:00 AM on Monday morning, just to have it go away. Is that kind of the response that you see that people have or, or how would you counsel someone in that situation?

Jason Culotta (14:40):
Well, and really you want to assess it. It was very easy for this practice to do that because they had no backups, none whatsoever. So they didn’t have a fallback. Usually I mean, in our case here at the company, somebody had clicked on something and it encrypted our files. We didn’t play pay any ransomware or anything like that. We ended up going right to our backups. We were able to restore just fine. So in the case with this other medical practice, if they would have had backups, that would have been a, you know, a possible solution, you, you really wanna go to your backups if you have them as opposed to paying the ransomware, but in their case they didn’t. So it was kinda an easy answer for them to go ahead and pay it, which they did. And they got the encryption key, they got their data back and then they moved on. Of course they cleaned up an aisle five big time,

Justin (15:33):
Right? Yeah, no kidding. Is it ransomware, that’s kind of a biggest fear or are there other types of attacks or other things that are either common or very, very damaging that you see happen that you try to help companies or practices or institutions protect against?

Jason Culotta (15:50):
Yes. fishing’s a big one out there. We see it a lot in our emails. It’s very effective because they keep using it year after year. And in fact, we just had that happen in our company and we do a phishing campaign monthly here where it sends out a fake email and people will get it. If they click on a link, it’ll go to an educational site that they can actually say, [inaudible] you failed a test. But what it does is we just really want it to resignate. So you can get the hair on the back of your neck to go up, go on. Something’s not right here. That’s where we want you to be, because that’s what happened. Basically an email came from our CEO, which it really wasn’t from our CEO to our accountant saying, can you please wire money to this account?

Jason Culotta (16:43):
And they gave a legit account with the routing number and what have you. So of course she engaged, okay, well, what is this for? Et cetera, et cetera, you know, kind of nibbling on the bait. And then at one point, the heroin on a back went up on the back of her neck and then she ended up calling the CEO and he’s like, no, that was not me. We’ve had two clients that, that wasn’t the case they went through with it. And what happens is that these guys are slick. I mean basically they’re having you do the work for them, for them to be able to try to hack into your bank account and make wire funds that’s yeah, that’s too many steps. That’s too much work. So what they try to do is get you to do it. Hey, here’s a legit bank account. Here’s the routing number. Why are everything over there? And as soon as you wire it, you can’t get it back.

Justin (17:33):
Yeah. Yeah. That makes sense. And obviously as a financial professional myself, I we’ve, we’ve been dealing with these a long, long time. And if you know, I was in the industry probably like two months before I received the first email and it’s always, you know, any, you know, any wire, a third party wire, that’s not going to like, Hey, move it from this account, which you can see. And you you’re familiar with, to this other account that you’re also familiar with. As soon as we’re going to some other account number, it’s always pick up the phone and call the client. But it’s, it’s you know, it’s interesting to see that there’s, I guess at the business level, you know, even going after your vendors, your partner, your, your accountant, I mean, somebody had to like figure out who your accountant was and then it’s, it’s makes you kind of scratch your head and say, how, how on earth did they figure that out? And it’s kind of terrifying, but also that’s, I guess just the that’s the day we live in now.

Jason Culotta (18:29):
And a lot of times your website, your website is whatever you put on it. They can usually profile off of that. And just really digging to, to pull that information, to do a nice educated heck, you know, that’ll, that’ll get you right.

Justin (18:46):
That’s crazy to me to think that there’s just people sitting in their mom’s basement somewhere cruising around on websites, like doing this homework, this due diligence to create this attack. But I

Jason Culotta (18:56):
It’s challenges, you know, people love puzzles, people love those type challenges. And this is just a challenge in a digital world bad choices, correct. You know when as you’ve seen a lot of those bad choices end up becoming good choices where they turn and actually make a living and go work for a reputable company, like a pin testing type company where, Hey, you can pay me to hack in and see vulnerabilities of a company that’s that’s when you make a good choice.

Justin (19:28):
Yeah. Right. I’m sure it’s much less lucrative to be a consulting for corporate rather than asking a bunch of doctors for Bitcoin. And so tell us what, what are the other things that you see out there that you, you know, maybe clients, either that you help protect them against, or they come to you with their tail between their legs thinking, Oh my gosh, like one of our, one of our people clicked on this and it blasted out the EMR to the dark web. Like what, what are the, what are the things are you seeing and dealing with?

