877.334.8512 |      

EHR and practice management for mental / behavioral health

Data Breaches: What Could Have Stopped Them?

by Donna Koger, 6.1.18

Everyone in the medical field should know by now that data breaches are extra difficult on healthcare organizations. PHI is especially attractive to hackers because it contains more personal information. Medical practices are “held to the highest trust standards” and when breached, can suffer very stiff penalties for HIPPA non-compliance. 

Here are 3 examples of Healthcare breaches and what could have been done to avoid them:

Community Health Systems

Second largest HIPAA breach at the time and affected 4.5 million individuals. This was a malware attack that “copied and transferred PHI out of the company.” The cost was approximately $100 million. 

One way this organization could have saved themselves from such a breach is by making sure all employees have annual HIPAA compliance trainingand that they understand the dangers of being careless and non-compliance.

Anthem, Inc.

One of the world’s largest, Anthem was hacked in a breach that compromised 79 million people. The cost paid by Anthem for the settlement was $115 million.

The breach was the result of an employee opening a phishing email to release malicious code into the organizations’ systems. 

This indicates there should have been annual HIPAA compliance training  and other safeguards in place such as “multi-factor authentication, email threat filtering, more granular data isolation and micro-services strategies” this massive HIPAA breach may have been prevented. 

Advocate Medical Group

In this breach, there were unencrypted laptops (Encryption: What Are You Waiting For?) that contained PHI of approximately 4 million people that were stolen and additional thefts were reported later that year. The Advocate Medical Group was fined $5.5 million.

According to ClearDATA, the Advocate Medical Group “failed to provide sufficient risk analysis and management to ensure electronic health information was secure.” A thorough Risk Analysis would have revealed areas in the company that were non-compliant, such as unencrypted laptops.

Want to learn more about risk analysis, encryption and PHI management? Check out our HIPAA Resource Center

Resource: www.cleardata.com

Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR


Donna Koger is the HIPAA and Security Compliance Director of PIMSY EHR. For more information about electronic solutions for your practice, check out Mental Health Practice Management.


Kudos from Clients

  • Seth H.

    “PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

    ~ Seth H., Business Owner

  • Karen B.

    “Love PIMSY! So much quicker to complete notes and easier for everyone working with clients to know current authorizations and track units.”

    ~ Karen B., Therapist

  • Dr. Carmen L.

    “I am extremely appreciative and am so glad I decided to go with PIMSY versus the other options I was considering. I was singing your praises to a colleague of mine today who is feeling overwhelmed with her paper process. I highly recommend all of you.”

    ~ Dr. Carmen L., Program Director

  • Kim T.

    “We are now functioning at a 50% faster recovery rate for money and a 50% lower denial rate. You should really give the PIMSY team time to demonstrate for you personally.”

    ~ Kim T., Business Director

Subscribe To Our Newsletter

Subscribe to the PIMSY newsletter
What topics are you most interested in?