Help Me With Hipaa

Are healthcare organizations overcomplicating cybersecurity and missing the basics? In this episode, Donna and David break down the newest Verizon Data Breach Investigations Report and what it really means for hospitals, clinics, and business associates. Despite all the AI headlines and talk about new threats, most breaches still come down to old-school problems—missed patches, credential abuse, and human mistakes. The fundamentals aren't glamorous, but they're what keep your data safe. If you've ever wondered whether all the new risks really change the game for HIPAA compliance, this episode will help you cut through the noise and focus on what actually matters. More info at HelpMeWithHIPAA.com/563

How much should we really trust the systems and people we rely on every day? This week, we're looking at how trust itself can open the door to risk – whether it's attackers using AI to speed up finding software flaws, insider threats turning frustration into vulnerability, or the limits of encryption we thought was unbreakable. As healthcare organizations try to keep up, these aren't just tech problems – they're operational headaches and policy questions that hit close to home. And yes, the pace of change is only picking up. More info at HelpMeWithHIPAA.com/562

AI is showing up everywhere these days like ketchup at a backyard cookout — apparently it belongs on absolutely everything. But as this episode points out, tossing AI into healthcare operations without governance is basically just upgrading your chaos to premium speed. Using insights from a massive global digital health study, the conversation explores why leadership, oversight, and workforce engagement still matter far more than simply throwing AI, cloud apps, and a little "digital transformation seasoning" on every problem. From forgotten integrations and mystery AI tools to the hard truth that automating a bad process just gives you faster bad results, this episode delivers equal parts practical strategy, healthcare reality checks, and painfully accurate tech humor. More info at HelpMeWithHIPAA.com/561

Cybercrime has officially entered its "hold my beer" era. In this episode, we break down the FBI's annual Internet Crime Complaint Center report and the numbers are equal parts fascinating and horrifying. We're talking over $20 billion in reported losses, exploding ransomware attacks, AI-powered scams, fake charities, romance cons, business email compromises, and criminals who apparently work harder than some middle managers. It's a practical, eye-opening look at how modern scams actually work — and why staying skeptical online may now qualify as a survival skill. More info at HelpMeWithHIPAA.com/560

If you've ever wondered what happens when ransomware, bad decisions, cyber insurance confusion, and TikTok tech advice all collide in one spectacular dumpster fire… this episode is for you. The conversation dives into four fresh OCR enforcement actions that all share one painfully common theme: nobody did a proper risk analysis until after everything caught on fire. Add in cybersecurity "professionals" secretly helping ransomware gangs and business owners trying to replace enterprise security tools with AI-generated software from TikTok, and you've got an episode that somehow manages to be both educational and deeply concerning. More info at HelpMeWithHIPAA.com/559

AI isn't coming – it's already here, quietly working behind the scenes, updating itself, and occasionally making decisions you didn't realize you outsourced. In this episode, we unpack the chaos (yes, chaos) of modern AI adoption, especially when it sneaks in through third-party vendors and tools you already use every day. Think less "cool futuristic tech" and more "did we just pour gasoline on our existing risks?" If you've ever wondered whether you're actually using AI… spoiler alert: you are. More info at HelpMeWithHIPAA.com/558

Ever leave a conference with a notebook full of "wait…we should probably be doing that" moments? That's exactly the energy here. In this episode, we unpack key takeaways fresh from the HIPAA Summit - what stood out, what raised eyebrows, and what might quietly keep compliance folks up at night. Then we pivot into a timely breakdown of the latest OCR webinar on Risk Management Plans, connecting the dots between what's being said on stage and what's expected in practice. Think of it as part field report, part reality check. More info at HelpMeWithHIPAA.com/557

If you thought healthcare had enough to juggle already, think again. This episode dives headfirst into the latest "Top 10 Patient Safety Concerns," and spoiler alert—AI is sitting right at the top like it owns the place. From the growing pains of AI-assisted diagnosis to the not-so-small issue of whether anyone is double-checking the robots, things get interesting fast. Toss in cybersecurity risks, workforce shortages, and a system stretched thinner than your patience on hold with tech support, and you've got a conversation that's equal parts eye-opening and "wait… are we okay?" More info at HelpMeWithHIPAA.com/556

Let's be honest – most of us treat our home router like a mysterious appliance that just… works. Plug it in, forget about it, and hope the internet gods stay happy. But what if that "set it and forget it" mindset is exactly the problem? With outdated firmware, questionable manufacturing origins, and zero attention for years, your router could be the weakest link in your entire digital life. And yes, that includes your work-from-home setup, your smart devices, and pretty much everything else connected to it. More info at HelpMeWithHIPAA.com/555

Sometimes the biggest threat to your data isn't the hackers, it's what happens after the hackers leave. In this episode, we dive into a jaw-dropping case where 15 million patient records were exposed… and then quietly swept under the rug like a mess nobody wanted to deal with. Spoiler alert: ignoring a breach doesn't make it disappear, it just makes the consequences louder later. If you've ever wondered how bad things can get when vendors drop the ball, this one's a wild ride. More info at HelpMeWithHIPAA.com/554