Jason Culotta (19:59):
Like some of the, some of the pieces that we’ll usually educate against is cause humans are the weakest link and that’s who they’ll go after. Social engineering is, is, is another big piece and has been for years. You know, it’s where basically it’s where a hacker is posing themselves as somebody else. And hacker is basically he’ll call up a company and say, Hey, I’m the HVAC person I need to get into your HVAC system. I’m doing my regular monthly maintenance maintenance. Please give me the username and password and the link to get into it. Because in the IOT things have these days, there’s username and passwords, and they’re usually not changed. They’re usually a set or they come with a default and password. That’s where you saw Oh, a while back where several, several years or so, where there was a big hacking incident where they went after the internet of things, meaning your router, meaning any, any kind of appliances that are on the internet, because as a consumer, you don’t plug it in and want to just plug and play and you don’t want to have to go into the technical aspects to lock the doors, basically changed that username and password.

Jason Culotta (21:14):
So that was easy for them to do. But again, it’s just it’s education, education, education repeating, repeating, repeating, so that there’s just it stays as a glimpse on the radar. And cause we’re all busy, we’re all doing this that it’s easy to hook and bait us. And it’s like, even if you get a little hooked it’s to pull out at a certain point, instead of following through with,

Justin (21:40):
Right. Yeah. I saw it with the social engineering thing. It’s reminding me that there was this thing going around. Maybe you’ve heard about it. It’s not hacking specifically, but it’s there’s been these cases where somebody will call your cell phone and there’s somebody else like screaming in the background. I’m like, I’ve got your sister in the trunk of my car. I need you to download the cash app and send me $5,000 right now. Here’s the username. And I’ve been, this is something that I first heard about like back in March. And I saw again on Twitter the other day and I actually like screenshotted it and forwarded it to my family. I was like, guys, like, you need to know this is happening. Like, if you think that your sister is in the trunk of someone’s car before you wire or use it, download an app and send five grand, like call your sister and just make sure that she’s not just sitting at her desk, you know, doing her job. And that’s, but still that’s very, you can imagine like being that situation and it’s how emotionally distressing and here’s, someone’s screaming. You’re like, Oh, like it’s, you’re not thinking rationally at that point.

Jason Culotta (22:34):
Right. It’s the fear, that’s what they’re preying on. You know, that spirit of fear. And that’s where it really gets us as humans. So it’s trying to step back at that point. And like you’re saying validate some things, first of all, you know, but it’s hard when you’re in the middle of it. Right. You’re just like, I want to help. I need help. I need to save, you know, so, yeah.

Justin (22:56):
Okay. I know that you also mentioned in the email, like change before this call zoom and like securing zoom. So obviously zoom, you know, since January they just had like the golden ticket. They didn’t obviously could not have foreseen coronavirus and I wish I would have bought zoom stuff, and this is not stock advice. So anybody who’s listening to this don’t, you know, not financial advice, but they have just gone through the roof as far as their, their sales and profitability, everything. They’ve also seen some growing pains, right? They’ve they’ve had issues with security. There, there was like, you know, the joke for awhile, it was like, there’d be, you know, a class having a session and then people would zoom bomb or, or whatever. And you know, that, that creates all kinds of problems. Now zoom has iterated and iterated and created the, you know, I need to let you into my zoom room and like click approve and there’s other layers. But as a, as a user of zoom myself, I mean, we’re doing this interview right now on zoom. And I use it with my clients and I’m sure there are some best practices for either for just like teleconference in general or for zoom specifically where we should have some settings or some things to be aware of to make sure that we’re being as secure as we reasonably can.

Jason Culotta (24:04):
Okay. And the nice thing about soon they corrected it. They they hired a security expert to bring in and to really plug and patch the holes. It was nice because in the beginning I was once that started happening, I went away from it, you know, ended up going to teams. And once they put the right person in the place and they started updating and you would see the regular, which still now security patches coming out, my confidence came back. I use both platforms. It’s really nice, but they defaulted a lot of things. They didn’t default in the beginning, like lobbies or waiting rooms. Right. So they’re, they’re, they’re taking action. It’s really true. And up what’s been probably weak in the past because of where we are right now. So,

Justin (24:52):
Right. So in your opinion, now zoom is as secure as it needs to be for, or at least as secure as we can reasonably expect for doing business, or I don’t know, is it, you know, from like a, what about from like a, you know, doing like telemedicine? I I’m sure zoom is not HIPAA compliant, but as far as the HIPAA compliant, like video conferencing platforms out there, are there any other like Achilles heels for these types of platforms or any other unique, you know, problems or challenges in the telemedicine era that you guys have seen?

Jason Culotta (25:24):
Well, actually we, I was talking to one peer of mine that works for a women’s clinic. And they ended up using zoom. Zoom has a business tele-health piece to it. So really but you always want to go with a business grade in a business situation, don’t go with consumer grade in a business platform. There’s reasons and there’s reasons for the price difference. I know we like to not spend as much money on our it, like we supposed to, but really you got to get the right tool for the right situation. And you know, a lot, a lot of the telehealth is bumping up in, up in their game as well, but really it’s to talk with the professionals and make sure that they have a tele-health piece that addresses HIPAA and adjusters, those pieces of that confidential patient information being exchanged over that conferencing. Why?

