Rob Sebaugh of SailPoint examines the far-reaching implications of 2024's healthcare cybersecurity crisis, sparked by the Change Healthcare breach. Discover how identity-first security and robust contingency planning can protect healthcare operations while maintaining clinical efficiency in an era of unprecedented cyber threats.
Rob Sebaugh, Identity Strategist, Healthcare Solutions Engineering, Sailpoint
Megan Antonelli, Chief Executive Officer, HealthIMPACT Live
Welcome 0:01 Music. Welcome to Digital Health talks. Each week we meet with healthcare leaders making an immeasurable difference in equity, access and quality. Hear about what tech is worth investing in and what isn't. As we focus on the innovations that deliver. Join Megan Antonelli, Janae sharp and Shahid Shah for a weekly no BS, deep dive on what's really making an impact in healthcare.
Megan Antonelli 0:29 Hi everyone. Welcome to Health Impact, live digital health talks. This is Megan Antonelli. This year, the change healthcare breach sent shockwaves through our industry, exposing critical vulnerabilities in healthcare cybersecurity. Today, we're joined by my friend and health impact partner, Rob Seba, health identity strategist at sailpoint. We're going to examine this watershed moment, talk about all the other things that happened this year and how organizations can protect for this new threat landscape in 2025 Hi, Rob. How are you?
Rob Sebaugh 1:00 Hi, Megan. I'm doing great. Thank you for having me. Yeah, it's
Megan Antonelli 1:05 good to see you. It's been a few months, and it's been a big month for, you know, big few months for healthcare and security, some good, some bad. But tell us a little bit. For those who don't know you, tell us about your background and and what you do there at sailpoint. Yeah,
Rob Sebaugh 1:19 great, yeah. So as Megan said, I'm Rob Siva. I'm the healthcare strategist at sailpoint. My role focuses on really helping healthcare organizations understand what, what an identity program journey looks like, what business values behind that, how we really look at you know that that through the lens of securing an organization, but still also being an enabler to the healthcare industry. There's there's so many interesting complexities in this environment, and so I love getting into the into the details on it all. Prior to working at sailpoint, I led an identity team for well, just the largest provider of government funded health insurance in the United States, so we were responsible for about 20 million lives at the time from a membership perspective. So look, I've seen the lens of the payer, the lens of the provider, the lens of the IT security professional, and there's, there's a lot of work to do, but there's also a lot of exciting things going on as as we, you know, continue to try to improve and protect and not have events like, like we had to change, right? Yeah,
Megan Antonelli 2:30 yeah, no. I mean, I think it's so interesting, and we've talked about it a lot in terms of just how significant that change healthcare breach was. It certainly wasn't the first, and it obviously wasn't the last, but it really did, you know, create shock waves. And, you know, people started paying attention. Why do you think it, you know, it took something that significant to kind of wake everybody up to this issue,
Rob Sebaugh 2:55 yeah, and arguably, wake everybody up again, right? So if you go back about 10 years prior to this event, we had the anthem event, right? And that was almost as big as this one. I mean, scarily close. And then here we are, 10 years later, and you start to go, Hey, what are we getting wrong here? This, this keeps happening, right? But, but just to be Canada a breach at that scale, really, it's hard to ignore. And you know, I want to be I would also just make the statement that, look, I wouldn't, I don't say any of this about change. I don't, I've not worked for change, right? But this is all just kind of through the lens of, hey, what can we learn from it? And, and, you know, I know there's a lot of people that worked very, very hard before, during and after this event. The reality is, the outcome is an estimated 100 million records, you know, breach, right? Those are, those are records on American lives that include both phi and PII and and for those that maybe are unfamiliar, you know, change healthcare operates at that intersection between healthcare and finance, right? So they do a lot of what's called Clearinghouse activities, where we're kind of, you know, pen paying, denying claims right, like, what's going to go through, what's not, what matches, you know, what should be on this, what shouldn't, etc. And there's a lot of work that goes into that, but they work as an intermediary for so many systems. What we saw was this single point of failure and the downstream effect that, you know, happened from it, you know. So I think, I think what we see is this, you know, this interesting curve of as we want to integrate and build our businesses and and grow, right, we've got to be very conscious of the role we play in that supply chain, especially for critical infrastructure like healthcare. And then, you know, you know, not to take a hard turn, but if you really just kind of think about our healthcare industry at large today, you know, things like this just continue to fuel that fire of frustration, and we've seen some very unfortunate events and recent news that you know, I would say is also an attack on the system and. So we continue to see these breaches, and we continue to see disclosures and and so I think there's definitely some some help. And so I think forums like these tend to tend to give us an opportunity to have a voice and start to really have a conversation around what we can do about it.
