Paubox blog: HIPAA compliant email made easy

Paubox customers: Paubox Zoom social mixer (October 2024)

Written by Dean Levitt | October 18, 2024

The Paubox Zoom social mixer for October 2024 was a roundtable discussion between Paubox customers covering topics like employee training, Verizon outages, AI and EHR integrations, and, similar to previous months, how AI can help in email security.

 

What happened

October's social mixer followed our standard format - a candid, unmoderated discussion amongst healthcare IT and cybersecurity professionals.

This month, we covered product ideas, BIMI, DKIM 2048, and DMARC, how to run a phishing campaign, shared blocklists, multi-factor authentication, and how EHRs are beginning to add AI directly into their services.

Related: Understanding BIMI (Brand Indicators for Message Identification)

 

Quote of the day:

  • "Call IT if anything looks suspicious."

 

Our takeaways:

  • Paubox customers want shared blocklists or blocklist templates
  • Employee training is the first line of defense.
    • Send fake phishing emails to train employees to look out for email fraud.
    • Send regular bulletins of current threats
    • One customer has training modules around both email and SMS phishing techniques.
    • Most importantly, employees should be comfortable asking IT when an email looks suspicious.
  • While only one customer was hit by the recent Verizon outages, all had experienced similar issues.
    • When phones are inaccessible, it can block 2FA that relies on SMS.
    • SMS is the least reliable form of MFA.
    • Use password managers with OTPs or email as a backup.
  • Two customers have used StarLink for reliability.
    • Everyone agreed the speeds are impressive, and it's a massive help in rural settings and reservations.
  • A non-PHI use of ChatGPT is to upload an employee handbook and make it easy for employees to ask questions of the AI.
    • Hank.ai was mentioned as a helpful use of AI in healthcare.
  • Customers use AI to review regulations and compliance questions.
  • Will ChatGPT power their new data center with nuclear power?
  • Customers discussed low-tech solutions to hacking and cybersecurity. Sometimes, you just need to turn the servers off.
  • Always change default settings on routers and hardware.
  • Some sources of cybersecurity advice are:

 

The bottom line: Paubox customers use a broad range of tools and strategies to keep their email HIPAA compliant, protect their organizations, and find efficiencies. 

See alsoOur playbook for Zoom social mixers

See also: HIPAA Compliant Email: The Definitive Guide