WEBVTT 1 00:00:07.110 --> 00:00:09.870 Anna Delaney: Hello, and welcome to the ISMG Editors' Panel. I'm 2 00:00:09.870 --> 00:00:12.600 Anna Delaney, and this is a weekly panel discussion where 3 00:00:12.600 --> 00:00:16.860 ISMG editors examine the week's top cybersecurity and technology 4 00:00:16.860 --> 00:00:20.250 news stories. And it's a cozy group today. I'm delighted to be 5 00:00:20.250 --> 00:00:23.730 joined by Tom Field, senior vice president of editorial, and 6 00:00:23.730 --> 00:00:26.310 Marianne Kolbasuk McGee, executive editor for 7 00:00:26.310 --> 00:00:33.720 HealthcareInfoSecurity. Great to see you both. Tom, it's a snowy 8 00:00:33.720 --> 00:00:35.850 backdrop. Is that where you are at the moment? 9 00:00:36.420 --> 00:00:38.100 Tom Field: It's not where I am at the moment. That's where I 10 00:00:38.100 --> 00:00:41.370 left. Winter arrived a little bit early in Maine on Sunday, 11 00:00:41.400 --> 00:00:45.540 Sunday into Monday, the first nine inches of snow, enough to 12 00:00:45.570 --> 00:00:48.060 cancel school and enough to get me out of town a little bit 13 00:00:48.060 --> 00:00:49.500 early to make my trip to Denver. 14 00:00:50.410 --> 00:00:55.630 Anna Delaney: All the snowballs around the city. Very good. Love 15 00:00:55.630 --> 00:00:58.480 it, it's very beautiful, of course. It causes problems, 16 00:00:58.480 --> 00:00:58.930 doesn't it? 17 00:00:59.290 --> 00:01:00.100 Tom Field: Nice to look at. 18 00:01:01.930 --> 00:01:05.170 Anna Delaney: Marianne, that's a lovely Christmassy setting. 19 00:01:06.110 --> 00:01:10.430 Marianne McGee: Yeah, this is a street in our neighborhood. I 20 00:01:10.430 --> 00:01:14.630 was taking the dog for a walk recently, one evening, so it's 21 00:01:14.630 --> 00:01:17.630 nice when you know they have the lights when it gets dark at four 22 00:01:17.630 --> 00:01:18.170 o'clock. 23 00:01:19.220 --> 00:01:21.350 Anna Delaney: Yes. And have you got your lights up yet? 24 00:01:22.130 --> 00:01:23.480 Marianne McGee: Yep. And the tree two. 25 00:01:23.000 --> 00:01:27.620 Anna Delaney: Very good. Love it. Well, I'm sharing a backdrop 26 00:01:27.620 --> 00:01:31.130 from a couple of weeks ago when I was in Lyon at a friend's 27 00:01:31.130 --> 00:01:34.490 wedding. And the picture probably doesn't do the setting 28 00:01:34.490 --> 00:01:37.970 justice. But we were at a lovely farmhouse with a splendid view. 29 00:01:38.450 --> 00:01:41.810 And it was a bit chilly, bit cold outside, but there was much 30 00:01:41.810 --> 00:01:47.000 merriment and cheer inside to keep us warm. So Tom, starting 31 00:01:47.000 --> 00:01:51.050 with you, we did indeed lose a light amongst lights this 32 00:01:51.050 --> 00:01:55.670 weekend, Steve Katz - the world's first CISO. And from 33 00:01:55.670 --> 00:01:59.570 what I read, he was really a remarkable man. Marianne, you 34 00:01:59.600 --> 00:02:02.660 wrote a beautiful tribute to him yesterday. But Tom, you did know 35 00:02:02.660 --> 00:02:05.060 him personally. So how do you remember him? 36 00:02:05.000 --> 00:02:09.230 Anna Delaney: And a good humor as well, which has come up. I 37 00:02:05.040 --> 00:02:08.337 Tom Field: Oh, I remember in so many ways. When I first started 38 00:02:08.400 --> 00:02:12.204 working at ISMG, some 17 years ago, one of the first calls I 39 00:02:09.230 --> 00:03:38.270 saw once he said that one of the most memorable phrases was, " I 40 00:02:12.268 --> 00:02:16.135 made was to Steve Katz to catch up on some of the topics that 41 00:02:16.199 --> 00:02:19.876 were hot, to hear some of the resources I should tap into, 42 00:02:19.940 --> 00:02:23.617 people I should talk to. And from day one, he was generous 43 00:02:23.680 --> 00:02:27.802 with his time, was generous with his insight. I remember him as a 44 00:02:27.865 --> 00:02:31.416 pioneer because he was the world's first CSO, I remember 45 00:02:31.479 --> 00:02:35.283 him as a visionary, because he was out there championing the 46 