9 min read
57. Hoala Greevy: "It's a matter of sorting the data, training the data, and then using those new learnings to provide greater phishing detection."
Hannah Trum Sep 22, 2021 12:00:00 AM
Episode 57 of HIPAA Critical features an interview about AI with Paubox Founder CEO, Hoala Greevy.
Rather read?
Hannah Trum: I'm Hannah Trum and this is HIPAA Critical, a podcast from Paubox where we discuss security, technology, and compliance news with healthcare industry leaders. AI isn’t anything new, but its place in healthcare certainly is. After all, much of the industry still relies on decades-old technology, like the fax machine. At some point, any industry has heard that machines or computers will be taking over every job. But here in 2021, that’s not true. So, I’d like to pose the question, “should we consider some tasks are better suited for artificial intelligence?” Earlier in the summer, I read an article on how an AI wrote a better phishing email than a human. If, in a recent test, a machine found a way to outsmart us in our inboxes, shouldn’t we be using the brainpower of our employees for actual tasks that move your company forward? Human error is the cause of so many HIPAA breaches and violations. Employees entering information manually into a system or listening to a voicemail in public are two ways data can be accidentally leaked. If we shift the focus from what AI can do to hurt us to what AI can do to help us, a company can grow and mitigate risk more efficiently. Here at Paubox, we're all in when it comes to AI and secure email for healthcare. We recently created a HIPAA compliant voicemail AI bot for a customer because the organization was worried about PHI leaks from overheard voicemails. The man leading this charge is our Founder CEO, Hoala Greevy. He's also my guest today. For those who don't know him... secure email has been on Hoala's brain for longer than he'd probably want to admit. He’s always working on new ways to alleviate InfoSec pain points in healthcare. It’s why he's the perfect person to explore how email AI and AI bots can launch the industry into new heights of technology and information security. Hi Hoala. Welcome back to HIPAA Critical! I'd like to just jump in at the very beginning. You describe email AI as anything that hasn't been done yet. But what exactly does that mean, in the tangible business sense?
Hoala Greevy: Yeah, sure.
During the pandemic, we've been staying in touch with our customers, answering them and asking their questions about trends we see in the market. One of the big trends for us is we've seen email use go up and not down, in fact, quite a bit.
One example is, many of our mid-market and enterprise customers have taken advantage of the pandemic, in a sense, to catch up on projects they've wanted to do for some time now. One of them's been replacing the physical fax machines and converting those fax numbers to efaxes or email, they still need to have a fax number because of the third parties they deal with.
But now these things are coming in as email attachments. Again, that's more email coming in and fewer printers are being used, more emails being sent. This, of course, flows with a hybrid remote environment.
Then therein lies the opportunity for email AI. It is taking that influx of new email, and providing workflow automation for our customers. This is also known as robotic process automation or RPA.
That's a really exciting one. There is taking the email, not all of it, certain types of email, and are doing workflow automation, business process automation.
Hannah: This actually leads me right into my next question. We recently launched a HIPAA compliant voicemail feature for our customers that was built with email AI. Can you give our listeners a more in-depth overview of this feature and how it came to be?Hoala: Sure.
We do Zoom Social Mixers once a month, any listener to our podcast would know this. You mentioned this at the end of our podcast with an open invite.
In a July Zoom Social Mixer, one of our customers said, “Hey, I have this problem where our corporate voicemail system sends an email, audio attachment if that person doesn't pick up the phone, on their work line. I'm afraid that they'll open these attachments in public on their smartphones because some sensitive stuff will be in their voicemail. What can you do about that?”
Hannah: The system was sending an audio file to someone's email that they could then listen to and then there could potentially be PHI heard out loud?Hoala: Yeah, especially if it's sent to a doctor or physician. Who knows, right? It's a regional healthcare provider, hundreds of 1000s of employees, lots of opportunities for risk there.
He saw it as “How can Paubox help us reduce our risk for this particular problem?”
