Skip to main content
Patient Protect circular logo mark in purple and white used for site navigationPatient Protect

Press Room

Facts, research, and the record.

Everything a journalist, analyst, or partner needs to write accurately about Patient Protect. No spin. Primary sources, verifiable claims, and direct contact.

For press partners

Company synopsis.

Copy-paste ready. Use verbatim or trim to fit. No prior approval required.

Patient Protect exists to democratize access to healthcare security technology. Independent providers — dental, medical, behavioral health, chiropractic, physical therapy, optometry — carry the industry's largest breach risk and receive its least protection, priced out and locked out by the financial and complexity friction of enterprise security infrastructure. Our proprietary platform resolves that. It already anticipates the 2026 HIPAA Security Rule updates and operates above the existing compliance baseline — continuous monitoring, active enforcement, on-premises AI, and breach simulation. From $39/month. No contracts.

Version: 2026-07 · Attribution: Patient Protect

The data figure · Q1 2026

67.6%

of all Q1 2026 patient impact was driven by four upstream vendor (business-associate) breaches.

Less than 2% of Q1 breaches produced more than two-thirds of the harm. Independent healthcare is not primarily being breached on-premises — it is being breached by the vendors it depends on. Framing for the research track: business-associate concentration is the story, paired with the dark-market valuation of protected health information at $280–$310 per record (8–10× credit card data).

Chart · Editors may reproduce as-is

Share of Q1 2026 patient impact

Four upstream vendor breaches

67.6%

<2% of all Q1 breaches

All other breaches combined

32.4%

The other 98%

Source · Secure Care Research Institute, Q1 2026 State of Compliance (v1.3)

PNG version, higher-resolution SVG, and underlying data available on request.

Research

Published research.

Published under the Secure Care Research Institute, Chicago, IL. Independently funded. 60+ sources cited across both papers.

The Economics of ePHI Exposure: A Long-Term Impact Model of Healthcare Data Breaches

Secure Care Research Institute · 2025 · 39 pages · 1,423 breaches analyzed (2020–2025)

  • 10-year cumulative breach cost exceeds year-one expenses by 300–500%
  • 5,000-record breach at a mid-sized clinic: $4–$6M in 10-year impact
  • 70% of patients report willingness to switch providers post-breach

The Cyber-Economic Stack: How AI Turns Healthcare Data Into a Financialized Attack Asset

Secure Care Research Institute · 2025 · v2.6 · 1,423 healthcare breaches analyzed (2020–2025)

  • PHI dark-market value: $280–$310/record (8–10× credit card data)
  • AI amplification factor: 1.18–1.30 post-ChatGPT
  • 93-day arbitrage window between breach and detection in healthcare

AI & ePHI Whitepaper

Coming soon

Editorial briefing

Why independent healthcare is the structural weak point.

Publishable synthesis of the Secure Care Research Institute's working papers. Editors may run verbatim as background context.

SCRI · Chicago · Independently funded

60+ sources · 1,423 breaches analyzed

§01

The market

Stolen protected health information prices at $280–$310 per record on dark-web markets — 8-10x the value of a credit card. The premium is structural. Credit cards can be cancelled. Medical histories, insurance IDs, Social Security numbers, and diagnosis codes cannot be reset; they retain extraction value for a decade or more.

§02

The mechanism

Two mechanics compound the extraction value. Healthcare's 93-day average detection window (2020–2025 dataset) gives attackers three months of arbitrage between compromise and public notification. Generative AI has amplified attacker productivity by an estimated 1.18–1.30× post-ChatGPT, most visibly in phishing volume against sub-500-employee providers.

§03

The Q1 concentration

In Q1 2026, the concentration story became explicit. Four upstream vendor (business-associate) breaches produced 67.6% of Q1 patient impact — less than 2% of Q1 breaches driving more than two-thirds of the harm. Independent healthcare is not primarily being breached on-premises. It is being breached by the vendors it depends on.

§04

The implication

HIPAA's enforcement framework is built around the covered entity, not the business associate. The economics reward attackers who compromise vendors upstream of many practices at once. The technology to prevent this — continuous vendor-BAA monitoring, active configuration verification, breach-simulation testing — exists but is unevenly deployed among independent providers who lack dedicated compliance staff. The 2026 HIPAA Security Rule updates begin to close this gap. Patient Protect's platform anticipates them.

Cite

Perrin, A. (2025). The Economics of ePHI Exposure. Secure Care Research Institute. SSRN 5257628.

Perrin, A. (2025). The Cyber-Economic Stack. Secure Care Research Institute. SSRN 5792382.

Perrin, A. (2026). Q1 State of Compliance v1.3. Secure Care Research Institute.

Media bios

For bylined attribution.

75-word bios and headshots for editorial use. Interview requests via info@patient-protect.com.

