Founder and CEO of Black Talon Security Gary Salman joins us to share best practices to help protect your business from a cyberattack. Tune in as we discuss the most common cybersecurity issues health care businesses face, laws that impact medical providers, and how to begin safeguarding your business in a few easy steps.
Listen to the full episode using the player below, or by visiting one of the links below. Below is the episode’s transcript which has been edited for readability. If you have any questions or would like to learn more, email us at email@example.com
Intro: [00:00:00] Welcome to Legal 123s with ByrdAdatto. Legal issues, simplified through real client stories and real world experiences. Creating simplicity in three, two, one.
Brad: Welcome back to another episode of Legal 123s with ByrdAdatto I’m your host Brad Adatto with my cohost Michael Byrd.
Michael: As a business and healthcare law firm details matter. This season’s theme is zoom in. Once we know our big picture vision or strategy, we have to roll up our sleeves to get the work done. With each episode this season, we will have our typical stories and make sure we talk about specific actions to focus on for 2020.
Brad: You know Michael, I’m real excited for today’s episode. We have a guest joining us has a really cool background in cyber security, which means protecting companies from cyber-attacks.
Michael: Brad, I don’t know if we’ve ever had to stop an episode this early, where you’ve started with words, terms of art that the world may not know about. [00:01:00] You talked about cyber security and cyber-attacks in the same sentence and there may be some people that don’t know what you’re talking about. Although with all the news lately, maybe they do.
Brad: That’s a fair point. And our guest hopefully will do a better job explaining cybersecurity than some silly attorney but what I find interesting, most people don’t even know that they are even in a cyber-network. So easiest example is if you save your data on files on an offsite network that has a pool of these configured computer resources you’re using cloud storage.
Michael: Yeah Brad, I think we’ll leave it to the expert.
Gary: Fair enough.
Michael: When you started talking about cyber this and cyber that, it did remind me of one of our favorite TV shows that we both are currently watching.
Brad: Ted Lasso.
Michael: Yes. For those not familiar with Ted Lasso as a TV show on Apple TV. And it’s about an [00:02:00] American college football coach who is hired to coach professional, English soccer, or English football team. And it’s a feel-good show.
Brad: Yeah. And I love it, Michael. Cue the audience though, as to why cyber network talk has made you think of Ted Lasso?
Michael: Well, there was a recent episode you and I were laughing about. First of all, I mean, there’s tons of great lines that come out of every episode, but one that I thought of when we were prepping for today’s show, when you just said, cyber again was the statement from coach beard on an episode. And in this episode, he admits that he and his girlfriend, Jane are now sharing an iCloud account as a form of quote digital intimacy.
Brad: Yeah there’s so many funny lines in that story. The heart of the show is really helping other succeed. So obviously you have the [00:03:00] passion statement for ByrdAdatto is helping others succeed. So maybe that’s one of the reasons why you and I relate so much to the show. Ted Lasso has so many funny quotes. The one I took just to give the heart of it when Ted Lasso is being asked about the fact that this team’s not doing well, he said, for me, success is not about the wins and losses. It’s about helping these young fellows be the best versions of themselves on and off the field.
Michael: Yeah. Other than that, there’s not much of a commonality like Ted Lasso gives you the exact opposite feeling that a cyber-attack might give you. So let’s move back to talking about cyber-attacks, even though it’s much less feel good.
Brad: Yeah. And let’s give some context to our audience who’s not familiar with cyber-attacks and give them a couple of different examples. Michael, can you think of any examples of cyber-attacks that you’re aware of?
Michael: Well again, I’m going to reveal my simplistic knowledge, but of course saw on the news, the colonial pipeline hack a recently.
Brad: Yeah. And for those [00:04:00] who don’t remember, that was a hack by the dark side who attacked and targeted the colonial pipelines billing system and their internal business network. This led to a widespread shortage all across the east coast, and unfortunately led to east coast residents hoarding gas, and actually setting one of the cars on fire because they’re putting in plastic bags and bins. Real intelligent there. So this disrupted so much that they eventually paid 4.4 million in Bitcoins to the hackers, the dark side group. Although according the New York Times, I just read US law enforcement was able to recover much of the 4.4 million ransom, but they still haven’t really determined who is the dark side gang. So, Michael, are you a part of the dark side gang?