Justin (26:22):
Yeah. So for a physician or a practice or healthcare institution, there’s sort of different layers of liability. We could call it. There’s like there are different, I should say, different, like different problems that are presented whenever ransomware or whatever, like your data gets stolen. There’s the problem of, I can’t run my business. I can’t see patients. I can’t do the procedures. There’s the problem of all that data is now out there and it’s bad PR. And then there’s the problem of maybe there’s like a class action lawsuit against this or that medical system. That’s like, your employee clicked on that phishing attack. And now the EMR is out there on the dark web. So maybe talk us through those different problems. And how do you see institutions address them when they, when they, when a bad thing happens,

Jason Culotta (27:09):
We try to be preemptive, preemptive, you know, putting your, yeah. Your backups and stuff like that. That’s not always the case. And then these things happen. So with this this mode of go facility, they call this because we had a relationship with them and they’re like, Hey, can you help us out? And it’s like, well, not today. It’s super bowl. No, just kidding. For us is to, it’s like firemen, at that point, you put on your suit, you jump in, you start mitigating. And that’s what we did. And we really helped them out explained to them and really jumped in on how to shut those doors down, put that security infrastructure in place. And even down to the basics of rebuilding the servers and what happened. They had a lot of physical servers at the time. Like you need to move them to a virtual platform, need to move them to where you can get snapshots instead of just file backups. So for us, when a fire is hot and rising, we just go in like firefighters at that point. But then at the end, we back up after that happens, let’s get a plan in place. This is where you’re at. This is where you need to be. Let’s get those steps in place.

Justin (28:23):
So if there’s a data theft, do you have a way to, if XYZ surgery center sees that they’ve been there, they’ve been compromised and they they’re afraid that their patient data is out there. Do you have a way to go out into the dark web and say, Oh yeah, like we found, we found a file for your EMR, that somebody is trying to sell for 4,000 Bitcoin out there and this, you know, URL based in some know wherever it is that looks, it looks like a bad actor that we think that this was, do you have a way to, to sort of see the thing floating around out there?

Jason Culotta (28:54):
Well, there’s actually services out there that will go out and start searching. You know, it’s like a big database and they’ll start searching for credit card numbers, start searching for your your identity, your name, your social security. And they can come up with that information and go, yes, it’s prevalent. It’s out there. So it’s, it’s, it’s quite scary when it gets to that point, because then there’s a whole nother war room. You got to go in and start planning to be able to navigate that. Right.

Justin (29:24):
I’m curious. And I don’t know, to what extent you sort of have visibility to this, but if, if that surgery center that had their EMR compromised and now has it on the dark web, what if their patients I’ll try to Sue them or there’s some legal action that, you know, maybe the surgery center was at fault? Like, have you seen that and kind of what’s at stake in that way?

Jason Culotta (29:44):
I personally, I have not been in the whole legal arena when that’s happened and I, I bet you have some great legal experts out there that, that have really have gotten him to that match, that boxing match that is, that’s a whole nother playing field when that happens. And it’s unfortunate because it gets pricey once you, once you bring in the big guns, no,

Justin (30:10):
That guy sitting in his mom’s basement, laughing with the Bitcoin and his account, it kind of makes me think of I’m diehard for live for your diehard, where they call it the fire sale. I was like, Oh, they’re running the playbook. They take out the telecom and then they, you know, and it’s this systematic, like, you know, cyber attack, which is terrifying in itself, but, well, that’s, that’s it for another episode, is it, what else should someone, a, a physician or a practice owner or a key stakeholder part of the, someone who’s like a decision maker in the tech infrastructure? What, what else should they be aware of as far as doing the due diligence, making sure they have the right people on their team to be able to build things properly, protect themselves, train staff, like, what are the other questions that they should be asking?

Jason Culotta (30:54):
I’ve noticed with a lot of the smaller practices that they don’t have those key people in there. It’s like, Oh, let me just research it. Hey, we’ll get we’ll, we’ll get the business developer or the accountant or the accountant’s son to just come in. They know a little knowledge about it. It’s okay. They can take care of business. If that doesn’t work, there’s a lot of holes that come with that. And then what was your second question?

Justin (31:22):
Just, I guess, what other questions should they be asking as far as creating, you know, a stable tech infrastructure that’s going to be as, as defended as possible.

Jason Culotta (31:33):
Right? Right. And there’s a, there’s a lot of best practices out there. As far as the solid foundation, like I was speaking about earlier, the patching of all your systems, applying patches to your networking equipment, your workstation servers and things like that. Let’s see. Another piece is a security piece for like your workstations. If you have Phi, are you working with Pippa? Are you working in that arena? If so, are you encrypting your data? Cause what everybody’s using now, laptops mobile devices, we need to secure those because inevitably it’s going to get stolen. It’s going to be compromised. And then at that point, they’re going to try to grab data off those those hard drives and those devices, if you gotta have an encrypted, that’s one great layer of protection multi factor authentication with Microsoft three 65. You can easily enable it.

