HIPAA Security Training
HIPAA security training is used to ensure all workforce members understand how to safeguard electronic protected health information, reduce cybersecurity risks, and comply with the HIPAA Security Rule in daily operations. What HIPAA Security Training Is Designed to Achieve HIPAA security training focuses on protecting electronic patient information by addressing how data is accessed, stored, transmitted, and monitored. The goal is to reduce the risk of unauthorized access, data loss, and cyber incidents while ensuring staff understand their individual responsibilities. Effective training connects legal requirements to everyday behaviors such as logging into systems, using mobile devices, sharing information electronically, and recognizing suspicious activity. Who Must Receive HIPAA Security Training All staff must receive HIPAA training because every workforce member can impact the security of electronic health information. This includes clinical personnel, administrative teams, billing staff, IT teams, management, contractors, and temporary workers. Even staff who do not regularly...
HIPAA Compliance for Psychiatrists
The nature of HIPAA compliance for psychiatrists can vary depending on whether a psychiatrist is a sole practitioner that qualifies as a HIPAA covered entity, a unit within a managed care organization, part of an affiliated entity, a hybrid entity, a business associate, or a member of a HIPAA covered organization’s workforce. There is no one-size-fits-all guide to HIPAA compliance for psychiatrists. This is because some psychiatrists are responsible for all elements of HIPAA compliance, others may subcontract elements of HIPAA compliance to business associates, and others may work in – or for – an organization in which responsibility for HIPAA compliance is assigned to a compliance officer. Due to these factors, some mental health professionals have more autonomy than others with regards to what HIPAA compliance for psychiatrists consists of. In addition, both the HIPAA Privacy Rule and the HIPAA Security Rule allow a flexibility of approach depending on the size, the type of activities that relate to Protected Health Information (PHI), and the capabilities of a...
Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year
Over the 12 months from March 2024 to March 2025, almost half of healthcare organizations experienced at least one data incident, such as a ransomware attack, hacking incident, or phishing attack, according to the cybersecurity firm Netwrix. For its 2025 Cybersecurity Trends Report, Netwrix surveyed 2,150 IT professionals from 121 countries in March 2025 and compared the findings to previous surveys conducted in 2024, 2023, and 2020. Healthcare has long been targeted by threat actors due to the high value of patient records, and the fact that healthcare organizations cannot tolerate disruption, as it puts patient safety at risk. The sector is extensively targeted by ransomware groups as there is a higher probability that the ransom will be paid to prevent the publication of stolen data and ensure a fast recovery. In the past 12 months, 48% of healthcare organizations experienced at least one security incident that required a dedicated response from the security team. Across all sectors, the number of organizations reporting no impact from security incidents is rapidly reducing. In...
PHI Potentially Stolen in Phishing Attack on Superior Vision Services
Superior Vision Service has announced that protected health information has been compromised in a phishing attack. People Encouraging People has fallen victim to a ransomware attack. Superior Vision Service Superior Vision Services, a vision insurance company and subsidiary of Versant Health, has announced a July 2025 security incident. According to the September 26, 2025, notification letters, Superior Vision learned on July 11, 2025, that an employee had been tricked in a sophisticated phishing attack and disclosed their credentials to the attacker. The employee responded to the phishing email on July 9, 2025, and the threat actor used the employee’s credentials to access their account. On July 11, 2025, the threat actor may have copied emails from the account that contained sensitive customer information. The account was reviewed and found to contain full names, physical addresses, phone numbers, email addresses, dates of birth, genders, Social Security numbers, vision coverage election information, and employment information related to enrollment. Notification letters...
$2.55M Settlement Agreed to Resolve Octapharma Plasma Data Breach Lawsuit
A settlement has been agreed to resolve litigation against Octapharma Plasma over its April 2024 ransomware attack and data breach. Octapharma Plasma operates more than 190 blood plasma donation centers in 35 states. On or around April 17, 2024, Octapharma detected suspicious activity within its computer systems. The investigation confirmed unauthorized access to parts of its network where sensitive personal information was stored, including names, dates of birth, Social Security numbers, health information, donor eligibility information, financial information, employee data, and business data. On April 26, 2024, shortly after the cyberattack was announced, a class action lawsuit was filed by Bret Woodall against Octapharma. Several other lawsuits were subsequently filed over the data breach, and the lawsuits were consolidated into a single action – Woodall v. Octapharma Plasma Inc. – since they were materially and substantively identical and had overlapping claims. The consolidated lawsuit alleged that Octapharma failed to reasonably secure, monitor, and maintain personal...