Michael: No, but I was thinking at least the toilet paper didn’t run out. And they did get some of the money back.
Brad: Another one that I just read about recently happened to the NBA team, the Houston Rockets, where another group hacked them [00:05:00] and took about 500 gigabytes of confidential data. And as of this moment, when I just read about it just yesterday and they’re going to threaten the rockets if they don’t get paid some money and release a whole bunch of information. So far, nothing has been released on that one.
Michael: Hm. I haven’t heard about that one.
Brad: All right, one more. This one’s kind of interesting, just because there was a group that hacked a cyber-asset company in Japan, which had a cyber-exchange called liquid and liquid is of the world’s largest cyber currency exchange platforms. Now it’s funny thinking about all the cyber-attacks and how they get paid with cyber currency. So now liquids trying their cyber exchanges to help track their stolen cyber exchange money. It gets really complicated but basically 97 million of cyber currency was stolen off that.
Michael: As the kids would say, I think that would be very meta. [00:06:00] Okay. Well, we could probably list a ton of stories on these known hacks, but let’s bring in our special guest today who can give us a much more expertise on cybersecurity. So today’s guest is Gary Salman and he’s the founder and CEO of Black Talon Security. He has over 30 years of experience in software development and computer IT. He developed one of the very first cloud-based healthcare systems. He’s a speaker and writer on cybersecurity threats. He has been in over 30 national publications and news stories, but the one I know Brad likes the best is Gary has over 15 years as an instructor at West Point. Gary, welcome.
Gary: Thank you very much honor to be here. Appreciate that.
Brad: Yeah, no, and we’re excited again, that you’re here, Gary. And for the audience, we like to give disclosures when we can. Gary’s company we liked when we [00:07:00] interviewed him and talked to him a long while back now, we liked him so much that ByrdAdatto actually has hired his company to help us with cybersecurity. Gary for our audience since we keep using this term over and over again, what is a cyberattack?
Gary: Sure. I think we can probably break it into a couple of different categories. Through some of your examples, I think you’ve basically nailed it. You know we see the attacks occurring in probably two primary ways. One is the encryption of all of the businesses data. So the hackers either electronically break in, or they socially engineer, which means trick employees. And then they encrypt all the data on the servers, the workstations, and the backups. Basically forcing the business to pay an extortion fee known as a ransom payment to get the data back. So that’s, that’s one issue. The other issue is the theft of the data. So in about 75% of the cases that we’re dealing with right now, the hackers break into these [00:08:00] networks, they go undetected in many instances for weeks, they basically exfiltrate, which is a fancy word for steal and they take all this data and then they encrypt it. The theft of the data and the encryption of the data is now known as a double extortion. So the reason they’re really doing this is because they’re almost guaranteeing that they’re going to get paid. So if you’re for instance, a healthcare entity and all your patient data is stolen, however, maybe you’re lucky enough to have backups as that healthcare entity you’re going to need to make a decision. Am I going to just restore the backups and not pay the criminals? Or am I going to pay the criminals in order to prevent them from leaking all the information, taking every single patient record health history forms, uh, images x-rays lab reports, driver’s licenses, insurance cards, communications with [00:09:00] other doctors. Can we prevent that from being leaked by paying them? So that’s the decision tree that these businesses and healthcare entities are making right now. So if you have confidential information, if you’re a non-healthcare entity, then you may say, look, it’s not worth this data being leaked, even though we can restore it from our backups, we’ll pay them the $2 million they’re asking. So that’s the unfortunate event. Years ago, we just saw the encryption of the data. Now we’re seeing the double encryption. And actually there something known as a triple extortion. I misspoke before, the double extortion, the triple extortion methodology entails the threat actors actually contacting either the patients or partners of these businesses and saying, hey, we encrypted this business, the data we stole their data. If you don’t want us to leak information about you or your business encourage that business to pay us. Yeah, so, I mean, that’s where this is going [00:10:00] now because they’ll do anything to get paid. That’s the reality of it, it’s a business for them.
Michael: That is both terrifying and fascinating at the same time. So tell us why you started Black Talon and what it does.