00:02:35.347 --> 00:02:38.897 notion of CISOs as business leaders, as well as security 47 00:02:38.961 --> 00:02:42.512 leaders long before many people were talking about it. I 48 00:02:42.575 --> 00:02:46.062 remember him as a mentor. There's an entire generation, 49 00:02:46.126 --> 00:02:50.120 maybe a couple of generations of security leaders, that oh, the 50 00:02:50.183 --> 00:02:53.988 starts to their careers, to Steve Katz and the generosity of 51 00:02:54.051 --> 00:02:57.538 his time and his wisdom. I remember him certainly, as a 52 00:02:57.602 --> 00:03:01.596 dedicated family man, I believe he had 13 grandchildren at last 53 00:03:01.660 --> 00:03:05.591 count, loved his family and was dedicated espouse the value of 54 00:03:05.654 --> 00:03:09.078 finding time for your family amidst all these business 55 00:03:09.141 --> 00:03:13.136 demands. And I remember him as a friend, was always happy to be 56 00:03:13.199 --> 00:03:17.067 seen at our events and to meet at conferences and roundtables 57 00:03:17.130 --> 00:03:20.618 and at RSA Conference. He had every right to be full of 58 00:03:20.681 --> 00:03:24.358 himself. And he never was, he was full of other people and 59 00:03:24.422 --> 00:03:28.290 made time for other people. That's what I remember about him. 60 00:03:38.270 --> 00:03:40.760 sleep like a baby. I cry every two hours." 61 00:03:40.000 --> 00:03:44.410 Tom Field: You know, I asked him once what his advice was for the 62 00:03:44.410 --> 00:03:50.200 next generation of security leaders. And he told me pray. I 63 00:03:50.200 --> 00:03:52.330 think that was probably the last time I spoke to him. Actually, I 64 00:03:52.330 --> 00:03:57.820 met him last at RSA Conference 2020, it was just before the 65 00:03:57.820 --> 00:04:01.180 pandemic shut everything down. And he was out there and we 66 00:04:01.180 --> 00:04:03.580 spent time in the studio and I sat down to talk with him 67 00:04:03.580 --> 00:04:07.390 specifically about his advice for the next and the up and 68 00:04:07.390 --> 00:04:10.780 coming generation of security leaders. And I did ask him a 69 00:04:10.780 --> 00:04:15.160 question about the technologies that most caught his fancy. And 70 00:04:15.160 --> 00:04:18.160 I'd like to share with you if you don't mind, part of his 71 00:04:18.160 --> 00:04:23.410 response, because here he was in 2020, saying things about AI, 72 00:04:23.680 --> 00:04:27.100 that people in 2023 are only starting to say so. If I may, I 73 00:04:27.100 --> 00:04:29.050 want to share a little bit of our last conversation. 74 00:04:29.600 --> 00:04:32.270 Steve Katz: But if I was starting today, I would be 75 00:04:32.270 --> 00:04:36.590 looking at how the heck can I effectively incorporate AI and 76 00:04:36.590 --> 00:04:42.080 ML to my entire cyber risk space. Most companies are 77 00:04:42.080 --> 00:04:45.770 bringing in two, three or four data feeds and number of threat 78 00:04:45.770 --> 00:04:49.040 hunters. And then they try to figure out what to do with it. 79 00:04:49.190 --> 00:04:53.390 If we are able to take those data feeds, plus feeds my own 80 00:04:53.390 --> 00:04:55.970 internal operation, my own infrastructure, my own 81 00:04:55.970 --> 00:05:00.710 vulnerability assessments, and use AI and ML and get daily 82 00:05:00.800 --> 00:05:03.860 analytics, coming out saying, here's what we really need to be 83 00:05:03.860 --> 00:05:09.020 concerned about, the little bits and pieces of this but not 84 00:05:09.020 --> 00:05:14.090 enough to make enough sense. I really think the future of what 85 00:05:14.090 --> 00:05:19.460 we're doing if we one have a slight chance of catching up is 86 00:05:19.460 --> 00:05:22.910 to use artificial intelligence. And suddenly that can be a 87 00:05:22.910 --> 00:05:25.760 little hairy to try to find that whatever that is, but find 88 00:05:25.760 --> 00:05:29.870 enough artificial intelligence combined with ML to bring in as 89 00:05:29.870 --> 00:05:32.420 much data points and many data points as I can. 90 00:05:32.990 --> 00:05:34.640 Tom Field: Isn't he talking about what we're all talking 91 00:05:34.640 --> 00:05:35.240 about today? 