UnHack with Drex DeFord

While the industry debates frontier AI models and nation-state threats, hospitals are still getting hit by ransomware through the same doors they've always left open. Drex zooms out to what's actually happening on the ground: massive patch cycles creating downstream operational pressure, countries reconsidering their software dependencies, and CISOs quietly doubling down on fundamentals. MFA, identity management, tested backups, network segmentation. The HICP documents are free, the roadmap already exists, and the data is clear. Most attacks don't start with advanced AI. They start with a stolen credential or a forgotten exposed system. The organizations most likely to survive what's coming are the ones executing the basics best right now.
Remember, Stay a Little Paranoid
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

April 20, 2026: What happens when you layer AI onto broken processes without fixing them first? Angel Mena, MD, CMO of Symplr, joins Bill Russell, Drex DeFord, and Sarah Richardson on Newsday to answer that question with the kind of clinical candor only a practicing physician can bring. From ambient documentation to quality metrics to the credentialing chaos hiding inside every health system, this conversation exposes the gap between AI's promise and what healthcare leaders must do to close it before the opportunity slips away.
Key Points:
00:37 Clinicians and Tech Today
07:44 Beyond the AI Hype
14:49 Admin Burden Credentialing
18:44 Governance Change and Wrap
Keep up to date on the latest in health IT:
https://thisweekhealth.com/news/
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

The Kim Wolf botnet was the most powerful ever built — 2 million compromised IoT devices, a record-breaking 31.4 terabit DDoS attack, and it had the FBI, Google, and Cloudflare stumped. Drex breaks down how those cheap, forgotten devices in patient waiting rooms and break rooms became weapons inside hospital networks, and why 25% of Infoblox's enterprise healthcare clients were already compromised. Then comes the wild part: a 22-year-old RIT undergrad named Benjamin cracked the whole operation — while studying for midterms — using Discord, Telegram, and a perfectly timed cat meme. His research ultimately fueled a coordinated takedown on March 19th, 2026, that brought Kim Wolf from 2 million active devices to roughly 30,000. The lesson for healthcare: those forgotten IoT devices on your network aren't harmless. They're potential soldiers in someone else's army.
Remember, Stay a Little Paranoid
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

April 13, 2026: Jacob Hansen, Chief Product and Technology Officer at AvaSure, joins Bill, Drex, and Sarah on Newsday for a conversation about the data governance battles quietly reshaping AI. From who owns AI model improvements derived from a health system's environment to whether EHRs should have control over how that data is used, Jacob pulls no punches. The conversation also tackles the evolving CIO title, the future of computer science careers in an AI-driven world, and why nursing may be one of the most AI-resilient roles in healthcare.
Key Points:
01:07 CIO to CTDO Shift
06:52 Data Ownership and Governance
13:24 AI Transparency and Governance
21:00 Careers and AI Future

Keep up to date on the latest in health IT:
https://thisweekhealth.com/news/
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

The window between vulnerability discovery and exploitation has collapsed — from 63 days in 2018 to negative. Now AI is changing the game entirely. Drex walks through how Anthropic's unreleased model Mythos autonomously found a critical zero-day in the Ghost CMS, wrote its own exploit, and extracted sensitive credentials in under two hours — all without a CVE ever existing. Add in two accidental Anthropic data leaks in the same week, and the story gets more complicated. For healthcare organizations, the takeaway is urgent: your patch program was built for a world that no longer exists. Continuous vulnerability discovery, identity security, network segmentation, and board-level conversations about AI-powered attack speed aren't future priorities — they're today's baseline.
Remember, Stay a Little Paranoid
X: This Week Health
LinkedIn: This Week Health
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer