The health data breach landscape remained tumultuous in January, with almost an equal number of hacking and insider-related incidents. Of note, hacking incidents affected significantly more patient records, due largely to one particular breach that affected 59% of the total number of breached patient records this past month. Additionally, in a recent ruling, the HHS Office for Civil Rights (OCR) levied a $3.5 million fine to a healthcare provider after five separate breach incidents at various locations. OCR found that the organization had failed to conduct a risk analysis of possible threats and vulnerabilities to patient data as well as failed to implement policy and procedures to address security incidents and govern how electronic PHI should be moved in and out of the facilities. OCR and the healthcare organization have agreed to a corrective plan to overhaul the organization’s security measures and risk management plan. This ruling highlights, once again, the necessity for healthcare organizations to educate their employees on proper protocols for handling patient data and to gain full visibility into every access into their EHR in order to mitigate and even prevent these incidents from occurring.