So what we ended up doing was we set up our email AI for each customer that wants it and we look for the presence of an audio file, we open the audio file, we apply natural language processing to it and we transcribe what's said in the message into text. We insert that text at the bottom of the email sent by the voicemail system and the attachments are still part of the email.
But now the end-user gets to just scroll on their phone and read the voicemail.
Hannah: Which is what they want to do anyway.Hoala: Yeah, who wants to download and wait?
When it's just easier to just scroll on your phone, and you see the same thing. What's great about this solution is the transcription is so accurate, that they don't want to open it anyway. Because the fastest thing to do is just scroll and read. So it's reliable, it's secure and easy to use. And it fits all three big ideas at Paubox: security, reliability and ease of use.
He immediately knew that this was something we needed to build. And we built it within six days, rolled it out, and got happy customers using it. And that's our first foray into AI.
Hannah: Are there any other AI bots that we're testing behind the scenes that you could mention or things that are on the horizon that we'd like to test?Hoala: Oh yeah, sure.
We have a behavioral health organization in Florida. They're looking to automate some of their referral business workflows. This is for providing services for their patient population. They get referrals from other social workers, the court system, any variety of places for their clients.
They need to get that information and put it into their EHR system, which is specifically made for behavioral health. This is basically emails coming in from someone at that org, opening the email, and then transcribing, or copy-paste, manual input, basically, into their EHR system.
What we propose is, hey, we're already providing you folks with inbound email security, ransomware, ExecProtect, phishing protection, etc. We're seeing all the email flow through anyway, why don't we set up a system whereby we identify these referral-based emails coming in, will parse those emails and input that data into your EHR system? Simple idea, not easy to do, because hey, this is healthcare and it is complicated.
And we're heads down on that now. I think there's a lot of applications for other EHR systems out there. So pretty exciting stuff. Our customer can't wait to see this thing done. Because they've got a set of dominoes sitting behind it of other workflows they want to automate.
Hannah: I was gonna say, Can you give us some more examples of maybe simpler things that AI can do? Or things that automation workflows that people wouldn't even think about that this bot can take over?Hoala: Yeah, so I guess if we look at our own business Paubox, there's very little of business correspondence that happens just in our physical mailbox, right. If we hire an employee in a new state, we’ve got to go register with that state's unemployment system.
Oftentimes, that's a paper-based workflow. But other than that, every invoice, every receipt, all that stuff flows in on email. Whether it's tying to an accounting system, a billing system, a CRM, system, EHR, all this stuff's happening in email. We're going to rely on our customers and customer feedback to kind of point us in the direction of where to go next.
It just seems like there's just so much opportunity here. There's a human opening that email and doing manual work, which we've defined as a human endpoint, which is a term I learned about in a book on email AI I recently read.
Again, a human endpoint is when you have two systems or two sets of software that can't talk to each other. There's a human in the middle providing duct tape, i.e. manual input data entry to glue them together. And why not use software for that specifically, email AI software?
Hannah: Exactly. I feel the same way. There are so many things that humans are doing that are so antiquated, that can just be pushed into the future with an AI bot. A little earlier, you mentioned that our voicemail transcription service uses natural language processing. This is a tool that I have read has actually been used to create an “AI as a service” for cybersecurity threats, especially with phishing campaigns. What is some information that we can learn from AI bots about how they are built on to prey on human error? Hoala: Yeah, so I guess for me personally, I don't have any first-hand experience when it comes to phishing detection or phishing simulation when it comes to AI bots. But we are currently heads down in that arena as well. I look forward to returning to HIPAA Critical In the near future to provide my findings. Hannah: Oh, don't worry, I'll pick your brain about it, don't worry. How do you think machine learning can change how we view phishing spam and ransomware?Hoala: Yeah, this is a perfect example for AI to provide value here.