92 00:05:36.170 --> 00:05:39.620 Anna Delaney: Yes, absolutely. And ISMG made a short video 93 00:05:39.620 --> 00:05:42.020 tribute to him. And it was amazing talking with everybody 94 00:05:42.020 --> 00:05:46.880 on the video, their faces seemed to light up, just talking about 95 00:05:46.880 --> 00:05:47.180 him. 96 00:05:47.690 --> 00:05:50.030 Tom Field: You always felt better when Steve Katz was in 97 00:05:50.030 --> 00:05:50.420 the room. 98 00:05:51.170 --> 00:05:53.720 Marianne McGee: I only met him once in person at one of the 99 00:05:53.960 --> 00:05:57.770 early healthcare summits that we had. But, you know, during the 100 00:05:57.770 --> 00:06:01.190 reporting yesterday, Anna, what I kept seeing over and over 101 00:06:01.190 --> 00:06:05.300 again, how generous he was with his personal time and helping 102 00:06:05.300 --> 00:06:08.060 people. You know, even when it had nothing to do with, you 103 00:06:08.060 --> 00:06:10.550 know, the job at hand, he was always willing to kind of jump 104 00:06:10.550 --> 00:06:14.930 in and help people out. So you know, he was much beloved, and 105 00:06:14.930 --> 00:06:17.120 I'm sure he'll be very missed by everyone who knew him. 106 00:06:18.290 --> 00:06:21.110 Anna Delaney: Very much. So remembering the luminary that 107 00:06:21.110 --> 00:06:27.140 was Steve Katz. We thank him for his work. So Marianne, health 108 00:06:27.230 --> 00:06:31.250 breaches of 2023, there have been so many. You have been kept 109 00:06:31.250 --> 00:06:34.610 very, very busy. So we're in the last month of the year, what are 110 00:06:34.610 --> 00:06:37.670 the most significant health data breach trends you've observed 111 00:06:37.670 --> 00:06:38.180 this year? 112 00:06:39.500 --> 00:06:42.560 Marianne McGee: Well, I have been sort of starting some of 113 00:06:42.560 --> 00:06:48.410 the number crunching for 2023. And some of the trends that are 114 00:06:48.410 --> 00:06:51.110 emerging, you know, they're not really big surprises. But when 115 00:06:51.110 --> 00:06:53.270 you start looking at the numbers, they are, you know, 116 00:06:53.270 --> 00:06:58.670 sort of startling, and that includes eye-popping numbers in 117 00:06:58.670 --> 00:07:01.640 terms of hacking incidents that were reported to federal 118 00:07:01.640 --> 00:07:06.260 regulators so far this year. Now, with less than a month left 119 00:07:06.260 --> 00:07:11.570 in 2023. It appears that hacking incidents were responsible for a 120 00:07:11.570 --> 00:07:22.730 whopping 92% of the nearly 106.5 million of the 115 million 121 00:07:22.730 --> 00:07:26.330 people that were affected by all major health data breaches so 122 00:07:26.330 --> 00:07:30.320 far are posted on the Department of Health and Human Services, so 123 00:07:30.320 --> 00:07:33.860 called Wall of Shame website that lists major health data 124 00:07:33.860 --> 00:07:40.730 breaches. And of those 624 major breaches posted on the HHS 125 00:07:40.730 --> 00:07:46.130 website so far, as of today, 80%, or about 490 of them were 126 00:07:46.130 --> 00:07:52.370 hacking incidents. But in comparison to last year, the HHS 127 00:07:52.400 --> 00:07:59.210 site, showed a total of 720 major breaches affecting 56.5 128 00:07:59.240 --> 00:08:04.940 million people. So already in 2023, there are more than double 129 00:08:05.030 --> 00:08:08.690 the number of people affected this year by health data 130 00:08:08.690 --> 00:08:13.220 breaches in the healthcare sector versus last year. Now, 131 00:08:13.520 --> 00:08:17.900 the top hacking culprits are not surprises. But you know, it is 132 00:08:17.900 --> 00:08:22.250 disturbing. Again, they continue to be ransomware attacks, such 133 00:08:22.250 --> 00:08:26.660 as encryption and/or data exfiltration. But also this 134 00:08:26.660 --> 00:08:31.430 year, a