500 Episodes Later – The Threats Are Worse But So Are Our Jokes – Ep 500 

500 episodes. A whole decade. Countless cybersecurity threats (and just as many dad jokes). Somehow, we’re still talking about the same cybersecurity nightmares—only now with fancier threats and AI-powered scams. In this milestone episode of Help Me With HIPAA, we take a trip down memory lane—reminiscing about our early struggles, the evolution of security risks, and why some lessons seem to need repeating… forever. Spoiler alert: bad guys are still bad, security is still hard, and if you’ve been with us since episode one, you’re officially a HMWH OG. If you’re new here, welcome—just know that staying out of breaches is a marathon, not a sprint.

In this episode:

500 Episodes Later – The Threats Are Worse, But So Are Our Jokes – Ep 500

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

500 Episodes Later – The Threats Are Worse, But So Are Our Jokes

1. Intro – 10 Years, 500 Episodes, and Things Are Worse?

• Quick nostalgia—how we started this podcast thinking we could help people.
• 10 years later… Cybercriminals are thriving, and we’re just here cracking jokes to stay sane.
• But seriously, why are we still talking about the same problems?

2. This Report Proves We Weren’t Just Rambling for a Decade

Chris Bowen, founder and CEO of ClearData shared a report they did with HSCC members for their thoughts. Healthcare Data Breach Trends and Cyber Threats for 2025 and Beyond

In his email he pointed out what he thought were a few critical takeaways:

• Threat origins are shifting: While 53% of threats still originate in North America, this is down from 63% in 2023. Meanwhile, India (+5% YoY) and China (+4.5% YoY) are seeing notable increases.
• Attackers are adapting: Threat actors from traditionally blacklisted regions (e.g., Russia) are now routing attacks through non-blacklisted countries like Germany and Poland to evade detection.
• AI-driven phishing is accelerating: Even highly trained employees are falling victim to increasingly sophisticated AI-powered phishing campaigns.
• Threat origins are shifting → We’ve been warning about international threats forever. Now, China & India are up, and Russian attackers are hiding behind Germany & Poland to dodge detection.
• Attackers are adapting faster than defenses → Organizations still struggle with basics, while criminals are out here running black market innovation labs.
• AI-powered phishing is next level → Even trained employees are getting fooled. We barely survived the “don’t click links” era, and now we have deepfake voices asking for wire transfers!

Also very recent news that our Cybercom and CISA missions against Russia have been limited to defensive only no longer offensive efforts that track what they are doing. Still early and this may change but for now most opinions expressed by anyone with cybersecurity expertise think this is a very bad idea.

3. The Early Episodes Showed the Warning Signs (And Here We Are)

• Ep 2: Business Associates → Still the weakest link. Vendor risk is worse than ever.
  • From the report’s forecasts for 2025: Third party vendors and open-source software (OSS) maintainers will be increasingly targeted in 2025 as threat actors seek to inject malicious code upstream of their target’s defenses or exploit utilities with significant healthcare organization adoption, utilizing flaws that can potentially evade detection by traditional security programs.
• Ep 3: Encryption → 10 years later, we still find unencrypted backups and laptops.
  • We still had over 40K individuals in over 500 breaches due to Improper Disposal, Loss and Theft in 2024
• Ep 4: How Do You Eat An Elephant? → We know this is hard! We said it then but it will not get easier. I do know that often if you feel the elephant is stomping you and you can get a bite out of it but we can’t just give up.
• Ep 12: Breach Response Plans → Change Healthcare was a $2.87 billion mess and the effects are probably still lingering.
  • Any lessons learned? Doubt it for many, but hopefully someone somewhere has made significant changes.
• Ep 18: Email Isn’t Secure → Phishing is 40% of breaches, and now AI makes it worse.
  • In 2024 over 500 breaches Email was specifically named as the location of the breach in over 120 of the 556 reported breaches.

A few other titles in the first 20 episodes titles:

• Ep 11: Ponemon Study 2014 on Healthcare Breaches
• Ep 13: What is a HIPAA Risk Analysis
• Ep 14: HIPAA Log Audits with AMS Spher
• Ep 15: It’s not just about HIPAA anymore
• Ep 16: Seven Steps for Nurturing a Culture of Compliance
• Ep 17: Compliance Management with ComplyAssistant
• Ep 19: I am vulnerable, too said your smartphone
• Ep 20: It’s The People, People

4. So… Do We Just Stop Talking About This?

• Maybe we should start a gardening podcast instead? At least plants try to grow when given resources.
• But security efforts actually do work—ClearDATA saw a 76% reduction in attack surfaces in 2024.
• The problem: Too many orgs still use “we don’t have the budget” or resources or time as an excuse… while paying the ransom instead because they think insurance will just keep writing a check.
  • Wait until they find out that 2 things happen – you are more likely to be attacked AND your coverage may be denied or at least rates go up exponentially.

5. Wrap-Up – Thank You for 500 Episodes!

• Shout-out to listeners who have stuck with us through all the madness.
• Invite longtime listeners to share their favorite episodes or moments.
• End on some of our saying or moments
  • Stay out of my breaches
  • Knock me down and steal my teeth
  • Toilet Man – can’t leave out Bo!
  • The originals – My windows and doors are open, britches are down come on in
  • – Donna had a pet pterodactyl
  • Strawberry and nanners are a real thing
  • WRONG!

6. Predictions – What Will We Be Laughing (or Crying) About in 10 ?? More Years?

• AI will make security both better and worse → Will organizations actually invest in AI-driven defense? Or will they keep pretending it’s a fad? Or will they keep letting their teams use it with no governance or oversight?
• Regulations will keep coming → But will they actually have teeth? Or will they just add more checkboxes?
• Will we still be explaining email security in 2035? (Probably. Even if we aren’t doing this podcast any longer,)

After 500 episodes and a whole decade of cybersecurity chaos, one thing is clear—this battle isn’t getting any easier, but giving up isn’t an option. Whether it’s AI-powered scams, phishing emails that fool even the pros, or the ever-persistent “we have insurance for that” crowd, the threats keep evolving. And yet, the fundamentals remain the same: be prepared, be proactive, and please, for the love of HIPAA, stop clicking on sketchy links. So here’s to the next 500 episodes (or at least until AI takes over and starts hosting this podcast for us). Stay secure, stay skeptical, and as always—stay out of our breaches!

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.