Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.
Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Paubox CLI adds forms support: HIPAA compliant email and data collection in one tool
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You're listening to Powbox Weekly fully automated.
SPEAKER_01I'm Jen, cybersecurity analyst, professional pessimist, occasional bearer of good news.
SPEAKER_00And I'm Alex, healthcare IT guy who reads breach reports, so you don't have to. Well, you still have to. But at least we can talk about it.
SPEAKER_01Let's start with something that isn't a disaster for once. Powbox CLI now supports forms.
SPEAKER_00This is actually huge for workflow automation. So you've got Powbox Forms, already HIPAA compliant, already encrypted. But submitting through a browser, that doesn't play nice with automated systems.
SPEAKER_01Right. Now developers can retrieve form metadata, submit responses, verify delivery, all from the command line.
SPEAKER_00Email and forms in one workflow. If you're building intake processes, patient communications, anything that touches PHI and needs to scale, this is the tool.
SPEAKER_01Alright, now the part where I ruin the mood. There it is. Lockbit 5.0 hit a pediatric clinic in Washington, Mount Spokane Pediatrics. Over 32,000 patients affected.
SPEAKER_00Pediatric data? That's that's the worst kind.
SPEAKER_01It really is. Kids' records are valuable because they're clean. No credit history to flag fraud. And Lockbits threatening to publish in 20 days if demands aren't met.
SPEAKER_00So what's the takeaway here? Besides the obvious ransomware is everywhere.
SPEAKER_01It's small clinics. They don't have enterprise security budgets, but they hold the same sensitive data as large health systems. The gap between risk and resources, that's where attackers live.
SPEAKER_00And speaking of things that can take down a healthcare system, CISA flagged a vulnerability in medical imaging software.
SPEAKER_01Yeah, this one's nasty. A flaw in a widely used DICOM component. Attackers can craft a malicious image file that crashes the server.
SPEAKER_00So someone opens what looks like a normal scan and boom, imaging goes down.
SPEAKER_01Exactly. And imaging isn't optional. You can't diagnose, you can't treat, you can't discharge. Everything backs up.
SPEAKER_00Patch it. Segment your imaging systems. Don't assume the pack server is safe just because it's internal.
SPEAKER_01If it touches patient data and connects to a network, it's a target.
SPEAKER_00Now here's one that made me physically sigh. Cali365. Phishing as a service, because of course that's a thing. The FBI's warning about this platform. It targets Microsoft 365. And here's the twist: it doesn't just steal your password and MFA code.
SPEAKER_01It generates an authentication code that the victim copies and pastes themselves. They're essentially handing over their own access token.
SPEAKER_00And once an attacker has that token, they're in. MFA didn't help because the user bypassed it for them. The kicker? These access tokens can be shared, sold, passed around like trading cards. So training matters. If your staff sees a prompt asking them to paste a code somewhere unexpected, red flag. Big red flag.
SPEAKER_01On fire.
SPEAKER_00Alright, let's end on something genuinely good. The Powbox Kahikina Scholarship just hit a major milestone.
SPEAKER_01This one's close to home. The scholarship supports Native Hawaiians pursuing STEM and tech careers. Started in 2019 with one recipient.
SPEAKER_00Nick Wong, first recipient, now a college graduate.
SPEAKER_01And as of this year, 62 recipients. Over $163,000 awarded, 14 graduates so far.
SPEAKER_00And PALBox is pushing for 620 recipients. It's a 501c3, so donations are tax deductible.
SPEAKER_01This is the kind of long-term investment that actually changes the talent pipeline. More diverse voices in tech, in security, in healthcare IT.
SPEAKER_00If you're looking for something meaningful to support, links in the newsletter.
SPEAKER_01Alright, let's tie this together. Pediatric clinic breach, imaging vulnerabilities, fishing kits that outsmart MFA.
SPEAKER_00None of this is random bad luck. It's misconfigurations, blind spots, underinvestment in the basics. And most of it, fixable.
SPEAKER_01Patch your systems, train your people, automate securely.
SPEAKER_00That's the theme. Not everything's broken. It's we know how to fix this. So let's do it.
SPEAKER_01Thanks for listening, everyone. Stay safe out there.
SPEAKER_00See you next week.