Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.
Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Brockton Hospital hit by cyberattack, incident disrupts patient care
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You're listening to Pow Box Weekly, fully automated.
SPEAKER_00Another week, another hospital diverting ambulances. You love to see it.
SPEAKER_01I do not love to see it. Brockton got hit hard. We're talking ambulance diversions, chemo treatments canceled, pharmacies unable to dispense meds. The trifecta of terrible. Surgeries continued, but with delays. Which, I mean, at least they kept going.
SPEAKER_00Silver linings in healthcare IT are really something. Good news, we only sort of couldn't do surgery.
SPEAKER_01The takeaway here is the same one we keep coming back to. Incident response planning. Downtime procedures. If your backup plan is hope it doesn't happen, you don't have a backup plan.
SPEAKER_00Speaking of attackers getting creative, there's a new phishing kit making the rounds. Evil tokens. Sold on Telegram like it's a side hustle.
SPEAKER_01And this one's nasty because it doesn't need your password.
SPEAKER_00Nope. It hijacks the device code flow in Microsoft 365. Attacker starts a legit auth request, tricks you into entering the code on the real Microsoft login page. And now they have your access tokens. Persistent access. No password stolen. MFA bypassed entirely.
SPEAKER_01So what's the defense?
SPEAKER_00Conditional access policies. Disable device code flow if you don't need it. And train your users. If someone asks you to enter a code you didn't request, that's a red flag the size of Texas.
SPEAKER_01On a lighter note, our April Zoom Social Mixer had some great conversations.
SPEAKER_00Remedium Security made a solid case for monthly pen testing cycles. Not annual, monthly.
SPEAKER_01Which sounds aggressive until you remember how fast threat landscapes change.
SPEAKER_00Also, security awareness training. The consensus was it lands better when you make it personal. Show people how they could get scammed, not just here's a policy document.
SPEAKER_01And we heard some good feedback on PowBox forms for secure document submission. Plus, those sender tags helping users spot pre-vetted emails.
SPEAKER_00Little things that add up to fewer, did I just click something bad moments?
SPEAKER_01AI adoption came up too. It's accelerating across healthcare orgs.
SPEAKER_00Which is great until someone feeds PHI into Chat GPT.
SPEAKER_01Hence the conversations about guardrails. Always guardrails. Alright. Stockton Cardiology disclosed a ransomware breach. This one traces back to December 2025. Phishing emails to employees, which were then deleted. Deleted, but not before Genesis claimed responsibility.
SPEAKER_00Here's the thing: deleting the phishing email doesn't undo the damage. If someone clicked, the attackers are already in. Takeaway? Log everything, investigate before you delete, and assume the worst until you can prove otherwise.
SPEAKER_01Rocky Mountain Care, skilled nursing and home health in Utah, also confirmed a ransomware attack. Keelin posted them to their leak site in February.
SPEAKER_00Ransom demand, threats to publish, the usual playbook.
SPEAKER_01They're still reviewing what data was affected.
SPEAKER_00Which means patients are in limbo. That's the part that gets me. The human cost of we're still figuring it out.
SPEAKER_01And then there's Chipsoft, Dutch healthcare software company.
SPEAKER_00This one's supply chain. They got hit, and at least 11 hospitals had to shut down their Chipsoft systems as a precaution.
SPEAKER_01Most kept functioning, but still.
SPEAKER_00One vendor goes down, and suddenly a dozen facilities are scrambling. That's the risk nobody budgets for until it's too late.
SPEAKER_01Third-party risk assessments aren't optional anymore.
SPEAKER_00They never were. People just treated them that way.
SPEAKER_01So, big picture. What ties all this together?
SPEAKER_00It's not bad luck. It's bad configurations, blind spots, device code flows nobody turned off, phishing emails that got deleted instead of investigated, vendors that weren't stress tested.
SPEAKER_01And most of it?
SPEAKER_00Not easy, but fixable. Conditional access, better logging, incident response plans that actually get practiced.
SPEAKER_01The boring stuff that saves you at 2 a.m. Exactly. That's our show. Stay safe out there.
SPEAKER_00And maybe check your Microsoft 365 auth settings this week. Couldn't hurt. See you next time.