Imagine logging in one morning and - poof - everything's gone. Not locked, not held hostage… just gone. That's the kind of cyberattack making waves right now, and it's not your typical "pay me in Bitcoin" situation. In this episode, we unpack the Stryker cyberattack,  a real-world incident that shows how attackers are shifting from making money to making a mess, and why that should have everyone in healthcare (and beyond) just a little more on edge.  More info at HelpMeWithHIPAA.com/553

Cybersecurity awareness is at an all-time high… so why are we still clicking the same sketchy links like it's a hobby? In this episode, we dig into the uncomfortable truth: people know what to do, they just don't do it. Between overwhelming workloads, nonstop digital noise, and a growing sense that "it's inevitable anyway," security has turned into that thing we all agree is important—right before we ignore it to get our jobs done faster. More info at HelpMeWithHIPAA.com/552

If you think a risk analysis is just another box to check on the HIPAA compliance to-do list, this episode might feel a bit like a reality check… with receipts. Using a real OCR settlement involving a phishing attack and nearly 2,000 patients' data, this discussion digs into what regulators actually expect when they say "risk analysis." Spoiler alert: it's a lot more than running a quick scan and calling it a day. More info at HelpMeWithHIPAA.com/551

Governance, Risk, and Compliance. Sounds official. Sounds structured. Sounds like you've got everything under control. But what if you've really just got the "R" and the "C" duct-taped together while governance is off somewhere on vacation? This episode breaks down why governance isn't just policies, committees, or fancy tools—it's the backbone that makes risk management and compliance actually work. If you've ever said, "We're doing security," but can't quite prove who decided what, who owns it, or whether it actually got done… this one's for you. More info at HelpMeWithHIPAA.com/550

At first glance, these sources don't seem related. But when you connect them, they reveal a pattern we can't afford to ignore — and it's more unsettling than most of us would like to admit. It's time for an honest, slightly uncomfortable conversation about where we are — and maybe to sit down and remember what mom and dad always said about choices and consequences… even if we really didn't want to hear it. More info at HelpMeWithHIPAA.com/549

Cybersecurity advice is everywhere — frameworks, standards, best practices, expert opinions — enough PDFs to last you the rest of the year. But for small and mid-sized businesses, the real question isn't "What guidance exists?" It's "What should we actually do that lowers our chances of having a really bad cyber day?" If you've ever looked at a massive cybersecurity framework and thought, "This feels like studying for a final exam I didn't sign up for," you're not alone. That's where CISA's updated Cybersecurity Performance Goals (Version 2.0) come in. Designed to be practical, prioritized, and actually usable, this streamlined approach may be the clearest cybersecurity foundation SMBs have seen yet. In this episode, we break down what changed, why it matters, and how to use it. More info at HelpMeWithHIPAA.com/548

What happens when the company responsible for protecting everyone else becomes the one that gets hacked? Spoiler alert: it's not just their problem. This episode dives into the uncomfortable reality that when an IT provider gets hit, the ripple effects can slam into hundreds, or even thousands, of businesses at once. From ransomware evolution to insider threats to the ever-growing AI wildcard, this conversation pulls back the curtain on why cybersecurity isn't just an IT issue… it's everyone's issue. More info at HelpMeWithHIPAA.com/547

Some things in life have a finish line. Cybersecurity is not one of them. There's no victory lap, no tape to break, and definitely no moment where you can say, "Cool, we're done here." This episode dives into why cybersecurity is a never-ending process, what regulators are really telling organizations through their guidance, and how the most common security failures still come down to the basics—patching, cleaning up old systems, and actually paying attention. If you've ever hoped you could "set it and forget it" with security, this conversation explains why that mindset is exactly what gets people into trouble.  More info at HelpMeWithHIPAA.com/546

AI: the gift that keeps on glitching. While most folks are still marveling at how AI can write emails and fold laundry (okay, not quite yet), this episode pulls back the curtain on what happens when artificial intelligence stops being polite and starts getting dangerous. We're talking zombie agents, security holes big enough to drive a HIPAA violation through, and automated tools that might just be a little too eager to help. It's informative, a little terrifying, and more than a few chuckles along the way. More info at HelpMeWithHIPAA.com/545

You'd think the folks steering the cybersecurity ship would be the last ones to punch holes in the hull—but nope, even the pros trip over their own policies. In this episode, we dive headfirst into a cautionary tale where a CISO (yes, the security guy) admits to becoming the insider threat he warns others about. From skipping his own software vetting procedures to triggering network alarms like it's the 4th of July, this story is equal parts cringe and crucial. Strap in as we explore how even the most iron-clad experts are still deliciously human. More info at HelpMeWithHIPAA.com/544