What Healthcare Can Learn From a 20 Year Old Hacker | 2 Minute Drill with Drex DeFord

May 5, 2026: What happens when attackers don't just break into your systems, they become you? Josh Howell, Healthcare CTO at Rubrik, joins Drex DeFord to unpack Rubrik's newly announced partnership with the American Hospital Association, a rigorous vetting process that signals a new standard in cyber risk validation. Josh draws on hundreds of ransomware recovery experiences to challenge how health systems think about resilience, recovery sequencing, and the identity control plane. Learn why the worst-case scenario in the 2026 Google Mandiant M-Trends report should keep every CISO up at night.Key Points:00:35 AHA Partnership Overview04:19 Turning Tools Into Outcomes10:50 Worst Case Scenario13:47 Secure by Design Zero TrustKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

May 4, 2026: Lisbeth Votruba, Chief Clinical Officer at AvaSure, joins Bill Russell and Drex DeFord on Newsday to celebrate Nurses Week with a fascinating look at where nursing has been, and where it's going. From Florence's data-driven legacy to today's AI-powered virtual care, Lisbeth shares why nursing turnover is declining, why certification rates are rising, and why she sees technology not as a threat but as a path back to old-fashioned, human-centered nursing care. Key Points:02:38 Nurses Week Origins and Trends05:56 Ambient Documentation Reality Check08:51 AI for Safety and Liability18:03 Nurses at the Table ClosingKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Drex unpacks a signal hiding across several recent stories: we may be deploying AI well ahead of our ability to secure it. From an autonomous AI agent that breached a consulting firm's internal chatbot in two hours, gaining access to 46 million employee messages, to a multi-agent experiment where AI systems escalated privileges, forged credentials, and disabled antivirus software entirely on their own, the pattern is unsettling. Add a publicly available AI prescribing tool in Utah that researchers convinced to triple an opioid dose and reveal its own system prompts, and the picture gets clearer. Prompts are the new attack surface and the security model hasn't caught up yet.

Matthew Lane was 14 when he started probing the edges of online gaming systems. By 20, he had walked out of PowerSchool with data on nearly 70 million students and teachers using nothing but a contractor's stolen credentials he found on the dark web. Drex tells the full story and then lands the part that matters most for healthcare: Lane didn't exploit a sophisticated vulnerability. He used a username and password attached to someone who had legitimate access and simply walked through the front door. How many of your vendors have credentials that have never been audited? How many former contractors still have access? Is everyone using MFA on every system? The fundamentals are still the open book test, and too many organizations aren't passing it.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer 

April 28, 2026: When a hospital goes dark, the first 72 hours are everything. Laurie Campbell, Senior Manager of Clinical Ancillary Applications and Enterprise Imaging, and Rick McIntosh, VP and the Chief Technology Officer, at Children’s Hospital Colorado, break down the phased Code Dark response framework her team developed for ransomware attacks. They walk through real examples: how the supply chain keeps inventory moving without its systems, and how the radiology team built a sneakernet process to keep radiologists reading images even when the PACS environment is completely unreachable. This isn't theoretical. It's the result of years of workflow mapping, vendor co-development, and hard conversations across the entire organization.Key Points:03:12 Why Resilience Matters07:18 Launching Code Dark14:06 Workflow to Paper Playbooks19:15 Twilight Tech Workarounds27:03 Partners Lessons and WrapKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

April 27, 2026: Drex DeFord and Bill Russell are back on Newsday, and fresh off the 229 Summit, they're not pulling punches. Healthcare IT has a demand problem. Too many projects, not enough capacity, and an industry that's chronically bad at saying no. From the 229 Summit's sharpest takeaways to the Salesforce headless CRM announcement, the vl.js hack, and why Bill thinks Claude Code's "genesis key" is about to change everything, this episode covers the stories that matter most right now. If your project list is longer than your resources, this one is for you.Key Points:00:32 Summit takeaway priorities06:41 Build vs buy with AI10:49 Personal AI assistants speed16:56 Headless CRM future UX18:26 Security hacks fundamentalsKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

While the industry debates frontier AI models and nation-state threats, hospitals are still getting hit by ransomware through the same doors they've always left open. Drex zooms out to what's actually happening on the ground: massive patch cycles creating downstream operational pressure, countries reconsidering their software dependencies, and CISOs quietly doubling down on fundamentals. MFA, identity management, tested backups, network segmentation. The HICP documents are free, the roadmap already exists, and the data is clear. Most attacks don't start with advanced AI. They start with a stolen credential or a forgotten exposed system. The organizations most likely to survive what's coming are the ones executing the basics best right now.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer 

April 20, 2026: What happens when you layer AI onto broken processes without fixing them first? Angel Mena, MD, CMO of Symplr, joins Bill Russell, Drex DeFord, and Sarah Richardson on Newsday to answer that question with the kind of clinical candor only a practicing physician can bring. From ambient documentation to quality metrics to the credentialing chaos hiding inside every health system, this conversation exposes the gap between AI's promise and what healthcare leaders must do to close it before the opportunity slips away.Key Points:00:37 Clinicians and Tech Today07:44 Beyond the AI Hype14:49 Admin Burden Credentialing18:44 Governance Change and WrapKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

The Kim Wolf botnet was the most powerful ever built — 2 million compromised IoT devices, a record-breaking 31.4 terabit DDoS attack, and it had the FBI, Google, and Cloudflare stumped. Drex breaks down how those cheap, forgotten devices in patient waiting rooms and break rooms became weapons inside hospital networks, and why 25% of Infoblox's enterprise healthcare clients were already compromised. Then comes the wild part: a 22-year-old RIT undergrad named Benjamin cracked the whole operation — while studying for midterms — using Discord, Telegram, and a perfectly timed cat meme. His research ultimately fueled a coordinated takedown on March 19th, 2026, that brought Kim Wolf from 2 million active devices to roughly 30,000. The lesson for healthcare: those forgotten IoT devices on your network aren't harmless. They're potential soldiers in someone else's army.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

April 13, 2026: Jacob Hansen, Chief Product and Technology Officer at AvaSure, joins Bill, Drex, and Sarah on Newsday for a conversation about the data governance battles quietly reshaping AI. From who owns AI model improvements derived from a health system's environment to whether EHRs should have control over how that data is used, Jacob pulls no punches. The conversation also tackles the evolving CIO title, the future of computer science careers in an AI-driven world, and why nursing may be one of the most AI-resilient roles in healthcare.Key Points:01:07 CIO to CTDO Shift06:52 Data Ownership and Governance13:24 AI Transparency and Governance21:00 Careers and AI FutureKeep up to date on the latest in health IT:https://thisweekhealth.com/news/X: This Week HealthLinkedIn: This Week HealthDonate: Alex’s Lemonade Stand: Foundation for Childhood Cancer