Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.
Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Paubox Forms now includes a library of pre-built templates
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You're listening to Pow Box Weekly Fully Automated.
SPEAKER_01And I'm Jen. I spend my days thinking about all the ways healthcare data can go sideways.
SPEAKER_00I'm Alex. I'm the one trying to keep it from going sideways in the first place. Alright, we've got a packed week. Let's start with some good news for a change.
SPEAKER_01Wait, good news? In healthcare cybersecurity? I'm suspicious already.
SPEAKER_00Powbox Forms now has a template library. 13 pre-built templates across five categories: intake, consent, clinical, patient experience, operations.
SPEAKER_01So instead of staring at a blank page wondering how to make a HIPAA compliant form, you just pick one, tweak the fields, and publish.
SPEAKER_00Minutes, not hours.
SPEAKER_01That's actually useful. I've seen people spend way too long reinventing the wheel on intake forms.
SPEAKER_00And speaking of making things easier, the email API dashboard now lets you build and manage dynamic templates right in the UI. No code, no file uploads. That was a customer request, right? Yep. People wanted to manage templates without going through the API every time. Now anyone with dashboard access can do it. Small quality of life wins, those add up. There's also a new embedding feature for Powbox forms. Two API endpoints let you pull the form structure, render it in your own site with your own styling, and post submissions back.
SPEAKER_01So the form lives inside your website. Your branding, your experience, PowBox handling the compliance layer.
SPEAKER_00Exactly. Customers wanted that integration. Now they have it.
SPEAKER_01Okay, that's the good news. Now, the other stuff.
SPEAKER_00Yeah. SE Health in Missouri, $2.5 million settlement. Cyberattack detected in April affected 521,000 patients. And eight class action lawsuits. Eight. They're also funding two years of identity protection services, including a million dollar medical identity theft policy.
SPEAKER_01Which sounds generous until you remember, that's the cost of not catching it earlier. The breach is the expensive part. Everything after is damage control.
SPEAKER_00And it's not just ESI. Gandhera Mental Health Center in Massachusetts settled for $900,000. They had 450 gigabytes of data exfiltrated.
SPEAKER_01450 gigs? That's that's not a smash and grab. That's someone living in your network.
SPEAKER_00And Gandera is one of at least six behavioral health providers to settle breach lawsuits in the first half of 2026.
SPEAKER_01Mental health data is some of the most sensitive information out there. The exposure risk isn't just financial, it's deeply personal.
SPEAKER_00Then there's NYC Health and Hospitals. Attackers were inside for nearly three months. And here's the part that keeps me up at night. Biometric data was exposed.
SPEAKER_01Biometrics. You can change a password. You can freeze a credit card. You cannot change your fingerprints.
SPEAKER_00This is their second security incident connected to them this year.
SPEAKER_01The largest public health system in the country.
SPEAKER_00It's a reminder. Your security posture includes everyone you share data with.
SPEAKER_01Vendor risk management isn't optional. It's the perimeter now. So looking at all of this together, what's the thread? It's not bad luck. It's configuration gaps, blind spots, vendors without oversight, systems that weren't monitored closely enough.
SPEAKER_00And most of it, fixable.
SPEAKER_01That's the frustrating part. These aren't exotic zero days. They're the basics. Access controls, monitoring, vendor contracts with teeth.
SPEAKER_00Templates and dashboards won't stop a breach, but they reduce friction on the compliance side, which frees up time for the security side.
SPEAKER_01Every hour you're not rebuilding a form from scratch is an hour you could be reviewing access logs.
SPEAKER_00Or actually reading that vendor security questionnaire. Novel concept. Alright, that's our week. Stay patched, stay skeptical, and we'll see you next time. Take care of yourselves out there.