Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Paubox CLI adds forms support: HIPAA compliant email and data collection in one tool

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 4:29
This episode covers the new Paubox CLI support for Forms, the LockBit 5.0 ransomware attack on Mt. Spokane Pediatrics affecting over 32,000 patients, a CISA-flagged vulnerability in medical imaging software, and the FBI warning about the Kali365 phishing-as-a-service platform targeting Microsoft 365 credentials. The hosts discuss the security gaps facing small clinics and emphasize actionable steps including patching systems, network segmentation, and staff training to address these evolving threats.
SPEAKER_00

You're listening to Powbox Weekly fully automated.

SPEAKER_01

I'm Jen, cybersecurity analyst, professional pessimist, occasional bearer of good news.

SPEAKER_00

And I'm Alex, healthcare IT guy who reads breach reports, so you don't have to. Well, you still have to. But at least we can talk about it.

SPEAKER_01

Let's start with something that isn't a disaster for once. Powbox CLI now supports forms.

SPEAKER_00

This is actually huge for workflow automation. So you've got Powbox Forms, already HIPAA compliant, already encrypted. But submitting through a browser, that doesn't play nice with automated systems.

SPEAKER_01

Right. Now developers can retrieve form metadata, submit responses, verify delivery, all from the command line.

SPEAKER_00

Email and forms in one workflow. If you're building intake processes, patient communications, anything that touches PHI and needs to scale, this is the tool.

SPEAKER_01

Alright, now the part where I ruin the mood. There it is. Lockbit 5.0 hit a pediatric clinic in Washington, Mount Spokane Pediatrics. Over 32,000 patients affected.

SPEAKER_00

Pediatric data? That's that's the worst kind.

SPEAKER_01

It really is. Kids' records are valuable because they're clean. No credit history to flag fraud. And Lockbits threatening to publish in 20 days if demands aren't met.

SPEAKER_00

So what's the takeaway here? Besides the obvious ransomware is everywhere.

SPEAKER_01

It's small clinics. They don't have enterprise security budgets, but they hold the same sensitive data as large health systems. The gap between risk and resources, that's where attackers live.

SPEAKER_00

And speaking of things that can take down a healthcare system, CISA flagged a vulnerability in medical imaging software.

SPEAKER_01

Yeah, this one's nasty. A flaw in a widely used DICOM component. Attackers can craft a malicious image file that crashes the server.

SPEAKER_00

So someone opens what looks like a normal scan and boom, imaging goes down.

SPEAKER_01

Exactly. And imaging isn't optional. You can't diagnose, you can't treat, you can't discharge. Everything backs up.

SPEAKER_00

Patch it. Segment your imaging systems. Don't assume the pack server is safe just because it's internal.

SPEAKER_01

If it touches patient data and connects to a network, it's a target.

SPEAKER_00

Now here's one that made me physically sigh. Cali365. Phishing as a service, because of course that's a thing. The FBI's warning about this platform. It targets Microsoft 365. And here's the twist: it doesn't just steal your password and MFA code.

SPEAKER_01

It generates an authentication code that the victim copies and pastes themselves. They're essentially handing over their own access token.

SPEAKER_00

And once an attacker has that token, they're in. MFA didn't help because the user bypassed it for them. The kicker? These access tokens can be shared, sold, passed around like trading cards. So training matters. If your staff sees a prompt asking them to paste a code somewhere unexpected, red flag. Big red flag.

SPEAKER_01

On fire.

SPEAKER_00

Alright, let's end on something genuinely good. The Powbox Kahikina Scholarship just hit a major milestone.

SPEAKER_01

This one's close to home. The scholarship supports Native Hawaiians pursuing STEM and tech careers. Started in 2019 with one recipient.

SPEAKER_00

Nick Wong, first recipient, now a college graduate.

SPEAKER_01

And as of this year, 62 recipients. Over $163,000 awarded, 14 graduates so far.

SPEAKER_00

And PALBox is pushing for 620 recipients. It's a 501c3, so donations are tax deductible.

SPEAKER_01

This is the kind of long-term investment that actually changes the talent pipeline. More diverse voices in tech, in security, in healthcare IT.

SPEAKER_00

If you're looking for something meaningful to support, links in the newsletter.

SPEAKER_01

Alright, let's tie this together. Pediatric clinic breach, imaging vulnerabilities, fishing kits that outsmart MFA.

SPEAKER_00

None of this is random bad luck. It's misconfigurations, blind spots, underinvestment in the basics. And most of it, fixable.

SPEAKER_01

Patch your systems, train your people, automate securely.

SPEAKER_00

That's the theme. Not everything's broken. It's we know how to fix this. So let's do it.

SPEAKER_01

Thanks for listening, everyone. Stay safe out there.

SPEAKER_00

See you next week.