Gary: So Black Talon is a cybersecurity firm that specializes in cyber. I think one of the biggest challenges we see in the healthcare market and the small and medium business market is leaders, the doctors, administrators, business owners don’t understand that there’s a dramatic difference between what cybersecurity firms do and what IT companies do. IT companies are not cyber companies and cyber firms are not IT. We don’t do IT work. We just have highly trained and credentialed individuals that spend basically 24/7 understanding how hackers breach these systems, the types of damages they do, and then put proper defenses in place to prevent them from happening. I think the best example that [00:11:00] I can come up with, especially in the healthcare field is this, if you go to your internist and the internist listens to your heart and says, hey, listen, I think you have a problem here. We may need to do a bypass on you, but don’t worry I just built a operatory in the office space right next to me. Why don’t I just walk you over there right now? We’ll lay down on the table, we’ll hook you up to some general anesthesia, I’ll crack your chest and we’ll do the bypass right here. And you grab your closing on out of the room, right? Because that internist is a generalist and they serve a very important purpose, but they’re not a cardiothoracic surgeon. They’re not going to do a triple bypass. But the problem we have now is that most business owners say, oh, my IT guy builds computers and he keeps us up and running and he knows a lot, so he can protect me, but it’s a totally different set of knowledge, credentials, training knowledge, et cetera, just like it is [00:12:00] in the healthcare space, or in the tax world you wouldn’t have your bookkeeper prepare complex tax returns, same exact concept. So we formed Black Talon to really help small, medium businesses, health care entities protect their data by specializing in this. So we work hand in hand with IT companies all across the country and we add additional layers of security, which we can talk about to help prevent what we just discussed. You know, the theft of data, the encryption of the data, and one of the most important things is the business interruption. Almost anyone that gets hit by a cyber-event, ransomware, et cetera, they typically have to close their doors for about two weeks, regardless of how good or how redundant their systems are. That’s what happens. Look at even these monster multi-billion dollar companies. Look at CNA insurance. They were closed for weeks. Literally every computer was encrypted with ransomware. What do you do? [00:13:00] 18,000 something computers, I think is what the report says. So here’s a company with ridiculous amounts of money, it’s not like they flipped a switch and magically, everything came back on the next day. So, you know, in the healthcare space, we see the exact same thing. Most healthcare entities will close their doors for two weeks, not be able to treat patients, not be able to access their EHR, EMR systems, imaging lab reports, prescriptions, and things like that. So this goes way above and beyond just the theft of the data and the encryption, can’t treat patients and patient care suffers dramatically.
Brad: Yeah. I started this episode with this three examples. You just gave another one, but obviously without really revealing your actual client, do you have a story that you can share with us about how serious is the impact that had on that particular client?
Gary: Yeah, I have two really good recent examples. One is an ortho practice in Utah. They were hit about [00:14:00] two months ago by Conti ransomware, which is a very, very active threat group and basically they breached the network electronically. This one was not a targeted attack against an employee or a doctor. They electronically breached the network. They were on the network for about two weeks before they revealed themselves, meaning they encrypted the computers. But during that two week period of time, they offloaded all of the patient data, they left ransom notes all over the machines, basically kind of like a warning saying, hey, we’ve encrypted all of your data. Here’s who we are, here’s how you contact us on the dark web. We informed the practice that Conti is notorious for stealing patient data and believe it or not, the doctor’s like, yeah, I don’t know if that’s really true. I think that’s just an idle threat. I don’t think they actually do that. Why would they steal our data? So we made contact with the threat actors to the dark web. We asked for proof [00:15:00] that they stole the patient data. They sent us a one gigabyte zip, one gigabyte data file of a patient data. So we opened it in front of the doctors and they flipped out. So they saw photos of their patients, you know, obviously like I described before lab reports, medical notes, everything driver’s licenses, insurance cards, all of the above. Some of these patients were children, which actually made it worse. And that’s when the doctor’s like, you know, what mom or dad is going to trust me with their patient care now when I have to go and tell them that this happened. This resulted in the practice being down for about 10 days because every single machine, every workstation, laptop, tablet, server was fully encrypted with ransomware. And what made it even worse was they gained access to all their cloud backups. So in this case, the practice originally thought that they were probably going to be in an okay place because they’ll restore their data from the cloud. But they conducted [00:16:00] surveillance on the network in during that two week window and were able