Megan Antonelli 5:14 Yeah, I mean, that's a really good point. And I mean, you know, it's basically, you know, to some degree, like the healthcare system is under attack, you know, and whether that's by, you know, outside or inside, you know, we've got to figure out how to protect it. And that, you know, I think the recent incident does show that, and I you know, certainly it's, it's tied to some of the vulnerabilities that exist so, but in terms of that, the change healthcare breach, tell me a little bit about, you know, I think it did. It expose sort of specific gaps, you know, as you mentioned, as a sort of this intermediary I, you know, I've heard a little bit about people, you know, in terms of just your partners and and when you're looking at your third party administrators and what you know, what your relationships are with them, and let alone mergers and acquisitions and all of that, tell me a little bit about you know, what you've been seeing with your customers and clients in terms of how they've responded? Yeah. So
Rob Sebaugh 6:13 look third party, what I'll call third party identity is one of the most complex and most complex challenges in healthcare, but it's also one of the most abundant populations. So if you look at coming out of the pandemic, we saw this massive influx in travel, nursing, contracted physicians, then we have to think about all those other functions of our supply chain, like the ability to process a credit card. Well, a hospital system doesn't do that on their own right. They pay a third party to pass that through, and if somehow that third party gets attacked and somebody gets into the hospital system, guess what? You got another door, right? So this third party identity management challenge is just, it's abundant. It's everywhere in our in our industry, and you have to think about things like I always talk about in terms of a life cycle event, right? So when someone joins your organization as an employee, you have the opportunity to go, Okay, I'm gonna do a background check, I'm gonna make sure they're credentialed, I'm going to do all the positive things to bring someone in that I that I'm like, highly confident I could trust right. A non employee doesn't get that necessarily right. They may be on a contract through a third party. You may not even know who they are, but they have an identity in your in your system. And then how do you know that not only did they join? But how do you know if they left that company, and if you've actually disabled that access, right? So when we think about this, this third party component, it gets to be really interesting. Again, in healthcare, specifically, you extend that to all the IoT or, you know, pacemakers and insulin pumps, and the list just goes on and on and on. So, you know, look, we we've really what this, what the change health breach really does is it, it reveals these vulnerabilities. And in this, like it's insufficient vendor management or vendor risk management, we see a lot of legacy systems that still create a lot of risk. We see healthcare in general is lower in the maturity scale. I can tell you when I get the opportunity to speak with a lot of a lot of our customers and a lot of a lot of folks in other security based industries and healthcare specifically, tends to be, you know, we get really high in certain areas, right? We get really good at maybe we're going to govern that phi, because that's what HIPAA says we have to do but we don't put MFA everywhere, which is a basic concept. And if I don't use multi factor on every endpoint, all it takes is one failure in a ransomware event, and I'm owned like, like we saw, right? So, you know, the real gaps are in, you know, things like understanding that that threat footprint, we saw gaps in data, backup and recovery, incident response planning, you know, patient care continuity. Think about all the all the people who couldn't get their prescriptions filled or couldn't, you know, get in to see a doctor like these are big problems. This actually affected patient care, not just the financial book of an organization,
Megan Antonelli 9:24 right, you know, and I think that was one of the big key differences. And we saw it, you know, both from the providers not being able to get paid to the patients not being able to get their medication. So it definitely, you know, sent shock waves from that side of things. And I think the point you bring up around, you know the employees and, you know, travel, nurses and and sort of that the things that we are as a organize, as organizations, are doing to address, you know, resource challenges, whether that's through introducing new technology or introducing new organizations that we contract with, is making it, you know, the. The job of the cyber security professional, much more, much, much more important and much more difficult in terms of that, yeah, like the identity piece, yeah. Tell me about that guy. Yeah.
