Jan Thornborough

So two factors, when you have your login and then you're required to give another factor, sometimes it might be a biometric, so it could be your fingerprint or facial recognition.

It could be a code, so you might have an authenticator app on your phone and you have to plug in the code.

Or, and this is not very common these days, a secret phrase.

They've tended to phase those out because they're not very secure.

Having that second piece of information that they require...

makes it a lot harder for the hackers to get in.

It's not 100% fallible because we have seen attacks where hackers have bombarded people in the middle of the night saying, please authenticate the login and hope that people will get sick of being bombarded and just click yes to get in.

But it is actually a really good second step to make sure that they're not going to just immediately get in there and get your stuff.

Yes.

So if they've got professional licences, then in theory it should be contained within their own health system and it should be relatively safe.

And I say relatively because there's still a lot of unknowns about artificial intelligence.

If they aren't using a paid licence, then it is really available to whichever individual.

AI they're using.

We are seeing cases overseas.

For example, in Australia, there was a case where a bunch of nurses were summarising patient notes using a free version.

I think it was chat GTP.

So as long as they are controlling the technology appropriately, then we should have confidence in it.

But unfortunately, a lot of health organisations have not made the connection that we're now working in a digital ecosystem and everything is

is underpinned by technology and data is the new gold.

Organisations, they look at their financials, they look at their HR and legal, they understand all those things, but they don't take responsibility for the technology and making those decisions around technology.