Free Webinar: HIPAA Email Security 101: PHI, Encryption, and What’s Required
According to the Paubox 2026 Healthcare Email Security Report, in 2025, 170 email-related data breaches were reported to the HHS’ Office for Civil Rights (OCR). While healthcare organizations are getting better at preventing email-related data breaches, an analysis of email security configurations found that in 2025, 41% of healthcare organizations fell into the high-risk category, an increase from the previous year. On top of those large healthcare data breaches are the thousands of smaller breaches that affect fewer than 500 individuals, a large percentage of which are due to poor email security configurations and errors by healthcare employees. Each email incident erodes trust, can be costly to resolve, and potentially puts the organization at risk of a HIPAA penalty, yet email compliance failures are easily avoided. On May 21, 2026, the leading healthcare email security company, Paubox, is hosting a webinar to explain HIPAA email security 101. The webinar consists of a practical session covering the fundamentals of HIPAA-compliant email, what constitutes PHI, and how to...
Verber Dental Group Notifies Patients About January Hacking Incident
Data breaches have recently been announced by Verber Dental Group in Pennsylvania, Northwoods Surgery Center in Minnesota, Cunningham Prosthetic Care in Maine, Healthcare In Action in California, and Preakness Healthcare Center in New Jersey. Verber Dental Group Verber Dental Group, a Camp Hill, PA-based dental group comprising 14 dental practices, has recently notified patients of unauthorized network access that exposed patient data. Suspicious network activity was identified on January 27, 2026. The network was secured, and an investigation was launched, which revealed the threat actor had access to its network from January 26, 2026, to January 27, 2026. The investigation confirmed that patient information had been exposed, including names, dates of birth, Social Security numbers, driver’s license numbers/state identification numbers, medical records, and health insurance information. Verber Dental has not identified any misuse of patient information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals as a...
Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches
Atrium Health Navicent and Interim HealthCare of Lubbock/Amarillo have recently announced that they have been affected by data breaches at third-party vendors. Atrium Health Navicent Atrium Health Navicent is the latest healthcare provider to announce that it has been affected by the January 2025 data breach at Oracle Health. Oracle Health acquired the electronic medical record company Cerner, and was due to migrate patient records from legacy Cerner servers to Oracle Health’s systems. As early as January 22, 2025, a hacker gained access to two legacy servers and exfiltrated patient data. Oracle Health detected the breach in February 2025. Many healthcare providers were affected and issued notification letters last year. According to Atrium Health Navicent, the delay in notification is due to the complexity of the data review, which has taken many months to complete. Atrium Health Navicent said it only recently learned from Oracle Health that it had been affected, and the review of the impacted data was not completed until March 12, 2026. The data compromised in the incident was...
What are the HIPAA Training Requirements for New Hires?
The HIPAA training requirements for new hires are that “a covered entity must provide training […] to each new member of the workforce within a reasonable period of time after the person joins the covered entity’s workforce” (45 CFR 164.530(b)(2)). What a “reasonable period of time” is may depend on the new hire’s role and their existing HIPAA knowledge but the best practice in the healthcare sector is to provide HIPAA training and HIPAA security awareness training as soon as possible. All healthcare students on clinical placements are new hire that should immediately be provided with HIPAA training. Because HIPAA applies to many different types of organizations, it is important the HIPAA training requirements for new hires are put into context rather than taken in isolation. This is because HIPAA requires covered entities and business associates to identify risks to the privacy of Protected Health Information (PHI) and mitigate the risks to a reasonably acceptable level. If a covered entity conducts a risk assessment, and identifies a risk to the privacy of PHI by allowing an...
Gandara Mental Health Center Settles Class Action Data Breach Lawsuit
Gandara Mental Health Center in Springfield, Massachusetts, has agreed to settle class action litigation stemming from a June 2024 cyberattack and data breach that affected 17,543 individuals. The cyberattack was detected on June 20, 2024, and Gandara Mental Health Center determined that personal and protected health information, such as names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnoses, treatment information, and health insurance information, had been compromised. The hackers claimed to have exfiltrated approximately 450 GB of data. A class action lawsuit was filed in the Court in the Commonwealth of Massachusetts, Hampden County – Eugene Mitchell v. Gandara Mental Health Center, Inc. – in response to the data breach that alleged that the defendant failed to properly secure its network, leading to the theft of the plaintiffs’ personal and protected health information. The lawsuit asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, and breach of fiduciary duty. Gandara Mental Health...