Headshot of Alexander Perrin

Alexander Perrin

CEO & Founder, Patient Protect · Founder, Secure Care Research Institute

Alexander Perrin is CEO and founder of Patient Protect (est. 2015) and founder of the Secure Care Research Institute. Twenty years in enterprise technology brought him to a single conviction: independent healthcare practices deserve real security infrastructure, not paperwork disguised as protection. He publishes on the economics of ePHI, business-associate concentration, and the dark-market valuation of medical records — two SSRN papers, 1,423 breaches analyzed. Available for commentary on OCR enforcement, the 2026 Security Rule, and vendor accountability.

Word count: 75 · Version: 2026-07

Headshot of Joseph A. Perrin

Joseph A. Perrin

Chief Technology Officer, Patient Protect · Healthcare Infrastructure Architect

Joseph A. Perrin is Chief Technology Officer at Patient Protect. His background is federal and clinical healthcare infrastructure — years spent designing zero-trust architecture, encrypted data handling, and real-time threat detection. He built Patient Protect's security stack from first principles: AES-256-GCM session vault, fail2ban intrusion response, SMS 2FA, browser-fingerprinting defense. He speaks on the record about zero-trust design for practices without a CISO, BAA contract review, and threat modeling against actors pivoting from hospital systems to independent providers.

Word count: 75 · Version: 2026-07

Headshot of Angie Perrin, RDH

Angie Perrin, RDH

Chief Security Officer, Patient Protect · Certified HIPAA Consultant

Angie Perrin, RDH, is Chief Security Officer at Patient Protect and a Certified HIPAA Consultant. More than a decade in clinical dental practice — front desk, treatment room, sterilization suite — before moving into HIPAA operations. That working knowledge is where the platform's practitioner-facing content, workforce training, and remediation guidance is built. She consults directly with member practices on specialty-specific compliance across dental, behavioral health, and general medicine, and speaks on the practical workflows where independent practices actually break.

Word count: 75 · Version: 2026-07

Editorial stance

Vendor-neutral commentary — in writing.

Patient Protect leadership speaks on the record about the state of healthcare data breaches, business-associate concentration, and the economics of protected health information — including on topics where the answer favors a competitor, contradicts industry consensus, or reflects on our own product. Research is published under the Secure Care Research Institute, which is independently funded and states methods, data sources, and limitations in every publication.

We do not accept undisclosed compensation for editorial or research placement. Bylined commentary is available on request. Corrections issued publicly within one business day of confirmed error.

This stance is posted publicly and stands as our written commitment to editorial neutrality on research-track engagements.

Company

Key facts.

Founded

2015, Chicago, Illinois. Family-founded. Independently funded.

Leadership

  • Alexander Perrin — CEO, Founder
  • Joseph A. Perrin — CTO, Healthcare Infrastructure Architect
  • Angie Perrin, RDH — CSO, Certified HIPAA Consultant

Platform

  • 20 modules across 5 system layers
  • ~25 requirements satisfied at signup
  • $39–$99/month, no contracts

Free Tools

10 tools available to any practice. No login required. Includes risk assessment, breach dashboard, compliance checklist, entity determination, and more.

Signal App

Free iOS app. Breach dashboard, compliance scorecard, AI assistant. No login, no data collection. Available on the App Store.

Research

Secure Care Research Institute (est. 2024). Two published papers. 1,423 breaches analyzed. 60+ sources cited.

Boilerplate

Patient Protect is a security-first HIPAA compliance platform for independent healthcare practices — dental offices, medical practices, behavioral health clinics, chiropractic offices, physical therapy centers, and optometry practices. Founded in Chicago in 2015, Patient Protect replaces static compliance exercises with continuous monitoring, automated risk assessments, encrypted communication, staff training, and breach simulation — starting at $39/month. The platform includes an on-premises AI assistant (PIPAA) with zero cloud exposure to protected health information.

For citation

Claims available for attribution.

Each of these is verifiable against the platform, published research, or public filings. We stand behind every one.

Enforcement-based HIPAA compliance platform built specifically for independent providers

On-premises AI assistant (PIPAA) — zero cloud model contact with PHI

~25 HIPAA requirements satisfied automatically at account creation, before a single click

~70% of HIPAA requirements covered within the first hour of onboarding

Pricing starts at $39/month with no contracts or setup fees

10 free tools available to any practice, no account required

Published two peer-distributed research papers under the Secure Care Research Institute, citing 60+ sources

Analysis of 19 competing HIPAA platforms (October 2025, updated April 2026) — the most comprehensive independent comparison in the market

Patient Protect Signal: free iOS app with breach dashboard, compliance scorecard, and AI assistant — no login, no data collection

Press contact.

For media inquiries, interview requests, or fact-checking.

info@patient-protect.com

We respond within one business day. Embargoed materials available on request.