wave of incidents involving vulnerability 135 00:08:31.430 --> 00:08:35.600 exploitations, you know, most notably, MOVEit and then 136 00:08:35.600 --> 00:08:40.370 GoAnywhere. Now, overall business associates or the third 137 00:08:40.370 --> 00:08:45.440 parties were involved in 242 major health data breaches so 138 00:08:45.440 --> 00:08:50.570 far this year that affected about 77 million people. And 139 00:08:50.600 --> 00:08:54.110 those data breaches involving business associates are eight of 140 00:08:54.110 --> 00:08:57.590 the 10 largest health data breaches that alone affected 141 00:08:57.590 --> 00:09:05.120 more than 50 million people. So as of now, of the health data 142 00:09:05.120 --> 00:09:10.880 breaches reported by business associates, 201 of those were 143 00:09:10.880 --> 00:09:15.530 hacking incidents involving vendors. What's also noteworthy 144 00:09:15.530 --> 00:09:20.720 is that the second most common type of data breach reported or 145 00:09:20.810 --> 00:09:23.720 unauthorized access or disclosure incidents. Now, 146 00:09:23.810 --> 00:09:27.530 typically, those could be, you know, insider sort of things 147 00:09:27.530 --> 00:09:31.010 where somebody emails the wrong information to somebody, you 148 00:09:31.010 --> 00:09:34.190 know, those sorts of things. But when you start digging into what 149 00:09:34.190 --> 00:09:37.610 happened with some of these incidents that are reported as 150 00:09:37.610 --> 00:09:41.120 unauthorized access or disclosure incidents, they're 151 00:09:41.120 --> 00:09:45.650 actually hacking incidents. And there are about 118 such 152 00:09:45.680 --> 00:09:50.780 breaches reported so far to HHS this year, affecting about 8.5 153 00:09:50.780 --> 00:09:53.660 million people that are unauthorized access to 154 00:09:53.660 --> 00:09:58.760 disclosures. Now the largest of those breaches, again, it's more 155 00:09:58.760 --> 00:10:01.760 of a hacking incident than It is an unauthorized access or 156 00:10:01.760 --> 00:10:06.680 disclosure breach. That largest breach was reported by a health 157 00:10:06.680 --> 00:10:11.750 plan in Ohio called CareSource. It affected 3.2 million people 158 00:10:11.750 --> 00:10:16.280 and it involved exploitation of the MOVEit vulnerability. So 159 00:10:16.310 --> 00:10:19.160 when you start, you know, shaking things down and start 160 00:10:19.160 --> 00:10:22.070 looking at what's happening, some of the top lessons that are 161 00:10:22.070 --> 00:10:26.360 emerging are from hacking incidents because the business 162 00:10:26.360 --> 00:10:30.320 associates have also been involved with that. And there is 163 00:10:30.440 --> 00:10:35.780 this urgent need for entities to become more proactive in their 164 00:10:35.780 --> 00:10:39.890 path patch management and their software updates. And that 165 00:10:39.890 --> 00:10:43.670 brings me to another important year and reminder for healthcare 166 00:10:43.670 --> 00:10:47.810 sector entities, especially hospitals regarding the Citrix 167 00:10:47.840 --> 00:10:52.940 Bleed vulnerability that affects certain Citrix and NetScaler ADC 168 00:10:52.940 --> 00:10:57.980 and Gateway devices. In recent days, HHS, as well as the 169 00:10:57.980 --> 00:11:02.480 American Hospital Association, have issued urgent warnings 170 00:11:02.540 --> 00:11:07.010 about ransomware attacks involving active exploitation of 171 00:11:07.010 --> 00:11:11.300 the Citrix Bleed vulnerability, and they're urging hospitals and 172 00:11:11.300 --> 00:11:15.710 other healthcare sector entities to follow Citrix's guidance to 173 00:11:15.740 --> 00:11:19.280 upgrade their devices and to remove any active or persistent 174 00:11:19.310 --> 00:11:24.590 sessions with specific commands that Citrix is providing. It's 175 00:11:24.620 --> 00:11:27.650 suspected, but it's not confirmed that a few of the 176 00:11:27.650 --> 00:11:30.980 recent ransomware attacks we've seen on hospital chains in the 177 00:11:30.980 --> 00:11:35.930 