Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Conditional logic comes to Paubox Forms 

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 4:28
In this episode, we discuss Paubox Forms' new conditional logic feature, the Conduent breach affecting 62 million people, and critical findings from controlled tests revealing Amazon SES may transmit PHI in plaintext despite documentation claims. We also cover recent ransomware incidents at Mt. Baker, Northwest Radiologists, and Singing River Health System, along with key takeaways from the June Zoom social mixer on AI tooling and vendor management strategies for small IT teams.
SPEAKER_01

You're listening to Pow Box Weekly, fully automated.

SPEAKER_00

I'm Jen, cybersecurity analyst, and I've been staring at breach reports so long I dream in HIPAA violations.

SPEAKER_01

And I'm Alex, healthcare IT guy who keeps hoping one week the news will be boring. This is not that week.

SPEAKER_00

No, it is not. Let's start with some actual good news though. PowBox forms just got conditional logic.

SPEAKER_01

Finally, show or hide fields based on previous answers. It sounds simple, but it's huge. No more confusing patients with irrelevant questions. The form adapts. And they rebuilt the whole interface. Searchable element library, on-canvas editing, dark mode. Dark mode. My people rejoice. No extra cost if you're already a subscriber. Just there.

SPEAKER_00

Alright, now the less fun stuff. Conduit. 62 million people. 62.2 million to be precise.

SPEAKER_01

Third largest healthcare breach in US history. Behind change healthcare at 192 million and Anthem at 78 million. So we're keeping a leaderboard now. Great. The scale is just it's hard to wrap your head around.

SPEAKER_00

One intrusion. Tens of millions of records. That's the reality healthcare is operating in.

SPEAKER_01

Speaking of uncomfortable realities, Amazon SES. Oh, this one's fun. And by fun I mean infuriating. Popbox ran 14 controlled tests. Amazon's documentation says it requires TLS 1.2. Except when it doesn't. Right. If the receiving server doesn't support encryption, SES just sends PHI in plaintext.

SPEAKER_00

The documentation says one thing, the headers show another.

SPEAKER_01

So if you're a developer trusting that setting.

SPEAKER_00

You shouldn't be. Verify. Always verify.

SPEAKER_01

This is why we test things.

SPEAKER_00

This is why Powbox tested things. Everyone else was just trusting the label on the box.

SPEAKER_01

On a lighter note, the June Zoom Social Mixer. June 2026. Time is fake. The conversation got interesting. MCP server support is now a vendor selection criterion. Which tells you where AI tooling is headed. And the group overwhelmingly preferred Claude over ChatGPT. For coding, HIPAA workflows, reasoning tasks.

SPEAKER_00

Interesting. The vibe check on AI tools is real now. People have preferences.

SPEAKER_01

The takeaway for small IT teams was solid too. Automate the recurring stuff. Invest in user education.

SPEAKER_00

And treat your vendors like force multipliers, not just tools you pay for and forget about. Exactly.

SPEAKER_01

That feedback loop matters. It shapes the roadmap.

SPEAKER_00

Okay, back to breaches.

SPEAKER_01

Mount Baker and Northwest Radiologists. Five-day ransomware attack. 362,000 patients exposed. Four class action lawsuits. Settled for 3.3 million, 18 months later.

SPEAKER_00

They did the right things after, secured the environment, called law enforcement, brought in experts.

SPEAKER_01

But after is the keyword.

SPEAKER_00

Always is. The lawsuit math is brutal. Once those class actions pile up, you're paying either way. And then there's Singing River Health System. Anubis.

SPEAKER_01

Ransomware as a service gang. They're claiming 293 gigabytes of data, over 1.2 million files.

SPEAKER_00

From a December 2025 breach affecting about 54,000 patients.

SPEAKER_01

The RAS model is what gets me. It's a franchise now.

SPEAKER_00

It's been a franchise. Low barrier to entry, high payout potential.

SPEAKER_01

So we're not fighting one group. We're fighting a business model.

SPEAKER_00

Exactly. And they're scaling faster than most healthcare orgs can patch. So what's the thread this week? Same thread as always. Bad configurations.

SPEAKER_01

Amazon assumes TLS is there. It wasn't.

SPEAKER_00

Organizations assume their defenses are enough. They weren't.

SPEAKER_01

But here's the thing. Most of this is fixable.

SPEAKER_00

That's the frustrating part. And the hopeful part. Conditional logic and forms? Fixable. Email encryption that actually works? Fixable. Patching before Anubis shows up? Fixable.

SPEAKER_01

It's not about bad luck. It's about blind spots we can actually address. If we choose to. That's Pow Box Weekly. Thanks for listening.

SPEAKER_00

Stay patched, stay skeptical, and verify your TLS settings.

SPEAKER_01

See you next week.