to get the credentials to their cloud backup. All right so once again, if you think about it, they don’t want to just reveal themselves instantly, right? By hitting them with ransomware, they want to guarantee that they’re going to get paid. This event costs us practice about a quarter of a million dollars of which they did not have insurance. So even if they did have insurance they still would have been down the same amount of time. That doesn’t change anything. Yeah, the burden of the financial impact would have been mitigated, but yeah, I mean really, really upsetting situation. And then what also happens is they have to go through a full forensics investigation to once again confirm that the data was stolen, even though we knew it was stolen. So the doctor sits and wait for a couple of weeks for that news. You know from a psychological standpoint, a lot of people don’t think about the impact as a business owner, as a doctor, as a trusted person, [00:17:00] right now, you got to deal with, hey, what are my, patient’s going to think? What are my staff going to think? The other case that we did just recently was with an orthopedic group in the Southwest, and they got hit by Conti as well, constantly demanded $550,000. The group, because they didn’t have insurance. This happened to be a pretty large group of doctors, 20 doctors in this group, they opted not to pay. And when we went radio silent with a threat group, they immediately started contacting the employees, telling the employees that they stole the HR files. They have their social security numbers, date of birth. They started emailing them, telling that they should demand that their boss, that’s what they call them, we want your boss to pay us otherwise you know, we’re going to go after you individually. So it created unbelievable chaos for the doctors and the nurses and the staff within the practice, because now it’s personal. So [00:18:00] there’s lots of things unfortunately, people don’t think about, they all say, hey, I have this magic backup and I’m going to press the magic pink button and the unicorn is going to appear and we’re going to be fine again. And in most cases, that that just doesn’t happen.
Michael: Wow. That’s amazing. So kind of with all that scariness, what are some of the best practices you can offer to our audience to assist with protecting themselves from a cyber-attack?
Gary: Right. So really great question. And I think the reality is almost every case we’ve dealt with and we’ve done a ton of these ransomware cases is they’re preventable. Using best practices. So as scary as this is, and it’s horrible, the situation is most businesses get hit because they don’t have what’s now required to be in place. So let’s go through a couple of things that you can almost do on your own and then others are going to take a specialty firm to do. So for email, multi-factor authentication is critical. [00:19:00] So many practices have email breaches and businesses have email breaches simply because they don’t have MFA turned on. If your email platform does not support MFA, it’s either called two factor authentication or multi-factor authentication, get a new one. It’s that simple. Find a new one. Second, use strong, unique passwords. One of the things that hackers do is they will gain access to these databases that have all of these previous breaches. And in these databases, it’ll have your username and password and they will try and reuse your username password to see if you use the same password on your email accounts, on your bank account, things like that. So you should be using strong, unique passwords and by strong I mean at least 14 characters, upper and lower case letters, numbers, and special characters, like an exclamation point hashtag and make sure every website you go to has a unique password. You can also use a password manager, [00:20:00] which we just don’t have a lot of time to talk about that today. But look at password managers, they are a very effective tool. Patching of computers is really important. I hear this all the time from businesses, oh our IT companies patch computers all the time. And then we get onto these networks and they’re like, oh, you’re missing security patches from 2019. And it’s almost 2022 so help me understand how you’re doing proper patching. So that’s an issue. And then in terms of actual cybersecurity solutions, it all starts with a security risk assessment. Which is when a cyber-firm basically asks your organization, you know, somewhere between 100 and 500 questions, depending on the size and type of organization you are. And what that does is that helps expose where you have risks that you’re not even thinking. One of the big issues right now because of COVID is remote employees. And everyone’s working from home and their 10 year old kid [00:21:00] downloads, you know, a nasty video game and it’s malicious and it moves from their computer to your work computer from your work computer, right up to the corporate environment, or right into the practice. Disaster. So then discussions about how you back up, where are you back up, even nowadays who has access to your data at those backup companies? And when you ask most business owners, where are your backups actually stored in the cloud? You know what the answer is? Crickets. No one has any idea. No one has any idea, but as the owner, you got to know that, right? That’s kind of a must have. So conducting a security risk assessment is critical. Next, hackers breach networks in one of two ways as we opened the conversation with they either trick your employees and employees give them access, or they hack in electronically. So in terms of