U.S. in the last couple of weeks involved exploitation of Citrix 178 00:11:35.930 --> 00:11:41.120 Bleed. And HHS in its warning said it strongly encourages 179 00:11:41.120 --> 00:11:45.980 users and administrators to review their Citrix recommended 180 00:11:46.010 --> 00:11:50.420 actions and to upgrade their devices in order to prevent 181 00:11:50.450 --> 00:11:54.890 serious damage to the healthcare and public health sector. So I 182 00:11:54.890 --> 00:11:57.260 think they're kind of worried about a trickle down effect, you 183 00:11:57.260 --> 00:12:00.650 know, one entity affecting another entity, because perhaps, 184 00:12:00.860 --> 00:12:04.040 you know, that entity gets hit with a ransomware attack 185 00:12:04.040 --> 00:12:07.160 involving Citrix and their systems go down. And then you 186 00:12:07.160 --> 00:12:10.580 have other entities not only affected from an IT perspective 187 00:12:10.580 --> 00:12:15.650 of maybe supply chain, maybe the ability to respond to patient 188 00:12:15.680 --> 00:12:19.640 needs, and all those sorts of, you know, collateral damage that 189 00:12:19.640 --> 00:12:22.460 we often see in the ransomware attacks. So, you know, 190 00:12:22.460 --> 00:12:24.740 interesting year and disturbing too. 191 00:12:25.610 --> 00:12:28.280 Anna Delaney: Troubling trends. So have certain types of 192 00:12:28.310 --> 00:12:31.430 healthcare organizations or entities been more frequently 193 00:12:31.430 --> 00:12:32.480 targeted this year. 194 00:12:32.000 --> 00:12:36.560 Marianne McGee: You know, usually it's sort of the same 195 00:12:36.560 --> 00:12:40.100 where you see a big, you know, a mix of some of the specialty 196 00:12:41.450 --> 00:12:45.500 group practices, you know, there's a big surgery practice 197 00:12:45.500 --> 00:12:50.180 that was recently hit, there is an imaging system chain that was 198 00:12:50.180 --> 00:12:54.620 recently hit. But lately, it's been the hospital chains, you 199 00:12:54.620 --> 00:12:58.370 know, regional hospital chains, where you have like, three or 200 00:12:58.370 --> 00:13:03.740 four related hospitals, either in a specific region, or kind of 201 00:13:03.740 --> 00:13:06.560 scattered around the country where there is not that many 202 00:13:06.560 --> 00:13:10.280 hospitals in that region. So, yeah, they seem to be going 203 00:13:10.280 --> 00:13:12.800 after the hospital chains. That's what I see. 204 00:13:13.340 --> 00:13:15.290 Tom Field: Makes you long for the days of lost and stolen 205 00:13:15.290 --> 00:13:15.950 devices. 206 00:13:17.690 --> 00:13:21.350 Marianne McGee: Right. So again, you know, we're all so used to 207 00:13:21.350 --> 00:13:25.010 hearing about hacking incidents, and you hear about, oh, 92% of 208 00:13:25.010 --> 00:13:27.440 the people are affected by health data breaches, you know, 209 00:13:27.440 --> 00:13:30.950 were victims of hacking incidents, it sounds okay. But 210 00:13:30.950 --> 00:13:34.100 if you compare it to years ago, where again, you know, the lost 211 00:13:34.100 --> 00:13:39.200 or stolen unencrypted laptop was 92% of why people got, you know, 212 00:13:39.620 --> 00:13:42.230 their data compromised, it's a big difference. 213 00:13:43.700 --> 00:13:46.670 Anna Delaney: You look a lot at patient privacy as well. So are 214 00:13:46.670 --> 00:13:49.730 there any emerging threats, or risks to patient privacy that 215 00:13:49.730 --> 00:13:52.220 have become more prominent this year? Do you think, Marianne? 