Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Send HIPAA compliant email from the terminal, or your agent

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 3:52
In this episode, Jen and Alex break down the surge in QR code phishing attacks, the cautionary tale of a ransomware negotiator who defrauded healthcare clients, and practical strategies for reducing security friction. They also cover new tools for HIPAA-compliant email automation and self-service archive exports that streamline compliance workflows.
SPEAKER_00

You're listening to Pow Box Weekly, fully automated.

SPEAKER_01

I'm Jen, cybersecurity analyst, perpetual reader of breach reports.

SPEAKER_00

And I'm Alex, healthcare IT guy who still believes we can fix things. Good week?

SPEAKER_01

Define good. Microsoft just told us they blocked 8.3 billion phishing emails in Q1 alone.

SPEAKER_00

Billion. With a B.

SPEAKER_01

With a B. And here's the kicker. QR code phishing went from 7.6 million attempts in January to 18.7 million by March. That's not a trend. That's a structural shift.

SPEAKER_00

Because QR codes bypass a lot of traditional email filters.

SPEAKER_01

Exactly. The payload isn't in the link text anymore. It's hiding in an image. Your filters see a picture. The user sees, scan this to verify your account.

SPEAKER_00

So the takeaway for our listeners train your people.

SPEAKER_01

QR codes and emails should be treated like suspicious attachments. If you didn't ask for it, don't scan it.

SPEAKER_00

Speaking of trust issues, the ransomware negotiator story. Oh, this one hurts. A negotiator, someone healthcare orgs hired to help them during attacks, was secretly working with the Black Cat gang, maximizing ransoms, taking a cut.

SPEAKER_01

$75 million. That's what they extracted. From their own clients.

SPEAKER_00

It's a brutal reminder. When you're in crisis mode, you're vulnerable. And the people you bring in, you have to vet them. Due diligence doesn't stop when you're panicking, especially then. Alright, let's shift to something more hopeful. Powbox launched a CLI this week.

SPEAKER_01

Command line interface. For sending HIPAA compliant email.

SPEAKER_00

Right from the terminal. Or, and this is the interesting part, from an AI agent.

SPEAKER_01

So any automated workflow that can invoke a shell command can now send secure email. No human in the loop required.

SPEAKER_00

They built it as part of becoming more AI native. It pairs with their MCP server.

SPEAKER_01

Install takes 30 seconds. For the devs listening, this is the kind of tool that just removes friction.

SPEAKER_00

Which actually connects to something else. Powbox hosted a dinner in Nashville last week. Healthcare IT and security leaders. And friction was a big theme.

SPEAKER_01

One quote stuck with me. Some of these security solutions come with the need for a full-time employee just to manage them.

SPEAKER_00

That's the math no one talks about. You can buy the tool, but can you actually run it?

SPEAKER_01

And another one. Email still feels too reactive, too dependent on users making the right decision.

SPEAKER_00

Which is why automation matters. If you're waiting for a human to catch every phishing attempt, you're already behind. The CLI, the archive exports, it's all about reducing that dependency.

SPEAKER_01

Speaking of archive exports, Powbox added self-service mail exports to their archiving feature.

SPEAKER_00

So admins can now search, select, and download archived messages directly from the dashboard.

SPEAKER_01

Compliance reviews, audits, e-discovery, no support ticket, no waiting.

SPEAKER_00

For the compliance officers listening, this is the kind of thing that saves you a Wednesday. Maybe even a Thursday. So let's tie this together. We've got billions of phishing attempts. A negotiator who was supposed to help, but was actually helping himself. And healthcare IT teams stretched so thin that tool usability becomes a deal breaker.

SPEAKER_01

None of this is bad luck. It's bad configurations, blind spots, misplaced trust.

SPEAKER_00

And most of it, fixable.

SPEAKER_01

Vet your benders, train your users, automate where you can, and stop assuming the tools you bought are actually being used.

SPEAKER_00

That's the week. Thanks for listening.

SPEAKER_01

Stay secure out there. Or at least stay patched.

SPEAKER_00

We'll see you next time.