electronic hacking, the hackers use vulnerabilities to explain networks. So what they’ll do without your [00:22:00] permission is they’ll scan your firewalls. They’ll scan your devices, they’ll look for vulnerabilities. And if they find them, there are hacking tools that are designed to specifically exploit those known vulnerabilities. So you can gain access to a laptop, a workstation, a server, even a device like a smart device hanging on your wall and then use that as a launching pad to get it other devices. So once they’re in your network, they will do what’s called a pen test. They will launch tools inside your network to find other devices that can be exploited and ultimately get to the data. That’s what they do. So through vulnerability management and identifying these risks, you can eliminate those vulnerabilities and really do a great job at hardening your network. So if there are no vulnerabilities, they’re going to then typically rely on your employees. So the way you beat them at that game is through training. Cyber security awareness training if you’re in healthcare is required under HIPAA, it’s not even an option. It’s like OSHA, you can’t be like, [00:23:00] oh, sorry my nurse got stuck with a needle. I didn’t know I had to train on OSHA. That doesn’t work in the legal world. So you have to train your staff on how to identify threats that present through the use of email and the internet. It should be ongoing with constant reminders. Once again, cyber firms typically provide some type of a training platform to educate doctors, employees, administrators, things like that, business owners. Another thing that’s very effective is a penetration test. I sit on a lot of panels with law enforcement and probably the best statement that I ever heard from an FBI agent was either do a pen test yourself or the hackers will do it for you and one’s going to cost you a lot more money. And you know which one that is. So if you pull your firewall logs for your business or healthcare, you’d be horrified, horrified at how many things the firewall is actually stopping, but at some point they’re going to get through. So [00:24:00] a pen test is when ethical hackers working for cyber firms, actually try and break into the system with very limited information, basically the same amount of data that a criminal would have. And if they’re successful, they’ll sit down with the IT resources and help them understand how they’re vulnerable and what things need to be put in place to patch those vulnerabilities. The last thing that we’re starting to see, which is a very effective tool is something called endpoint detectionary response, or really the next level up is called extended detectionary response. This is a piece of artificial intelligence software that goes on every single computer in your business or office and what it does is it looks for the fingerprints of malicious code looks for hacker staging and attack, or actually having access to your network and does a couple of things. If it’s a text malicious code, malicious hacking tools, it literally launches a kill against them and destroys them. If it detects the staging of an attack, often hackers use [00:25:00] similar tools and tool kits. It will isolate the machine, it’ll literally shut that machine off from the rest of the internet and alert the cyber firm, hey, we got this going on and this may be enough to stop a massive attack against the org. So this XDR extended detectionary and response basically allows it to look at all the computers in your environment, mine all of that data, and within fractions of a second, make decisions a hundred percent autonomously. It doesn’t rely on notification and some human behind a keyboard making a decision. It just makes the decision right or wrong. Most cases its right. So these are the types of things that practices and businesses really need to have in place. Vulnerability management, pen testing, security, risk assessment training, this XDR software.
Brad: Well, Gary, first off, thanks again for number one, terrifying our audience. So that’s great, but more importantly, educating them on how there are certain things to put in place to protect them. So we want to thank you again [00:26:00] for joining us today on the Legal 123s with ByrdAdatto. We’re going to say goodbye for now, but thanks again for joining us.
Gary: Absolutely. It was a pleasure. Enjoyed it. Thank you very much.
Michael: Awesome. We’re going to go to commercial when we come back, Brad, you and I can have a wrap-up discussion from a legal perspective on all this great cybersecurity talk.
Access+: Many business owners use legal counsel as a last resort rather than as a proactive tool that can further their success. Why? For most it’s the fear of unknown legal costs. ByrdAdatto’s Access+ program makes it possible for you to get the ongoing legal assistance you need for one predictable monthly fee that gives you unlimited phone and email access to the legal team so you can receive feedback on legal concerns as they arise. Access+, a smarter, simpler way to access legal services. Find out more. Visit byrdadatto.com today.
Brad: Welcome back to Legal 123s with ByrdAdatto. I’m your host Brad Adatto with my cohost Michael Byrd. Now, [00:27:00] Michael, I’m extremely thankful that Gary could join us and terrify our audience today. Let’s jump into the second half, which is the application of the law.
Michael: Yeah, no doubt. I have the brain exploding emoji going in my head right now. With this season being zoom in, I think it’s time to focus on taking this seriously, obviously. So Brad, let’s talk about some of the laws that impact medical providers.
