Microsoft warns of a phishing campaign bypassing MFA protections Artwork

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.

All Episodes

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Microsoft warns of a phishing campaign bypassing MFA protections

May 08, 2026

0:00 | 4:23

In this episode, we examine a Microsoft-flagged phishing campaign that bypassed MFA across 13,000 organizations, analyze Saint Anthony Hospital's breach notification that expanded from 6,500 to 146,000 affected individuals, and discuss the ransomware attack impacting 92,000 patients at a Puerto Rico community hospital. Key takeaways include the importance of layered email security, thorough incident scoping, and addressing configuration blind spots before threat actors exploit them.

SPEAKER_00 0:00

You're listening to Palbox Weekly, fully automated.

SPEAKER_01 0:02

I'm Jen, cybersecurity analyst, professional paranoid.

SPEAKER_00 0:06

And I'm Alex, healthcare IT guy who still believes in happy endings. Sometimes. Optimist. Someone has to be. Alright, let's get into it. Microsoft dropped a warning this week about a phishing campaign that, honestly, Jen, the scale on this one.

SPEAKER_01 0:23

Yeah. 35,000 phishing attempts in three days, over 13,000 organizations. And here's the kicker. It bypassed MFA.

SPEAKER_00 0:32

Which is supposed to be our safety net.

SPEAKER_01 0:34

Right. These emails were disguised as internal communications. So you're not getting the usual Nigerian prince vibes. You're getting something that looks like it came from your own IT department.

SPEAKER_00 0:45

92% of targets were US-based. Healthcare orgs were definitely in the mix.

SPEAKER_01 0:51

The takeaway here: MFA is necessary. But it's not magic. You still need email authentication. You still need user training. Layers, people. Layers.

SPEAKER_00 1:01

Onions. Ogres. Security. Did you just quote Shrek? Moving on. Let's talk about something that happened closer to home. St. Anthony Hospital in Chicago.

SPEAKER_01 1:13

This one's rough. They had an email compromise back in early 2024. Initially reported around 6,500 affected individuals. And now? That's more than 22 times the original estimate. It took over a year to fully scope. Two employee email accounts were compromised, and the data exposed included PHI, names, medical records, the works.

SPEAKER_00 1:38

So what's the lesson here?

SPEAKER_01 1:40

Incident response isn't just about stopping the bleeding, it's about knowing how deep the wound goes. A lot of orgs underestimate initial breach scope because they haven't done the forensic work yet. And then the notification updates keep coming. Which is its own kind of reputational damage. Get it right the first time, or as close as you can.

SPEAKER_00 1:59

Alright, staying in the breach lane, Puerto Rico, a 45-bed community hospital in Fajardo.

SPEAKER_01 2:05

Hospital Del Nino. 92,000 patients notified after a February ransomware attack. Claimed by a group calling themselves the Gentlemen.

SPEAKER_00 2:15

Very polite name for a double extortion gang.

SPEAKER_01 2:17

They posted the hospital's data on a dark web leak site, gave them about 10 days to respond before threatening to publish everything. And we don't know if a ransom was paid? Nope. Not confirmed. Which usually means either they're negotiating or they paid and don't want to say.

SPEAKER_00 2:33

45 beds, 92,000 patients affected. That's a small hospital with a massive data footprint.

SPEAKER_01 2:41

Community hospitals are prime targets. Fewer resources, older systems, same sensitive data as the big guys.

SPEAKER_00 2:48

The fix isn't always budget. Sometimes it's just visibility. Knowing what you have and where it lives. Exactly. Okay, let's end on something a little lighter. Powbox News, the Kahikina Scholarship. I actually didn't know half of this stuff. Right? So the scholarship supports native Hawaiians pursuing STEM or tech careers.$1,000 a year, recurring until graduation.

SPEAKER_01 3:15

That's the part I love. It's not a one-time thing.

SPEAKER_00 3:18

It follows you through your degree. And now it's officially a non-profit, which means donations are tax deductible.

SPEAKER_01 3:26

And you can apply at any stage, undergrad, grad school, even beyond.

SPEAKER_00 3:30

If you know someone who qualifies, or you want to contribute, we'll drop the link in the show notes.

SPEAKER_01 3:36

It's a good program. Tech needs more pads in, not fewer.

SPEAKER_00 3:40

Agreed. Alright, let's bring it home. What's the thread this week?

SPEAKER_01 3:44

It's not bad luck. It's bad configurations. Blind spots. Ransomware hitting small hospitals because they didn't know what they were exposed to.

SPEAKER_00 4:02

And most of it, fixable.

SPEAKER_01 4:04

That's the thing. None of this is inevitable. It's just unaddressed.

SPEAKER_00 4:09

So address it.

SPEAKER_01 4:10

Before someone else does it for you.

SPEAKER_00 4:12

That's the show. Thanks for listening to PalBox Weekly fully automated.

SPEAKER_01 4:17

Stay safe out there, and maybe double check that internal email before you click.

SPEAKER_00 4:21

See you next week.