healthcare breach

Health Breach of Email Affects Behavioral Health Organization


March 13, 2021 | Reading Time: 2 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

On February 26, 2021, Summit Behavioral Healthcare, LLC announced that they had suffered an email healthcare breach. Summit discovered the email breach when they noticed suspicious activity in two employee email accounts.

Upon investigation into the incident, it was found that the employee email accounts contained protected health information (PHI) that may have been compromised by the healthcare breach. PHI potentially accessed by the unauthorized party included patient names, Social Security numbers, diagnosis or symptom information, treatment information, prescription information, health insurance numbers, medical history, financial account information, Medicaid / Medicare identification numbers, and health care provider information.

Although Summit has not yet disclosed how many patients were affected by the healthcare breach, affected patients were sent breach notification letters. To prevent a similar incident from affecting your behavioral health practice, how to prevent an email breach is discussed.

How to Prevent a Healthcare Breach

Email breaches, also referred to as phishing incidents, have become more prevalent in the healthcare space. These types of incidents have become so frequent that the FBI issued a warning to healthcare organizations late last year.

  • The best way to prevent sensitive data from being accessed, in the event that an employee’s email account is accessed by an unauthorized party, is encryption. Encryption masks sensitive data by converting it to a format that can only be read with a decryption key. This way, if the account is accessed by an unauthorized individual, they will be unable to read the data. It is important to note, however, that email subject lines cannot be encrypted, so PHI should never be contained in an email subject line.
  • Employee Training. The majority of email breaches occur due to employee error. This can occur if an employee accidentally sends an email containing PHI to the wrong recipient (another reason why encryption is recommended) or if an employee falls victim to a phishing attempt. Training employees on how to recognize a phishing email is often your best defense against these incidents. Although hackers have become more sophisticated in drafting phishing emails, there are key indicators that an email is a phishing attempt. This includes poorly written emails, receiving an unsolicited email attachment, an email that asks for personal information (especially login credentials), an email that forces you to a website, or an email claiming to be from a company with an email address lacking the company’s domain name (i.e. an email coming from instead of

HIPAA Resources

Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Topics

You May Also Like…