SipCyber - Presented by IT Audit Labs

Your Health App May Not Be HIPAA Protected

4 min · 3. juni 2026
episode Your Health App May Not Be HIPAA Protected cover

Description

In this episode of SipCyber, Jen Lotze settles into The Fox and Pantry in Plymouth, MN — a space so thoughtfully designed it immediately earns your trust — and uses that feeling as the perfect lens for a conversation about AI and healthcare privacy. Over a Pineapple Mango Mint Refresher on a blazing Minnesota afternoon, Jen breaks down a growing blind spot: millions of people are using AI tools to interpret health information, but many of those tools aren't subject to HIPAA the same way your provider is.  The app looks secure. The interface feels clinical. But confidence and verification are not the same thing.  Key Topics Covered:   * Why many AI health tools aren't covered by HIPAA — even when they market as "healthcare-focused"   * What to look for in a privacy policy before uploading any medical information   * How polished design creates a false sense of data security   * What business owners need to know when employees use AI with patient or customer data  * The one-minute habit that protects your most personal information  This isn't about avoiding AI — it's about using it with eyes open. Your health history, mental health concerns, and lab results deserve the same scrutiny you'd give any tool handling your most sensitive data.  ☕ Featured Spot: The Fox and Pantry, Plymouth, MN  Don't hand your health data to an app before you know where it goes. Subscribe for weekly cybersecurity insights delivered from the best local spots across the country — and share this with someone who's ever typed a symptom into an AI chatbot.  #HealthcarePrivacy #HIPAA #AIPrivacy #HealthData #Cybersecurity #DataPrivacy #AIHealthcare #InfoSec #SipCyber #DigitalSafety #MedicalData #CyberAwareness #HealthTech

Comments

0

Be the first to comment

Sign up now and become a member of the SipCyber - Presented by IT Audit Labs community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

38 episodes

episode Untitled EpisodeYour Smart TV Is Spying on You (Fix It in 5 Minutes) artwork

Untitled EpisodeYour Smart TV Is Spying on You (Fix It in 5 Minutes)

Your smart TV shipped with privacy settings nobody reads and most people never change. In this episode of SipCyber, Jen Lotze visits Revelry Brewing on Folly Beach, South Carolina, to unpack one of the most overlooked data collection features in the average American home: Automatic Content Recognition, or ACR.  ACR doesn't just track what you stream on Netflix. It identifies everything appearing on your screen — cable channels, gaming consoles, HDMI-connected devices — and uses that data to fuel advertising profiles and recommendation engines. It was on when you unboxed the TV. Most people have no idea.  Key Topics Covered:   * What Automatic Content Recognition (ACR) actually does — and why it's enabled by default  * How smart TVs track cable, HDMI, and gaming content, not just streaming apps    * Brand-by-brand privacy settings to review: Samsung, LG, Roku, and Vizio   * Why enterprise conference rooms and waiting room displays carry the same risk    * The broader principle: intentional data sharing vs. invisible collection  This one isn't about stopping a hacker. It's about understanding the technology already sitting in your living room — and making an informed choice about what it knows.  ☕ Featured Brewery: Revelry Brewing, Folly Beach, SC  Five minutes. That's all it takes. Subscribe for weekly cybersecurity awareness from the best local spots across the country — and share this with someone who's never touched their TV's privacy settings.  #SmartTV #Privacy #ACR #AutomaticContentRecognition #Cybersecurity #DataPrivacy #InfoSec #SmartHome #SipCyber #DigitalSafety #CyberAwareness #TVPrivacy #ConnectedDevices

1. juli 20264 min
episode ClickFix: How Hackers Borrow Trust Instead of Stealing It artwork

ClickFix: How Hackers Borrow Trust Instead of Stealing It

What if the website wasn't fake — but the message it showed you was? In this episode of SipCyber, Jen Lotze stops into City on a Hill Coffee in Leadville, CO, where the Colorado Rockies rise just outside the window and a hazelnut latte sets the scene for a conversation about one of the most effective cyberattack campaigns in recent memory.  Cybersecurity researchers uncovered a massive ClickFix malware operation targeting more than 700 education and technology websites — not fake sites, real and trusted ones. Visitors were greeted by a familiar-looking verification screen, asked to prove they were human, and then walked step-by-step into installing malware themselves. No software exploit required. Just trust — and a message that felt routine.  A side trip to Leadville's straightforwardly named "The Tattoo Shop" becomes an unexpected lens on how trust is built online, how attackers exploit it, and the one question that can protect you: Is this really what it claims to be?  Key Topics Covered:   * What the ClickFix malware campaign is and how it spread across 700+ legitimate websites   * Why real, trusted sites are more dangerous attack surfaces than fake ones   * How fake CAPTCHA screens trick users into running malicious commands themselves  *  The psychology of borrowed trust — and why it's so effective   * One grounding question to ask before you follow any online instruction  ☕ Featured Coffee Shop: City on a Hill Coffee, Leadville, CO 🍵 Jen's Order: Hazelnut latte  The most dangerous attacks don't feel dangerous. Subscribe for weekly cybersecurity insights from coffee shops across the country — and share this with anyone who's ever clicked "I'm not a robot."  #Cybersecurity #ClickFix #Malware #SocialEngineering #CyberAwareness #InfoSec #CyberSafety #SipCyber #Phishing #TrustAttacks #DigitalSafety #SecurityTips #CyberEducation

