Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.
Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Conditional logic comes to Paubox Forms
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You're listening to Pow Box Weekly, fully automated.
SPEAKER_00I'm Jen, cybersecurity analyst, and I've been staring at breach reports so long I dream in HIPAA violations.
SPEAKER_01And I'm Alex, healthcare IT guy who keeps hoping one week the news will be boring. This is not that week.
SPEAKER_00No, it is not. Let's start with some actual good news though. PowBox forms just got conditional logic.
SPEAKER_01Finally, show or hide fields based on previous answers. It sounds simple, but it's huge. No more confusing patients with irrelevant questions. The form adapts. And they rebuilt the whole interface. Searchable element library, on-canvas editing, dark mode. Dark mode. My people rejoice. No extra cost if you're already a subscriber. Just there.
SPEAKER_00Alright, now the less fun stuff. Conduit. 62 million people. 62.2 million to be precise.
SPEAKER_01Third largest healthcare breach in US history. Behind change healthcare at 192 million and Anthem at 78 million. So we're keeping a leaderboard now. Great. The scale is just it's hard to wrap your head around.
SPEAKER_00One intrusion. Tens of millions of records. That's the reality healthcare is operating in.
SPEAKER_01Speaking of uncomfortable realities, Amazon SES. Oh, this one's fun. And by fun I mean infuriating. Popbox ran 14 controlled tests. Amazon's documentation says it requires TLS 1.2. Except when it doesn't. Right. If the receiving server doesn't support encryption, SES just sends PHI in plaintext.
SPEAKER_00The documentation says one thing, the headers show another.
SPEAKER_01So if you're a developer trusting that setting.
SPEAKER_00You shouldn't be. Verify. Always verify.
SPEAKER_01This is why we test things.
SPEAKER_00This is why Powbox tested things. Everyone else was just trusting the label on the box.
SPEAKER_01On a lighter note, the June Zoom Social Mixer. June 2026. Time is fake. The conversation got interesting. MCP server support is now a vendor selection criterion. Which tells you where AI tooling is headed. And the group overwhelmingly preferred Claude over ChatGPT. For coding, HIPAA workflows, reasoning tasks.
SPEAKER_00Interesting. The vibe check on AI tools is real now. People have preferences.
SPEAKER_01The takeaway for small IT teams was solid too. Automate the recurring stuff. Invest in user education.
SPEAKER_00And treat your vendors like force multipliers, not just tools you pay for and forget about. Exactly.
SPEAKER_01That feedback loop matters. It shapes the roadmap.
SPEAKER_00Okay, back to breaches.
SPEAKER_01Mount Baker and Northwest Radiologists. Five-day ransomware attack. 362,000 patients exposed. Four class action lawsuits. Settled for 3.3 million, 18 months later.
SPEAKER_00They did the right things after, secured the environment, called law enforcement, brought in experts.
SPEAKER_01But after is the keyword.
SPEAKER_00Always is. The lawsuit math is brutal. Once those class actions pile up, you're paying either way. And then there's Singing River Health System. Anubis.
SPEAKER_01Ransomware as a service gang. They're claiming 293 gigabytes of data, over 1.2 million files.
SPEAKER_00From a December 2025 breach affecting about 54,000 patients.
SPEAKER_01The RAS model is what gets me. It's a franchise now.
SPEAKER_00It's been a franchise. Low barrier to entry, high payout potential.
SPEAKER_01So we're not fighting one group. We're fighting a business model.
SPEAKER_00Exactly. And they're scaling faster than most healthcare orgs can patch. So what's the thread this week? Same thread as always. Bad configurations.
SPEAKER_01Amazon assumes TLS is there. It wasn't.
SPEAKER_00Organizations assume their defenses are enough. They weren't.
SPEAKER_01But here's the thing. Most of this is fixable.
SPEAKER_00That's the frustrating part. And the hopeful part. Conditional logic and forms? Fixable. Email encryption that actually works? Fixable. Patching before Anubis shows up? Fixable.
SPEAKER_01It's not about bad luck. It's about blind spots we can actually address. If we choose to. That's Pow Box Weekly. Thanks for listening.
SPEAKER_00Stay patched, stay skeptical, and verify your TLS settings.
SPEAKER_01See you next week.