A July 2020 breach notification that details an email account take-over at medical billing provider Administrative Advantage revealed that there was a large range of personal health data accessible within an employee email account. The question of how it happened, and how many healthcare organizations were affected is not yet clear. But there are some important questions and issues to take note of in this story.

Why are small health clinics so vulnerable?

Often, small businesses do not have mature security programs that specify clear security requirements, let alone putting safeguards in place for how their suppliers secure data related to their business operations. In cases where suppliers are processing customer records such as billing, and especially sensitive data like healthcare information, the consequences can be severe.

When suppliers of health clinics do not have proper security measures in place, the first published data breach may be an indicator that many other organizations could be affected.


According to the HITECH Act, every business associate of HIPAA covered entities in the USA must have appropriate security safeguards in place. This is essential for ensuring proper protection of electronic health records.

In the case of this breach, there are indications that the breach may have exposed personal information of patients, including name, Social Security number, financial account information, driver’s license and/or state identification number, credit and/or debit card number, expiration date, and CVV number, date of birth, passport number, electronic signature information, username and password information, medical record number, Medicare number, Medicaid number, treatment location, diagnosis, health insurance information, lab results, and other medical treatment.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.

Blog / View All