July '25 HIPAA Breaches: How to Secure PHI Across Your Ecosystem

Written By L Trotter II

TL;DR

Cyberattacks hit four healthcare orgs last month compromising everything from SSNs to 263 Gigs of medical records. If you're building a health tech platform, your product may not have been breached but your stakeholders are watching. In this post, I’ll walk through each breach, what likely went wrong, and give you leadership strategies to prevent the same thing from happening to your users’ data.

The Strategic Threat to Trust

Buyers don’t care whether the breach was your app, a vendor, or a regional hospital. They just want to know their data is safe.

If your product touches PHI in any way...EHR integrations, scheduling, billing, or patient engagement, security must be part your brand.

And when trust goes, customer retention goes with it.

Let’s look at what happened in July and how health tech leaders can prevent it.

#1 Western Montana Mental Health Center

Who were Affected: 86,758 individuals

Timeline: Breach in September 2024, reported July 2025

What Happened: An attack on WMMHC exposed names, SSNs, birth dates, driver’s license numbers, and full insurance and medical histories.

The Hidden Risk? A 10-month delay in public disclosure.

Your Prevention Strategy: Include a breach response requirements as part of your Incident Response plan. Every health tech company should have a documented plan that includes the following:

✅ Incident detection

✅ Legal escalation

✅ PR protocol

✅ HHS notification timelines

✅ Partner communication

Delays will worsen your reputational damage and could increase regulatory scrutiny.

👉 If you want to know how to tackle breach response and more, download our Advance HIPAA EXP Guide

#2 McKenzie Memorial Hospital

Who were Affected: ~54,000 patients

Timeline: Hack occurred April 2025, disclosed in July

What Happened: Network files were accessed in a hacking incident compromising PII and patient data.

The Hidden Risk? Flat network architecture is common in smaller orgs making lateral movement easy for hackers.

Your Prevention Strategy: Every health tech company should implement the following security controls across their on-premise or cloud infrastructures:

✅ Segment your network infrastructure

✅ Enforce least-privilege access

✅ Monitor for anomalous behavior with real-time alerts

✅ Log and alert access to critical files like EHR or PHI records

#3 Texas Digestive Specialists

Who were Affected: 41,521 patients

Timeline: Ransomware attack in May 2025

What Happened: The InterLock ransomware group stole and encrypted 263 GB of PHI. Federal agencies and the clinic are still investigating.

What’s the Hidden Risk? Third-party breach, files leaked on the dark web, and likely business interruption.

Your Prevention Strategy: Backups aren’t enough, test your recovery speed. Isolate backups and mirror production systems on a separate geo-graphic region that ransomware can’t reach.

👉 Our Advance HIPAA EXP Guide includes breach readiness questions you should be able to confidently answer. Grab your copy and verify your readiness now!

#4 Oregon Specialty Group

Who were Affected: 3,337 individuals

Timeline: Breach filed July 2025

What Happened: Sparse details, but this looks like a server-level compromise involving PHI. Notification is underway.

What’s the Hidden Risk? IT incidents at smaller clinics often go unmonitored for months. If your product integrates with these orgs, your risk surface just expanded.

Your Prevention Strategy: Ensure you have a breach response communication plan in place with your partners. Check user access to your integrations for old accounts and access activity on a routine basis, even for your small customers. No exceptions.

👉 Watch my video on the "Cybersecurity Pitfalls Crippling Clinics" for Prevention Tips

Leadership Takeaways

Across all four breaches, here’s what we’re seeing:

✅ Delays in breach reporting

✅ Third-party risk from under-resourced clinics

✅ Lack of readiness to respond under HIPAA timelines

✅ Gaps in Disaster Recovery

If your product connects to any of these organization or ones that look like them, you’re not immune!

👉 And if you're not sure where your current blind spots are...Start here

Let’s Talk

How are you talking about security with your board or buyers?

Drop a comment!

L Trotter II

As Founder and CEO of Inherent Security, Larry Trotter II is responsible for defining the mission and vision of the company, ensuring execution aligns with the business purpose. Larry has transformed Inherent Security from a consultancy to a cybersecurity company through partnerships and expert acquisitions. Today the company leverages its healthcare and government expertise to accelerate compliance operation for clients.

Larry has provided services for 12 years across the private industry developing security strategies and managing security operations for Fortune 500 companies and healthcare organizations. He is influential business leader who can demonstrate the value proposition of security and its direct link to customers.

Larry graduated from Old Dominion University with a bachelor’s degree in Business Administration with a focus on IT and Networking. Larry has accumulated certifications such as the CISM, ISO27001 Lead Implementer, GCIA and others. He serves on the Board of Directors for the MIT Enterprise Forum DC and Baltimore.

https://www.inherentsecurity.com
Next

Healthcare Just Became a Bigger National Cyber Priority: What That Means for You