Brad: Yeah. And Gary mentioned this, he said the word HIPAA. And again, for those not familiar with it, it’s the health insurance portability and accountability act of 1996, just rolls off the tongue. This is a federal law that requires the creation of national standards to protect sensitive patient health information. Also known as PHI for being disclosed and basically [00:28:00] without the patient’s consent or knowledge,
Michael: Talk about dialing it down real quick, going from the almost hypnotizing talk of these cyber-attacks to HIPAA is slamming on the brakes real fast, but how in the world does HIPAA apply to cyber?
Brad: Well, I thought you’d never ask, Michael. HIPAA has basically two rules that you have to be aware of. For our audience, one is the privacy rule and one, it’s a security rule and I’ll keep it real safe and fast. The privacy rule is the safeguards of protecting that protected health information. So what are the privacy standards? The security rules are, as it sounds, what ways to creating and maintaining, when you’re submitting this information in electronic form, which is also known as electronic protected health information.
Michael: Brad, you’re crushing it.
Brad: Thank you, man. All right, last statement on HIPAA and I’m going to move off it real quick. So basically at the understand that, assuming you are a [00:29:00] medical practice, that HIPAA applies to it. And we could do a whole episode but that would probably bore everyone to death. And that you have this PHI, you have to develop safeguards and anticipate these threats to secure this data. And that’s why developing a HIPAA compliance plan and processes is so important.
Michael: We get a lot of pushback on the time, effort and cost of developing a HIPAA compliance plan. We’ve been trying to push that ever since it became a requirement. What? 2009 was it? Oh my goodness. So what are some of the easy steps a client can take to start this process without having to even hire a law firm or a cybersecurity firm?
Brad: I mean, the easiest thing you can do is just kind of start this, we can call it our risk assessment, but really just start looking around and really start thinking about what are the protective measures that you should start to protect these assets or the protected health information. And I’ll give you two just real [00:30:00] simple ones to think about physically. Like, where is your data stored? Gary talked about it, is it stored on a laptop? Is it stored on a flash drive? Is it stored up in the cloud? Where is it physically located? And once you figure out where it is physically located, what technical aspects have you put in place to protect it? Are you using some off the shelf cybersecurity to have some type of codes? Have you updated your computers lately? Because if you are having protected health information and you are using EPHI, there is a HIPAA level security auditing that you should be having either your group that’s working with you or a group like Gary to kind of check into it. He talked about two factor authentication or multifactor authentications. All of these are ways for you to start thinking about ways to start protecting it. Again, these are two steps, they are things that you could do without ever having to contact a Gary or a law firm.
Michael: And then on the, [00:31:00] Gary mentioned the people’s side surprise, surprise that people are a risk, and the administrative side of assessing your risk. And this could be as simple as developing internal policies for your business, for cybersecurity protection and actually implementing the policies and training your employees along the lines of what Gary said.
Brad: Yeah. All right, Michael, these are all good points. And I know we’re going to kind of close out the episode here, but let’s hit the pause button again, and zoom in and talk about specific actions to focus on cybersecurity.
Michael: I think two things, number one is you want to look at your insurance situation and make sure you have appropriate coverage for a cyber-attack.
Brad: Totally agree.
Michael: Because we’ve had clients whose businesses have been saved because [00:32:00] they had it. And then secondly, as boring as it sounds and as much as we’ve been saying it, build your HIPAA compliance plan. If you do anything policy-wise in 2022 and you accomplish putting together a HIPAA compliance plan it will go a long way, both to mitigate risk on a cybersecurity attack and protect you if something happens and you have a breach. I’ll just wrap it all up by going back to our episode of Ted Lasso and what we really don’t want to happen is for you to have some unwanted digital intimacy with a hacker.
Brad: Yes, that’s for certain. Well, thanks again and join us next Wednesday when our longtime friend and client Dr. Grant Stevens will be joining us to discuss technology in the healthcare industry.
Outro: Thanks again for joining us today. And remember, if you liked this episode, please subscribe. Make sure to give us a five- star rating and share with your friends. You can also sign up for the ByrdAdatto newsletter by going to our website at byrdadatto.com. ByrdAdatto is providing this podcast as a public service. This podcast is for educational purposes only. This podcast does not constitute legal advice, [00:33:00] nor does it establish an attorney- client relationship. Reference to any specific product or entity does not constitute an endorsement or recommendation by ByrdAdatto. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Please consult with an attorney on your legal issues.