What recent breaches teach independent practices — attack vectors, control failures, costs, and what to change before the same pattern reaches your practice.
21 articles
Breach Intelligence covers the empirical record: which attacks are working, against which entity types, with what root causes, and what compensating controls would have prevented them. Healthcare breach data is uniquely public — HHS publishes the OCR breach portal, state AGs publish settlements, FTC publishes enforcement actions. The articles below distill that record into operationally useful intelligence for independent practices that won't be the lead story but face the same threat patterns.
The enforcement discretion that permitted non-compliant telehealth ended May 2023. Five violations define most of the current exposure — consumer platforms, session recordings in personal cloud, unencrypted home devices, and more.
Optometry practices face a compliance challenge structurally distinct from other specialties: the retail-clinical interface creates specific HIPAA vulnerabilities that generic guides never address.
The HIPAA violations that hit PT practices hardest are shaped by how PT is delivered — in homes, with rotating staff, through exercise apps most practices have never assessed for compliance.
In 2022, small medical and dental practices accounted for 55% of OCR financial penalties. Five violations drive most of the exposure — here's what they are and what to do about them.
Independent practices carry the same HIPAA obligations as hospital systems — with a fraction of the resources. This guide covers EHR gaps, the 2025 Security Rule amendments, and the step-by-step path to continuous compliance.
Chiropractic practices face a HIPAA violation landscape shaped by personal injury records, open treatment environments, and high-volume billing — patterns most compliance guides miss. Here are the five violations OCR cites most.
Mental health records command $280–$310 per record on dark markets. Here are six violations OCR cites most in behavioral health — including two unique to therapy that most guides never address.
Many HIPAA violations don't come from sophisticated attacks — they come from a sticky note under a monitor, a saved password, or a workstation left open during a five-minute coffee break.
A HIPAA compliance checklist is a starting point, not a destination. This checklist covers the core requirements organized by category, with regulatory citations and what done actually means in practice.
OCR enforcement actions reveal which HIPAA violations are most common and most costly. The consistent finding is not malice — it is that compliance was treated as a one-time event rather than an ongoing system.
Dental offices are covered entities under HIPAA — subject to the same rules as hospitals. This guide covers what the law requires, where dental practices are most exposed, which vendors need BAAs, and the step-by-step path to full compliance.
Most HIPAA violations at dental practices start with a missing document, an expired agreement, or a staff member who texted a patient. Here are the five violations OCR cites most — with real cases and what to do about them.
These six violations account for the majority of OCR enforcement actions against independent practices. Every one is preventable.
Google does not sign a Business Associate Agreement for Google Analytics. Using GA4 on a healthcare website that collects or transmits PHI is a HIPAA violation — and enforcement is active.
The Breach Notification Rule has specific requirements for who you notify, when, and how. Getting this wrong compounds the original violation.
Every year, thousands of independent healthcare providers download the free HHS Security Risk Assessment Tool, work through its 166 questions, generate a report, and file it away — believing they've completed their HIPAA security risk assessment requirement.
When Change Healthcare went down, it wasn't just a ransomware attack — it was a reminder that when healthcare data is breached, care itself is lost. AI has made the aftermath even worse.
276 million Americans had health data exposed in 2024. Medical records sell for 10x the value of credit cards. AI amplified exploit value by up to 30%. Here are the numbers — and what they mean.
The breach economics facing independent practices are existential. One incident can consume 250 to 560 percent of annual revenue.
An agentic AI vendor suffered a breach that exposed 480,000+ patient records. If your practice is evaluating AI tools, the questions you need to ask just changed.
HIPAA fines are just the visible cost. Legal fees, patient notification, reputation damage, and lost revenue make the real number far worse. We built a calculator to show you.
Related references
Live tracker across 7 federal and community sources
Operational responses to each breach in HIPAA Pulse
If you suspect a breach right now
Most state-law-exposed segment in healthcare; pharmacy BAA cascade
Photo storage, hybrid entity status, medical-component analysis
Prominent-patient threat model + heightened breach response
