SAG-AFTRA Health Plan settles phishing breach class action for
$950,000 Artwork

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.

All Episodes

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

SAG-AFTRA Health Plan settles phishing breach class action for $950,000

May 15, 2026

0:00 | 4:39

In this episode, we break down the SAG-AFTRA Health Plan's $950,000 phishing settlement, Medtronic's nine-million-record breach, and the Inc Ransom attack on Sandhills Medical Foundation. We also highlight Henderson Behavioral Health's patient-centered approach and discuss practical takeaways for strengthening your organization's security posture through staff training, system patching, and incident response planning.

SPEAKER_00 0:00

You're listening to Pow Box Weekly, fully automated.

SPEAKER_01 0:03

I'm Jen. I break into systems for a living.

SPEAKER_00 0:06

Legally, most of the time. And I'm Alex. I spend my days making sure healthcare IT doesn't fall apart. Sometimes I even succeed.

SPEAKER_01 0:15

Big week. We've got phishing settlements, ransomware, a massive medical device breach, and this is the good part, some actual humans doing good work and behavioral health.

SPEAKER_00 0:25

Let's start with the painful one. SAG After Health Plan just settled a class action for $950,000.

SPEAKER_01 0:34

One email, one employee clicked a phishing link. And now nearly 100,000 health plan members have their data floating around.

SPEAKER_00 0:41

That's what gets me. This wasn't some sophisticated nation-state attack. It was a phishing email.

SPEAKER_01 0:48

And it spawned four separate lawsuits. Four. Because one person didn't recognize a fake.

SPEAKER_00 0:54

The takeaway here is obvious but worth repeating. Phishing training isn't optional. It's not a checkbox exercise.

SPEAKER_01 1:02

It's the difference between a bad day and a million-dollar settlement. Train your people. Test your people, then train them again.

SPEAKER_00 1:10

Speaking of people doing things right, our CEO Hoala Greavy was in Fort Lauderdale last night.

SPEAKER_01 1:16

Henderson Behavioral Health's 10th annual VIP dinner.

SPEAKER_00 1:24

Dr. Steve Roenick laid out their four priorities. Patients get better, manage resources like they're your own, be a great place to work, and make sure everyone touched by Henderson has an incredible experience. That's refreshingly human for a healthcare conference. Henderson's been a valued Powbox customer, and it's clear why. They actually care about the basics.

SPEAKER_01 1:49

Which brings us to the opposite end of the spectrum, Medtronic.

SPEAKER_00 1:54

The world's largest medical device manufacturer. They filed an SEC disclosure on April 24 after their listing disappeared from Shiny Hunter's extortion site.

SPEAKER_01 2:04

9 million records, gone. And here's the thing: the listing vanished right before the ransom deadline.

SPEAKER_00 2:11

Which usually means one of two things. Either way, it's a reminder that even the biggest players aren't immune.

SPEAKER_01 2:23

Medical devices are everywhere.

SPEAKER_00 2:32

And it's not just patient data. It's device configurations, supply chain information, intellectual property.

SPEAKER_01 2:40

The takeaway? Size doesn't protect you. Complexity doesn't protect you. Good security hygiene protects you.

SPEAKER_00 2:47

Next up, Sand Hills Medical Foundation in South Carolina.

SPEAKER_01 2:52

Inc. ransom hit them. 169,761 patients affected. The stolen files are already available for download on the dark web.

SPEAKER_00 3:01

Double extortion. They encrypt your data and threaten to leak it.

SPEAKER_01 3:06

It's the ransomware equivalent of nice data you've got there. Shame if something happened to it.

SPEAKER_00 3:11

These are community health centers. They serve vulnerable populations. And now almost 170,000 people are wondering what's out there with their name on it.

SPEAKER_01 3:22

The practical takeaway: assume you're a target, because you are. Backups, segmentation, incident response plans, none of it is optional anymore.

SPEAKER_00 3:32

Let's end on something good. Powbox sponsored Community and Beyond's New York Gathering on May 7th.

SPEAKER_01 3:39

CAB is this amazing network for mental health and allied professionals in private practice.

SPEAKER_00 3:44

Right. If you're at a hospital, you've got peers down the hall. If you're running a small practice, you're often on an island.

SPEAKER_01 3:51

CAB bridges that gap. And PowBox was there helping keep New York's behavioral health community connected.

SPEAKER_00 3:58

It matters. These clinicians are handling some of the most sensitive patient information out there. And they need secure communication just as much as the big systems.

SPEAKER_01 4:08

Maybe more. So what ties all this together? It's not bad luck, it's bad configurations, blind spots, the phishing email that got through, the ransomware that found an open door.

SPEAKER_00 4:20

Most of this is fixable. Not easy, but fixable.

SPEAKER_01 4:24

Train your staff, patch your systems, know where your data lives, and when something does go wrong, because it will, have a plan.

SPEAKER_00 4:32

That's the work. Every week.

SPEAKER_01 4:35

Thanks for listening, everyone. Stay safe out there.

SPEAKER_00 4:38

We'll see you next time.