Rob Sebaugh 10:11 Sorry, I was gonna comment too, because you, yeah, you're like, leading right into it. So we have, we were fortunate enough to have Kevin Mandia, who's the founder of Mandiant and now Google Cloud, CEO of Google Cloud, speak at one of our conferences about a year ago, and he made this comment. He said, Look, the only thing on the other side of when we fail to stop the kill chain, which means, like, we've, we've, we've, we've failed to stop the bad guys from getting in, and they've started executing on ransomware, malware, whatever, the only thing on the other side of that is identity security. And his point was, look, the best you can do at that point is try to reduce the footprint by which they can sprawl, right and and he said, the only other option is to stop credential theft, which is great, but it's really difficult to do with our technologies we have today. And so I want to be clear when we talk about change, I'm not saying these are easy problems to solve, or that every organization has every answer, but what I often see is we fall victim to this like Iron Triangle of project management, where you've got quality in the middle, and you have schedule, scope and budget on the points. And it's like, look, if I want, if I want the schedule to move faster, but I don't increase the budget to scale, or I don't reduce the scope, my quality suffers, right? If I want to reduce the budget, I need to reduce the scope or the schedule, or my quality suffers, right? And so the problem is, I think we're settling too often for that trajectory of of, you know, it's, it's okay, but not better or best, and we've got to really focus on how we be the best, right? In this, in this industry, yeah,
Megan Antonelli 11:57 and it's such, I mean, it's so complicated. I mean, that you know, just that you know, in terms of, you know, and also, we've talked about this a little bit it, you know, the physicians and the clinicians, you know, in that identity, you know, it's like you put two factor. It's annoying, you know. I mean, how many times a day do we have? Yeah, so getting in, you know, where you want to kind of balance that workflow, but you have to protect the data and the systems, and
Rob Sebaugh 12:25 that is that. And look, and I feel like that is a lot of that equation is on me as a practitioner and as a as an identity team. You know, look, traditional InfoSec, identity, traditional cybersecurity, used to be looked at as a sort of back office. It's all ones and zeros. It's black and white, like you get, you know, you get this or you don't, right. Identity is this weird space where, like, we actually have to care about an end user experience, right? We have to care about their feelings. We can't be just another friction point. End users are amazing. They are so good at not only identifying where problems exist in the software. But like finding ways around if they don't like a process, they will find a way around it, even if it means, you know, calling up and creating a fire and whatever. So our job, frankly, is to find better ways to drive a better end user experience. And some of that looks like, hey, think about birthright access if you're going to onboard a new nurse, well, if I know the department she's in, or he or she's in, and I know the the access that they need, I should be able to provision that out of the gate and get them rolling with relative efficiency, without having to wait on a whole bunch of other things to happen. If that same nurse is going to pick up a shift in another department, it should be relatively easy for them to go into a portal, request that access, and they should be able to, you know, in human readable speak, right, in their language, speak, you know, request that access to perform that job. We make all this stuff really difficult sometimes, and it's due to other complexities, right? But I can tell you the as we get better at Data Science as an industry as a whole, from a cyber perspective and from a healthcare perspective like those, that gray area is becoming a lot clearer now on what that's going to look like. So I think there's a lot of a lot of opportunity for us as we move forward.
Megan Antonelli 14:19 Yeah, well, I mean, not, not to say, you know, trying to find the silver lining. We're always trying to find the good, the good points, but in trying to find that, you know, the clinicians and anyone who works in a healthcare system realize how important this stuff is now, right? I mean, at least everybody knows. So there's, you know, in terms of putting those programs in place. You know, even when you're dealing with your vendors, I imagine, you know, for a health system now, they understand that they have to go through these processes of risk assessment and vulnerability assessment. Are you seeing a change in that? Are there, you know, places where, you know, where are you still seeing resistance from staff? Are you seeing. Resistance from from vendors, as as you guide your your clients through these types of processes.