24. juni 20264 min
episode One Daily Habit That Makes Hackers' Jobs Harder artwork

One Daily Habit That Makes Hackers' Jobs Harder

Confidence isn't something you find — it's something you build, one skill at a time. In this episode of SipCyber, Jen Lotze visits Bitty and Beau's Coffee in Charleston, SC, a shop with a mission as meaningful as its coffee: creating employment opportunities for people with intellectual and developmental disabilities. That spirit of empowerment carries straight into the cybersecurity conversation.  This month, Microsoft released fixes for more than 200 security vulnerabilities in a single Patch Tuesday — one of the largest update releases in the company's history. It sounds overwhelming. It's not. Jen breaks down what these patches actually mean, why most security failures aren't technical failures, and the one simple habit that closes more gaps than most people realize: restarting your computer every day.  No advanced IT knowledge required. Just a small, consistent action — and maybe a good cup of coffee.  Key Topics Covered:   * What Microsoft's record-breaking June Patch Tuesday actually means for everyday users   * Why security updates don't fully protect you until you reboot   * The real reason most people get compromised (hint: it's not a lack of expertise)   * A dead-simple daily habit that strengthens your security posture   * Bonus tip: how to restore all your browser tabs after a restart (no more excuses)  ☕ Featured Coffee Shop: Biddy and Bo's Coffee, Charleston, SC  Small actions, big results. Subscribe for weekly cybersecurity tips from the best coffee spots across the country — and share this with the person on your team who hasn't restarted their laptop in six months.  #Cybersecurity #PatchTuesday #Microsoft #CyberHygiene #SoftwareUpdates #InfoSec #CyberSafety #SipCyber #DigitalSecurity #SecurityAwareness #SmallBusiness #CharlestonSC

17. juni 20263 min
episode Your Health App May Not Be HIPAA Protected artwork

Your Health App May Not Be HIPAA Protected

In this episode of SipCyber, Jen Lotze settles into The Fox and Pantry in Plymouth, MN — a space so thoughtfully designed it immediately earns your trust — and uses that feeling as the perfect lens for a conversation about AI and healthcare privacy. Over a Pineapple Mango Mint Refresher on a blazing Minnesota afternoon, Jen breaks down a growing blind spot: millions of people are using AI tools to interpret health information, but many of those tools aren't subject to HIPAA the same way your provider is.  The app looks secure. The interface feels clinical. But confidence and verification are not the same thing.  Key Topics Covered:   * Why many AI health tools aren't covered by HIPAA — even when they market as "healthcare-focused"   * What to look for in a privacy policy before uploading any medical information   * How polished design creates a false sense of data security   * What business owners need to know when employees use AI with patient or customer data  * The one-minute habit that protects your most personal information  This isn't about avoiding AI — it's about using it with eyes open. Your health history, mental health concerns, and lab results deserve the same scrutiny you'd give any tool handling your most sensitive data.  ☕ Featured Spot: The Fox and Pantry, Plymouth, MN  Don't hand your health data to an app before you know where it goes. Subscribe for weekly cybersecurity insights delivered from the best local spots across the country — and share this with someone who's ever typed a symptom into an AI chatbot.  #HealthcarePrivacy #HIPAA #AIPrivacy #HealthData #Cybersecurity #DataPrivacy #AIHealthcare #InfoSec #SipCyber #DigitalSafety #MedicalData #CyberAwareness #HealthTech

3. juni 20264 min
episode The Digital Footprint You Didn't Know You Were Leaving artwork

The Digital Footprint You Didn't Know You Were Leaving

Your name. Your city. Your job title. Your relatives' names. It's all out there — and attackers don't need to hack you when they can just look you up.  In this episode of SipCyber, Jen Lotze settles in at Pryes Brewing — brick walls, big windows, the river just outside — with a hop water in hand and something worth saying: most of us spend our lives trying to be known, but online, a little strategic obscurity might be the best defense you've never considered.  The data broker ecosystem is massive, largely invisible, and actively feeding the phishing emails and vishing calls that feel unsettlingly personal. That text that knew your city. That call that referenced your coworker's name. That's not magic — that's aggregated public data being weaponized against you.  Key Topics Covered:   * How attackers use publicly available personal data to manufacture trust   * Why "people search" sites are a threat actor's first stop   * Yael Privacy Lab's data broker opt-out list — free and practical   * The Intel Techniques workbook for manual removal   * Paid services (DeleteMe, Optery) that automate and monitor removals   * How Google's subscription tools can alert you to new exposures  This isn't about going off the grid. It's about being a little harder to find — and a lot harder to fool.  🍺 Featured Spot: Pryes Brewing  You can't control every breach — but you can control how much is floating out there about you. Subscribe for weekly cybersecurity insights from the best local spots across the country, and share this with someone whose name is probably on one of those sites right now.  #DataPrivacy #DataBrokers #OnlinePrivacy #Cybersecurity #PhishingPrevention #DeleteMe #Optery #DigitalFootprint #InfoSec #SipCyber #CyberSafety #PrivacyTools #OSINT

27. maj 20262 min