Jason Culotta (32:35):
Where again, it’s, it’s a two step process, you know, in order to get, to get into your email, get into your settings and get into your accounts. You want, it’s like a security guard at the Gates. You want that piece saying, who are you? And just, you know, validating that information before letting you in. We, in our fast paced society, we just want to get in and do our thing. I’m the same way. I just want to get into my thing, but there’s a risk now and you just have to step back and it’s the it’s, it’s the world we live in, take a deep breath and go gas validate me. Okay, thank you. I’m off and running and do my thing. Yeah.

Justin (33:10):
What do you think about softwares like Chrome plugin for last pass or password one or those types of like, I’m going to create a secure password. I’m going to keep it in some secure server and then you have some master password. That’s 37 characters of alphanumeric, special characters that, that is going to create that additional layer of like, it makes your passwords, I guess, more secure just because he used 16 characters instead of eight. Like what do you think about those types of browser plugins and things like that? You have to say, let me start here. Do you use LastPass?

Jason Culotta (33:38):
Yeah, that’s what I was going to say. Yes I do. And I was very apprehensive. I did not want to use it. I’m like, no, I got my notebook. I got all my different passwords. It’s Africa,

Justin (33:48):
All my sticky notes. That’s on the side of my monitor in my mind,

Jason Culotta (33:54):
We embraced it because that’s what we actually help others use. And there’s so many different platforms. Like you said, I love it. First of all, it, it takes that manual piece of the sticky notes. And I mean, we went into one, a potential client at the time and we said, where are you keeping your passwords? And I looked up and they’re a cubicle in their cabinet. And they had a binder that said passwords on it like, Oh, okay. That’s where it says

Justin (34:24):
Something on the spine of that binder, not passwords.

Jason Culotta (34:28):
But again, we just want to do our jobs. I mean, we’re going to try to find the quickest way possible. And that’s where we start being relaxed and we would compromise, but last pass, thumbs up. Love it. I haven’t got my wife on board. She was apprehensive too. And we can really generate passwords that are a little more complex with using those. And you only have to remember one password. And if you don’t remember that one password, then you can’t get to the rest of your pass away. So I gotta keep that one somewhere.

Justin (34:59):
Yeah. I love last past two because I keep other, I keep like my you know, you can keep your passport number in there and credit card numbers and other things that like, I needed to remember this number at some random time, my frequent flyer number for, you know, my like American airlines, PR like all that stuff. And like my Google Gmail reset codes and all the things that like, you need to have a laptop. Like if I didn’t have my laptop or whatever, I’m going through security, this happens all the time. Like when I’m traveling and it’s a TSA and I’m trying to get my little frequent flyer, my fast PA or what do they call it? The pre-check TSA precheck added to my boarding pass. It’s not there. I need to go to the counter and like, Oh my laptop. Like, I know I have it.

Justin (35:40):
I like it. I keep it in my phone on the last pass. I can access my TSA precheck number for my you know, known traveler ID. And it’s, it’s like the perfect catch all for the important things that that you need to be able to access at random times. So anybody out there listening, not using one of these password capture systems last pass is awesome. They have a Chrome plugin, you can generate secure passwords and we get the, we just got the thumbs up from the director of it, of encompass health care, data solutions. So that says something.

Jason Culotta (36:12):
And there’s also one note. I use one note as well, just for my home, but I can also you can password protect the notebook sections. A lot of people don’t know that where that somewhat encrypts that data. So yeah, I mean, all, all possible solutions nowadays are seeming to put that sort of security piece into it. You just have to use it.

Justin (36:36):
Yup. Cool. If any of our listeners, Jason have questions or they want to have you come and try to hack into their system to see how secure it is, or perhaps recommend some solutions, where can they find you?

Jason Culotta (36:47):
Yeah. You can find us easily on the web@encompasshds.com. That’s E N C O M P a S S H D s.com. And again, we have a array of other service services as well. We do credentialing as well as expense management, as well as billing. So we like to we like to have a Ray of services as well as just not it, because usually it’s practices that have it that need other services as well. So if we can fill a need, we love it. That’s our, that’s our passion.

Justin (37:24):
Awesome. Well, Jason, it’s been a pleasure speaking with you today. Thanks for joining us on the anesthesia success podcast.

Jason Culotta (37:30):
You’re awesome. Thanks so much, Jesse. You have a nice day.

Justin (37:35):
If you liked what you heard this week, head on over to anesthesia success.com, where you can find more content and free resources to help you build a successful career in anesthesiology and pain management. If you want to leave a review in iTunes, I would also really appreciate it. Thanks for using some of your valuable time to join me today on the anesthesia success podcast.