The 229 Podcast

A dormant Instagram account tied to the Obama White House started posting pro-Iranian content. No hacked password. No malware. No phishing email. Just a polite conversation with Meta's AI support agent.
Researchers are calling it out plainly: AI agents are built to be helpful, and that eagerness is exactly what attackers are starting to exploit. The attack surface isn't the password anymore -- it's the agent.
Health systems are deploying AI right now for scheduling, intake, and benefit verification. Has anyone on your team actually tried to socially engineer yours?
Remember, Stay a Little Paranoid
Thanks to Cyderes for sponsoring this episode: https://thisweekhealth.com/partners/cyderes/

June 15, 2026: Bill Russell, Drex DeFord, and Sarah Richardson sit down to work through the question sitting at the top of every health system's agenda: what has AI actually done for us? Personal productivity gains are real. Meeting counts are dropping, hours are being saved, and individual leaders feel the difference. But the enterprise ROI case is proving harder to make. With Dave Lundahl's three-era framework for healthcare IT adding historical weight and the ambient listening wave cresting, the industry may be entering its accountability phase.
Key Points:
04:22 Governance Five Questions

08:08 Cost ROI And Licenses

10:04 Third Era Of Health IT

17:49 Patient Companion Future

23:47 Wrap Up And Next Week

Keep up to date on the latest in health IT:
https://thisweekhealth.com/news/
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

June 10, 2026: In healthcare where downtime means lives, identity security is no longer just about who logs in. Bill Russell sits down with Peter Barker, Chief Product Officer at Ping Identity, to unpack why the agentic AI era demands a fundamental rethinking of identity. From giving AI agents first-class credentials to shifting the security boundary from login to the point of action. If your health system is deploying AI and you have not addressed non-human identity, this conversation is where to start.
Keep up to date on the latest in health IT:
https://thisweekhealth.com/news/
Key Points:
01:18 Why Agents Change Identity

07:43 Runtime Identity And Authorization

15:00 Healthcare Passwordless Trust

20:11 CISO Playbook And Wrap Up

X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

That UAC prompt -- the little shield asking you to approve a publisher -- is one of the most foundational trust signals in Windows security. Your tools rely on it. Your team relies on it.
Two people figured out how to sell it. What they built, and which ransomware gangs bought access, has a direct line to at least one recent health system breach. Drex breaks it down.
Remember, Stay a Little Paranoid

CISA -- the federal agency whose job it is to protect America's critical infrastructure -- had its own internal credentials sitting in a public GitHub repository for six months. Plain text passwords. AWS GovCloud keys. SSH access tokens. Visible to anyone on the internet with a browser.What makes this worse: the contractor who created the repository didn't slip up accidentally. They actively disabled the default GitHub protections designed to prevent exactly this from happening. And when the repository finally came down, those AWS keys stayed valid for another 48 hours before anyone thought to revoke them.Drex brings this back to the question every health system CISO should be sitting with: How many contractors have access to your most sensitive systems right now -- and if one of them made this choice six months ago, would you even know today?Remember, Stay a Little Paranoid Linkedin: https://www.linkedin.com/company/ThisWeekHealth Twitter: https://twitter.com/thisweekhealth Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454