Rob Sebaugh 15:05 No. I mean, look, there's, there's always the challenge of, there's always a discussion of cost. And, you know, we can't just print money, right? Like, I like, organizations don't, especially hospitals, think about the most. Most hospitals are not, not profit, right? I mean, so there, that's a there's a lot of fine lines in all of that, right? So we have to get creative in other ways. You have to look at operational efficiencies and whatever. But the reality is, no one's challenging, or at least at this point, I don't, I don't get the challenges of the validity of cybersecurity, the validity of doing things like risk assessments or, you know, having data recovery processes or an incident response playbook, or an Identity Governance Program like these are all things that you know, actually, you know, it's really helped this, this industry, too, in terms of shaping what some of this looks like from a from a de risking profile, most companies carry cyber insurance policies now, and I can tell you, when I first heard cyber insurance over It's been 15 years ago, I was like, you've got to be kidding me, that's a thing. It's a real thing now, right? I mean, and it's because it's happening so often, but they won't underwrite these policies if you can't show proof of proficiency in these spaces in your InfoSec program, right? If you don't have an Identity Governance Program, your premiums are higher if you don't have Incident Response playbooks, your premiums are higher if you if you can't do business continuity, they're higher or they may not even write you a policy in the first place. And we know that I hate using the statement, but it just continues to be true and true. It's not a matter of if, but when something's going to happen. And we've seen other major organizations get hit this year, and a lot of it boils some of it boils down to some really creative, you know, sophisticated attack, but most of it boils down to common human error and a gap in something as simple as NFA, right? So, so we know that these are board level conversations. Now we know that, you know, the healthcare industry is a it's critical infrastructure, things like change healthcare and this, you know, this situation really sort of showcased, again, that supply chain component. So I don't see organizations arguing about, is there is this valid, or should we do this? It's more the matter of, how on earth are we going to do this? It's a whole lot to pick up, and that's where I think it starts to fall back on us as as you know, vendors and software practitioners and whatever, to start to think about more standardized, more efficient ways of helping attack these problems at large, versus all the decentralized kind of capabilities and tooling that maybe have been available over the last, you know, couple decades. Yeah,
Megan Antonelli 17:45 no, absolutely. And I think, you know, it's sort of, it makes it a non negotiable. It doesn't make it any less, you know, less expensive. Unfortunately, it probably makes a little more expensive. The demand is high, but, you know, it's that important, you know. And then I think about, you know, and that's sort of your internal and your internal governance and making sure your board is on board. But of course, the government has a role to play. They've certainly had, you know, put a lot of guidelines in. I actually saw, you know, in New York, they're, they're requiring that health systems have, you know, CISOs now, right? That's part of, you know, the guidance. I was sort of surprised that they that some don't, but I suppose in smaller rural health systems and things that it's harder to have, you know, a specific person internally for that. So where do you think in terms of as we look to the future, or, you know, even where we stand now, what is the government doing right and what? What more needs to be done? Yeah,
Rob Sebaugh1 18:47 it's a great question. So look, the government plays a crucial role. There's no doubt, when you think about, I mean, even if you just look at NIST as a framework, you know, as a Cyber Framework, or security framework. The that concept has been adopted by, if I'm not the federal guy at my company, but he would say a lot of countries, right? And it's in the 10s, if not more, and they have their own versions of it. But the reason is, it's so rock solid in terms of its framework and approach, and it's something that these these organizations, a hospital, for example, doesn't have to just go create their controls and practice and whatever from scratch. There's government framework driven for it. There's actually specific ones, or the HHS 405, D specific to health care, right? That really helps. We have other compliance and regulatory things, so PCI, and then the list kind of goes on and on. And on, but again, I still think so. So I think what we're what we're getting right is we're talking about it. What we're getting right is we continue to see additional regulation, and I change healthcare. Will, you know, again, what happened here? Will? I'm certain we will see additional rate. Regulation likely coming around that things TBD, right? I mean, we are about to change administration, so we'll see kind of what becomes priority for the new one versus the current one. But you know, again, healthcare, it will continue to be, I think, front and center, like I was kind of alluding to earlier. Though I really feel like we need to standardize on protocols, that unified defense concept, if you will, really a baseline interesting there's an interesting approach going on in Canada right now. Now, obviously that's a government funded health system, right so universal health system, but they have this concept of an our SOC, or regional security operations center, where they're sort of moving all of their security it into a into an operation center that then fundamentally covers that security mechanism for that region, set of hospitals. So something like that sort of breaks down in our model, where