2 Minute Drill: Cybercriminals Weaponize AI: Self-Modifying Malware with Drex DeFord

Drex DeFord explores what he calls the "trust recession"—a era where deepfakes, AI-generated content, and sophisticated social engineering have made it nearly impossible to distinguish real from fake. From synthetic customer service agents to North Korean operatives using AI to pass job interviews at US health systems, the threat landscape has fundamentally shifted. DeFord shares practical strategies for healthcare professionals to protect themselves during the holiday season when cyber criminals are most active, including how to validate information, verify identities, and trust your instincts when something feels off.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer 

December 3, 2025: When Will Houston, Network Security Manager at MDI Hospital, received security alerts at 5 AM on a holiday, he faced every healthcare leader's nightmare. But this story gets personal: among the 32,000 breach notifications he later sent were letters to his wife and two children. Join as Will sits down with Fortified Health Security’s Spencer Bales, VP of Product, and Preston Duren, VP of Threat Services,  to explore how a small hospital in Bar Harbor, Maine, shut down 170 compromised accounts before breakfast, managed a crisis spanning weeks, and learned why healthcare-focused cybersecurity partnerships aren't just about technology—they're about protecting real people in your community.Key Points:04:45 Will’s Cyber Journey and the terrible summer13:24 Fortified's Central Command Platform16:20 The SOS Button and Work-Life Balance20:36 Incident Response and Escalation IQ28:51 Healthcare Focus and Mission32:40 Advice for Small TeamsX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

December 1, 2025: As AI tools rapidly transform healthcare IT workflows, leaders face an unexpected challenge: what happens when your team becomes dramatically more productive? Bill Russell, Drex DeFord, and Sarah Richardson explore the productivity paradox hitting healthcare organizations—when AI enables staff to accomplish in hours what once took weeks, do you need fewer people or different approaches? From closing open positions to managing "cozy" employees who've mastered automation, they debate real strategies for navigating this shift. Whether you're a process-driven leader or innovation-focused builder, this discussion reveals how AI is forcing healthcare IT to rethink staffing, workflow waste, and organizational culture before it's too late.Key Points:02:56 AI in the Workplace: Efficiency and Challenges17:15 Leadership Styles and AI Integration20:33 Approaching the AI Wave26:23 Balancing Leadership Styles32:11 End-of-Year Reflections and PredictionsX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Drex examines the growing insider threat landscape in healthcare cybersecurity. The episode covers CrowdStrike's recent insider incident where screenshots were leaked to cybercriminals, new research showing 93% of organizations struggle to detect insider threats, and the Geisinger Health/Nuance $5 million settlement over improper data access. Drex also reveals how ransomware groups like Medusa are directly recruiting healthcare employees with financial incentives, highlighting that insider threats aren't just malicious employees—they're also your people being actively targeted through phishing and recruitment offers.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer 

November 25, 2025: What if cybersecurity awareness training could be fun, like mixing bratwurst and flu shots? Shawna Hofer, CISO at St. Luke's Health System, shares how her team transformed security culture by meeting staff where they are—literally. From creating engaging one-minute videos featuring everyday healthcare workers to establishing a groundbreaking IT and cyber resiliency team that breaks down traditional silos, Shawna reveals why the best healthcare CISOs are expert translators and relationship builders. She also tackles the tough questions around AI governance, operational resilience in the wake of major industry incidents, and why cyber preparedness must extend beyond hospital walls to protect entire communities. Discover how collaboration and creativity are reshaping healthcare cybersecurity from the inside out.Key Points:03:28 Building a Cybersecurity Culture08:00 Operational Resilience and Incident Response15:58 AI Governance20:55 Promoting Diversity in Cybersecurity25:27 The Role of a Healthcare CISOX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

November 24, 2025: Healthcare organizations are drowning in applications they can't even inventory, especially after mergers and acquisitions. But the real shock comes when they try to access archived data years later. Dave Dyell, Managing Partner at Innovative Consulting Group, reveals why cloud storage fees are forcing health systems to rethink their entire archiving strategy, particularly for medical imaging. With AI initiatives on the horizon, the way you archive data today determines whether you can afford to use it tomorrow. Learn why strategic planning for data archiving isn't optional anymore—it's the difference between controlling costs and watching them spiral out of control.Key Points:03:12 Archiving and Data Management09:30 On-Prem vs Cloud Storage18:33 Future Strategies and ConclusionX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

November 21, 2025: What if your organization could reclaim millions of dollars just by rethinking processes you already have in place? Bill Willis, CTO of IDMWORKS, discusses the hidden costs plaguing healthcare IT, from runaway cloud storage bills to the shocking economics of password resets. Discover why identity management isn't just a security issue but a massive financial opportunity, how HR-IT integration is transforming onboarding from a week-long wait to day-one productivity, and why the cybersecurity crisis isn't really about technology at all. With real-world examples showing $2.5M to $5M in annual savings, this episode delivers the business case healthcare leaders need to drive change in 2026.Key Points:01:06 Boston City Tour Highlights02:36 Discussion on AI and Cloud Costs10:05 Cybersecurity and Identity Management19:12 Operational Efficiency and Cost SavingsX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Cybercriminals are escalating their tactics by deploying AI-enabled malware that adapts in real-time. Google Cloud and Anthropic threat intelligence reports reveal attackers using tools like Prompt Flux malware to contact AI APIs mid-attack, rewriting code to evade detection. Threat actors are bypassing AI safety guardrails through social engineering, tricking models into providing malicious capabilities. The underground cybercrime market now offers sophisticated multifunction tools, lowering barriers for less experienced criminals. Healthcare defenders must prepare for adaptive malware that uses generative AI to persist and survive longer inside target environments.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

November 19, 2025: Healthcare IT infrastructure has become so complex that teams have lost sight of the actual patient impact. Kurt Telep, Healthcare Field CTO at Nutanix, pulls no punches in this conversation about what's broken and how to fix it. From his personal regret about avoiding Kubernetes when it first emerged to explaining why 95% of healthcare organizations will consume AI rather than build it, Kurt delivers hard-earned wisdom on navigating constant technological change. He reveals why security tools become shelfware, how to reconnect IT decisions to clinical outcomes, and why the future belongs to leaders who embrace simplicity over complexity.Key Points:02:21 A Better  IT Infrastructure08:09 Security Concerns with AI09:40 Advice for Future Healthcare IT Leaders15:22 The Importance of Simplicity X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

November 17, 2025: How does a 25-bed critical access hospital successfully stop a cyberattack when larger health systems fall victim? George Pappas, CEO of Intraprise Health, unpacks the Colorado hospital that shows how security culture beats expensive technology. The conversation reveals why vendor transparency remains elusive despite high-profile breaches, explores the harsh reality of hospitals that know their vulnerabilities but lack resources to fix them, and tackles AI governance challenges that traditional testing methods can't address. From Oracle-Cerner incidents to the frozen HIPAA NPRM, this episode delivers hard truths about healthcare security's funding gaps and the practical strategies that actually work for margin-pressed organizations.Key Points:01:45 Vendor Contracts and Legal Challenges06:21 Challenges with Cloud Security11:26 Critical Access Hospitals and Cyber Preparedness17:47 AI in Healthcare: Opportunities and RisksX: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer