Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Paubox Forms now includes a library of pre-built templates

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 4:17
In this episode, Alex and Jen discuss new Paubox product updates including a Forms template library and API dashboard improvements, then analyze recent healthcare data breaches affecting Esse Health, Gandara Mental Health Center, and NYC Health + Hospitals. The conversation highlights common security gaps, the growing risk of third-party vendor breaches, and practical steps organizations can take to strengthen their compliance and security posture.
SPEAKER_00

You're listening to Pow Box Weekly Fully Automated.

SPEAKER_01

And I'm Jen. I spend my days thinking about all the ways healthcare data can go sideways.

SPEAKER_00

I'm Alex. I'm the one trying to keep it from going sideways in the first place. Alright, we've got a packed week. Let's start with some good news for a change.

SPEAKER_01

Wait, good news? In healthcare cybersecurity? I'm suspicious already.

SPEAKER_00

Powbox Forms now has a template library. 13 pre-built templates across five categories: intake, consent, clinical, patient experience, operations.

SPEAKER_01

So instead of staring at a blank page wondering how to make a HIPAA compliant form, you just pick one, tweak the fields, and publish.

SPEAKER_00

Minutes, not hours.

SPEAKER_01

That's actually useful. I've seen people spend way too long reinventing the wheel on intake forms.

SPEAKER_00

And speaking of making things easier, the email API dashboard now lets you build and manage dynamic templates right in the UI. No code, no file uploads. That was a customer request, right? Yep. People wanted to manage templates without going through the API every time. Now anyone with dashboard access can do it. Small quality of life wins, those add up. There's also a new embedding feature for Powbox forms. Two API endpoints let you pull the form structure, render it in your own site with your own styling, and post submissions back.

SPEAKER_01

So the form lives inside your website. Your branding, your experience, PowBox handling the compliance layer.

SPEAKER_00

Exactly. Customers wanted that integration. Now they have it.

SPEAKER_01

Okay, that's the good news. Now, the other stuff.

SPEAKER_00

Yeah. SE Health in Missouri, $2.5 million settlement. Cyberattack detected in April affected 521,000 patients. And eight class action lawsuits. Eight. They're also funding two years of identity protection services, including a million dollar medical identity theft policy.

SPEAKER_01

Which sounds generous until you remember, that's the cost of not catching it earlier. The breach is the expensive part. Everything after is damage control.

SPEAKER_00

And it's not just ESI. Gandhera Mental Health Center in Massachusetts settled for $900,000. They had 450 gigabytes of data exfiltrated.

SPEAKER_01

450 gigs? That's that's not a smash and grab. That's someone living in your network.

SPEAKER_00

And Gandera is one of at least six behavioral health providers to settle breach lawsuits in the first half of 2026.

SPEAKER_01

Mental health data is some of the most sensitive information out there. The exposure risk isn't just financial, it's deeply personal.

SPEAKER_00

Then there's NYC Health and Hospitals. Attackers were inside for nearly three months. And here's the part that keeps me up at night. Biometric data was exposed.

SPEAKER_01

Biometrics. You can change a password. You can freeze a credit card. You cannot change your fingerprints.

SPEAKER_00

This is their second security incident connected to them this year.

SPEAKER_01

The largest public health system in the country.

SPEAKER_00

It's a reminder. Your security posture includes everyone you share data with.

SPEAKER_01

Vendor risk management isn't optional. It's the perimeter now. So looking at all of this together, what's the thread? It's not bad luck. It's configuration gaps, blind spots, vendors without oversight, systems that weren't monitored closely enough.

SPEAKER_00

And most of it, fixable.

SPEAKER_01

That's the frustrating part. These aren't exotic zero days. They're the basics. Access controls, monitoring, vendor contracts with teeth.

SPEAKER_00

Templates and dashboards won't stop a breach, but they reduce friction on the compliance side, which frees up time for the security side.

SPEAKER_01

Every hour you're not rebuilding a form from scratch is an hour you could be reviewing access logs.

SPEAKER_00

Or actually reading that vendor security questionnaire. Novel concept. Alright, that's our week. Stay patched, stay skeptical, and we'll see you next time. Take care of yourselves out there.