216 00:13:52.200 --> 00:13:55.299 Marianne McGee: Yeah, you know, I think the hot subject and, you 217 00:13:55.364 --> 00:13:59.368 know, it's kind of hasn't really cooled down, but for a while, 218 00:13:59.433 --> 00:14:03.566 there was a big flurry of these sorts of incidents involving web 219 00:14:03.631 --> 00:14:07.635 trackers, like Pixel, you know, from Meta, and then, you know, 220 00:14:07.699 --> 00:14:11.445 Google Analytics, embedded in patient portals and hospital 221 00:14:11.510 --> 00:14:15.062 websites that, you know, collect IP addresses and other 222 00:14:15.126 --> 00:14:19.066 information about patients and they send it to third parties, 223 00:14:19.130 --> 00:14:23.005 you know, either for marketing or advertising. And then, you 224 00:14:23.070 --> 00:14:26.880 know, perhaps for other purposes that are not, you know, as 225 00:14:26.945 --> 00:14:30.432 widely talked about, but are kind of feared, you know, 226 00:14:30.497 --> 00:14:34.049 enforcement of, you know, the outlawing of abortions in 227 00:14:34.113 --> 00:14:38.247 certain states, you know, where did this person get their health 228 00:14:38.311 --> 00:14:42.186 care? Where did they wind up, you know, going, you know, who 229 00:14:42.251 --> 00:14:46.384 was the doctor, I don't know if that's really happening yet, but 230 00:14:46.449 --> 00:14:50.259 that's the fear. So you know, that's a privacy concern in a 231 00:14:50.324 --> 00:14:50.970 major way. 232 00:14:52.500 --> 00:14:54.210 Anna Delaney: What about next year, are there any trends on 233 00:14:54.210 --> 00:14:57.000 the horizon developments on the horizon that might impact the 234 00:14:57.000 --> 00:14:57.690 landscape? 235 00:14:57.000 --> 00:15:04.020 Marianne McGee: I was going to say more of the same. But you 236 00:15:04.020 --> 00:15:06.660 know, the thing is that the cybercriminals are always kind 237 00:15:06.660 --> 00:15:10.800 of coming up with new, you know, schemes and you know, maybe more 238 00:15:10.800 --> 00:15:12.990 of the same, but let's try something a little different 239 00:15:12.990 --> 00:15:17.100 this time. So, you know, I think overall the healthcare sector 240 00:15:17.100 --> 00:15:20.790 really needs to be, you know, on its toes, because you never know 241 00:15:20.790 --> 00:15:22.980 who's going to be the next victim. And again, you might not 242 00:15:22.980 --> 00:15:27.030 be the victim, but you might be the client of a victim who is 243 00:15:27.030 --> 00:15:31.080 then affected. So you have to have, you know, backups in terms 244 00:15:31.080 --> 00:15:35.310 of your suppliers, perhaps if your main supplier gets hit, and 245 00:15:35.310 --> 00:15:38.580 they can do what they need to do for you. There's a lot of 246 00:15:38.580 --> 00:15:39.660 considerations. 247 00:15:41.550 --> 00:15:45.060 Anna Delaney: Thanks, Marianne. For now, of course, because 248 00:15:45.210 --> 00:15:49.950 well, there's always a week with a healthcare incident. So thank 249 00:15:49.950 --> 00:15:53.400 you so much. Well, finally and just for fun, if you have to 250 00:15:53.400 --> 00:15:56.970 rewrite a classic festive carol to be about of course, 251 00:15:56.970 --> 00:15:59.520 cybersecurity, what would the title be? 252 00:16:01.380 --> 00:16:04.410 Marianne McGee: Jingle Bells, ransomware smells, data 253 00:16:04.410 --> 00:16:08.400 exfiltration stinks. That's as far as I can go. And I think 254 00:16:08.400 --> 00:16:09.690 that's as far as you can tolerate. 255 00:16:12.000 --> 00:16:14.220 Anna Delaney: Because I had actually - Crypto bells, crypto 256 00:16:14.220 --> 00:16:17.730 bells, encrypt all the way. Oh, what fun it is to code in a 257 00:16:17.730 --> 00:16:20.340 secure and safe array. Hey! 258 00:16:21.360 --> 00:16:22.260 Marianne McGee: I like yours better. 259 00:16:22.800 --> 00:16:24.210 Tom Field: I've got something appropriate if you're at the 260 00:16:24.210 --> 00:16:30.780 event you're going to tomorrow, Anna? I'm dreaming of a White 261 00:16:31.170 --> 00:16:32.640 Hat Christmas. 262 00:16:32.000 --> 00:16:36.110 Anna Delaney: Very good. And you got the backdrop for it, 263 00:16:37.430 --> 00:16:42.710 perfect. I also had - Deck the halls, deck the halls, secure 264 00:16:42.710 --> 00:16:49.670 the walls; but anyway, glad we ended on a tune. Thank you so 265 00:16:49.670 --> 00:16:56.480 much, Tom, Marianne. Insightful as always. And thank you so much 266 00:16:56.480 --> 00:16:57.620 for watching. Until next time.