we have independent hospitals and independent whatever. But if you really look at the other side of that coin. Arguably, some of the larger EMRs are doing this today where, you know, maybe a rural hospital can't afford, you know, to buy one of them and host one of them themselves. So these more regional hospitals are farming out their capabilities to those rural hospitals so they could use them as part of their patient care practices. So there's, there's interesting things going on in healthcare that give us a lens into maybe what a model might look like that works within the US. But, you know, we continue to fall back to again, like we've got to have cost efficiency, we've got to be proactive, we've got to do, you know, we've got to do these things in a in a best practice way. But again, that decentralized approach, I'm not saying, is wrong. I'm just saying it's, it's, it's another level of, you know, it's another thing to solution for, you know, we have to think through what that looks like. Another thing to put out there is, there's a great concept called Shared signals, that it was developed by some, some Cisco engineers, and now it's kind of getting a it's a current standard. It's a shared, shared signals framework. The general idea is, hey, look, I'm one piece of software. I'm only as good as I can see, but if I can publish and subscribe to events from other softwares, I can use those to make better decisions for my security. So we can sort of level up and say, hey, the collection of these security investments in a healthcare system now has more, more emphasis, more ability to protect because we're communicating, right? So we start to, you know, start to centralize some of that management. And that's really what that's all about. So there's a lot of positive things coming. Yeah,
Megan Antonelli 22:42 no, it is. I mean, the the decentralized system makes it so much more complicated and so much more difficult to kind of manage, and and, you know, and that's not going to change. So how we can kind of, you know, it's like you plug one hole and then it just all keeps coming, right? And I and then I think, you know, obviously a lot of our conversations this year are about, you know, AI. I mean, I read the other day about, you know, sort of the promise of of using AI to help code, and then the vulnerabilities of coming with that. So not only are, you know, the awareness and the understanding is greater, the threats have have increased, but the number of ways to kind of approach it have have changed. So talk to me a little bit about how, you know, in these past, you know, whether it's one year to five years, how kind of the response to these attacks is changing, you know, just the whole industry, but also how healthcare organizations are looking at it,
Rob Sebaugh 23:40 yeah. So I feel like it's a bit of a buzzword, but it's important, we are seeing much more interest in a shift to a zero trust architecture. And so the general idea there is, hey, I'm never going to trust, I'm always going to verify. And that might be that's not necessarily asking a user to enter a password every five seconds, right? There's other there's methods to support this sort of verification, but the goal is to make sure that I am the human on the other end of the thing that I say I am, or I am the machine that I say I am, or whatever it may be, right? So again, you know, we've talked about MFA. AI is an interesting one, because obviously AI can be used for attacks, so we can get a lot more sophisticated, a lot more scaled and whatever. So that certainly increases risk, for sure, but it also is a defense tool. It's a it's our ability to really look for threat detection and anomaly detection and do automated incident response. And, you know, I think the other thing about AI that people get maybe a little confused is we're not always talking about the chat GPT and Google Gemini and Microsoft co pilots of the world, right? Those are horizontal AI. They're very expensive to get into as a software company, and so that's why you see the tech giants have them, right? Really? What? Most security vendors are looking at is what we would call a vertical AI they're looking at going deep in the stack that they support. So from a sale point perspective, it would be identity, right? But it's really understanding what we would call identity context, and how do we use that context to drive a better decision or detect an anomaly or whatever it may be. The same is happening in your endpoint systems. The same is happening, and, you know, whatever right in your security stack. So these, these vertical AI capabilities, are going to afford us a lot of a lot of protection, to be honest with you. But again, to my back to that theme of you know that centralization, we have to have a mechanism to share when we find something so we can take all the proactive steps necessary to reduce or limit when we fail, right? Yeah, trying to think of what else. So, you know, we see, we continue to see enhancements and encryption. We continue to see threat intelligence platforms. So again, trying to look at things at large, I really think again, the big evolutions are. We're talking about this at every level in an organization. Now, there's no question anywhere that cyber is important. It's a matter of right, what can we realistically get to and when and where are those high risk components? And so those are the, those are the conversations that continue to happen, right?
Megan Antonelli 26:23 We're just kind of at this place where the technology is giving us more ability to protect and yet more threats at the same time. And you just hope the good outweighs the bad, right? And so, you know, as we do, we always like to talk about some of the good things, the good things happening in healthcare. As you look to 2025, and think about, you know, sort of look, think back on this year. What are you most excited about? What, you know, what do you think is some of the good stuff that came out of this?