As we see phishing and ransomware campaigns continuously evolve, it gets very hard for a human mind to programmatically insert logic into an email security system to keep up with these threats. They're just seeing there gets to be at some point too many connections for the human mind to have in their head and to make the correct assumption at scale.
This is really where machine learning and AI come in handy, where you're providing correctly labeled data sets, in our case, what's a good email, and what's bad email, and then providing enough correctly labeled data where the machine learning algorithm can provide deeper insight that a human wouldn't be able to do.
We're heads down in that currently as we speak. And, you know, the clever part about this whole thing is, we see tons of this every day coming in because we provide inbound security.
It's a matter of sorting the data, training the data, and then using those new learnings to provide benefit across our entire platform of customer base to provide greater phishing detection, because that's what our customers want. The spam kind of a subjective thing kind of depends on the recipient. But we know 100% of people don't want phishing and ransomware attacks.
Hannah: So do you think that email, AI and AI bots will be the future of cybersecurity and healthcare?Hoala: Oh, yeah, I mean, if done correctly, they can and should be this is the perfect use case for AI. We look to provide leadership in that direction, especially for email AI as a concept. There's very little being done with it right now.
Hannah: I think something that can scare people when it comes to new technology, or artificial intelligence, is that AI is going to replace all of our jobs. Do you think that AI will be able to replace a compliance officer or IT manager in the future?Hoala: No, I think it will be a nice complement to them.
If we look at if we think about artificial intelligence, what it's really doing is providing more and cheaper access to prediction, the democratization of prediction, if you will.
In the case of our voicemail transcription robot, the NLP is providing a prediction on what that text, that voicemail is actually saying. And if the prediction is accurate enough, then that's providing new insight for the human. And then they can make a judgment call from there.
There are always going to be humans needed to make judgment calls. But if they can leverage AI to provide them more accurate and cheaper predictions, then they'll be more valuable and more highly paid in their job.
When it comes to compliance officers and IT managers, I think they will learn to view this as a complementary toolkit or another feather in their hat, if you will, something you'd want to take with you across jobs.
Hannah: This was kind of a curveball question. But do you think that email could be used or trained to give personalized phishing campaigns or tests to employees based on their own email and their own inbox usage?Hoala: Oh, yeah, for sure. I have skimmed an article recently where they provided some theoretical ways to do this. And that would not be very much of a stretch for us to provide that as a value add to our customers as well. Once we get more comfortable with email AI as it relates to phishing, why not include a phishing simulation?
Hannah: We tell everyone that education is a big key in cybersecurity hygiene and health. And if your employees are not tested and that they're not putting their education to the test, then you are really opening your company up to a HIPAA violation or a data breach.Hoala: Yeah, that would be a nice add-on for us to provide for sure.
Hannah: Well, Hoala, thank you for joining me today. Is there anything else you'd like to let our listeners know about email AI?Hoala: We are talking about this often in our monthly Zoom Social Mixers. So please join us if you're a customer or currently talking to our sales team and thinking about becoming a customer. We actually do listen and take action on the things discussed in them.
Hannah: Yes, I will put my information at the end of this episode, so you can email me if you'd like to attend one of our social mixers. Well, thanks again. Hoala. I really appreciate it. To read more about Email AI or to get started with Paubox Email Suite, head to paubox.com Are you registered to attend our next free social mixer? Join us on September 23 to network within the industry. We’ll send you a complimentary beverage to your door that day! Please email me at hannah@paubox.com , and I’ll get you registered. We have rescheduled our 4th annual healthcare cybersecurity and innovation conference, Paubox SECURE, to March 23 and 24th at the Park MGM in Las Vegas. Head to pauboxsecure.com for more information. You can listen to every episode of HIPAA Critical on paubox.com or subscribe via Apple Podcasts , Spotify , iHeartRadio , Stitcher , Amazon Music or wherever you listen. Thank you for tuning into another episode of HIPAA Critical; I’m your host, Hannah Trum, signing off. SEE ALSO: HIPAA compliant email: the definitive guideSubscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.