Rob Sebaugh 26:54 You know, look, in absolutely no way, no prep whatsoever, you're the good thing. You're the good thing, right? So this, and I mean this, right? So in previous, and, you know, you go back even just a few years, for me, right? When you're working for an organization and you're, you're in cyber and you're trying to protect your your your health organization, a lot of, a lot of it feels like you're, you're being fired at all day long, right? And it's, so hard to get your head up above water, or whatever analogy you want to use, that getting out into industry and realizing all the conversations going on about it can be challenging, right? What's amazing about this forum is being able to have conversations sitting next to a physician who I have no idea how to do the work that they do. They may not know the work that I do, but we have an intersection, right? We have a reason to communicate and seeing the involvement from both sides, not in a heated way, but in a collaborative way, right? The it's, it's, it's game changing in terms of what we can do. And then as you take those messages again, we start to see all of this, you know, at a board level conversation, it's, no, I don't walk into organizations anymore and hear them go, what on earth is identity like that used to be a thing, right? I don't walk into organizations anymore and go and hear, Oh, yeah, our cyber budget has been cut. 99% of the time. It's something else that's being cut because cyber is so critical to their organization, and it's really, you know, it's a matter of, like, Look, these are, these can be expense based investments, because, you know, we're protecting the the protecting from the inevitable, I guess, to a degree, but, but the, the reality is, you know, what's so refreshing, I guess, is a positive take on all of this. Is it the conversations are happening. It's not it's not just the frustrated engineer who can't make the change that they're passionate about, or the physician that can't get access to something, you know, and frustrated with the tools that it delivers. There is a collaborative conversation going on, and it's got a lot of momentum. So again, I think as we see more developments in AI, more developments in our data science and modeling, more understanding of what these attacks look like, more standardization of protocols, more centralization of that communication, this just gets better and better, right for us as practitioners in cyber but also For any clinical employee or clinical worker at the floor, right? And the patient ultimately at the other side of it? Yeah,
Megan Antonelli 29:26 no, absolutely. And I think, you know, awareness is so much of the vulnerability, right? I mean, in that the mistakes that are often made, which are just people not necessarily being educated on how to protect themselves, and a lot of it, I mean, I've heard you speak about it before in terms of not you know, a lot of that you know, sort of frontline vulnerabilities comes down to educating your people and communicating with them and collaborating across that. So I appreciate that, and I you know, and we've always, we've always covered cybersecurity and covered it as as knowing that it is, is. Know, fundamental to operations. But the interest is so much higher now and and, and understanding where it impacts clinical workflows and operations and and the finances, right? So it really has become, you know, much more of an everything discussion, as opposed to just, you know, over here, speaking of, did you see Julia, the Julia Roberts movie? Leave the world behind. I did not, oh, you have to see it, you know. I mean, not to give it away, but cybersecurity plays a bit of a role there. So
Rob Sebaugh 30:34 I know the movie. I've not watched it, but I do know the movie about now, yeah,
Megan Antonelli 30:38 it's a good one, and they, at some point, the Teslas are all, you know, driving into the highway, because they're all been controlled. So interesting stuff. But it's right, you know, that's, that's, it's way up there. Everybody's talking about it, right? So I appreciate that, and I always, I really love how you always make this just such an accessible topic. And it is an incredibly complicated, difficult thing for people to kind of get their head around, but you do a great job with it. Rob, so thanks so much for joining us and sharing us, sharing with us your your insights. Yeah,
Rob Sebaugh 1 31:09 thank you for the time and as always, thank you for having me. It's been a pleasure absolutely
Megan Antonelli 31:12 well, and we look forward to seeing you in January at health impact. And to everybody else, thanks so much for joining us until Until next time, stay vigilant and keep innovating. This is Megan Antonelli for health impact live and digital health talks.
Thank You 31:28 Thank you for joining us on digital health talks, where we explore the intersection of healthcare and technology with leaders who are transforming patient care. This episode was brought to you by our valued program partners, automation anywhere, revolutionizing healthcare workflows through Intelligent Automation, netera, advancing contactless vital signs, monitoring elite groups delivering strategic healthcare. IT solutions, sell point, securing healthcare, identity management and access governance, your engagement helps drive the future of healthcare innovation. Subscribe to digital health talks on your preferred podcast platform. Share these insights with your network and follow us on LinkedIn for exclusive content and updates. Ready to connect with healthcare technology leaders in person join us at the next health impact event. Visit Health Impact forum.com for date and registration. Until next time this is digital health talks, where change makers come together to fix health care. You.