Phase 1

Four playbooks for small clinical practices.

Twelve scenarios in the full library. Four shipped first because they cover the incidents we see most often in 1–25 provider practices.

Ransomware in the middle of a clinic day

EHR, scheduling, e-prescribing, eligibility, payment posting — all dark while the waiting room fills up. The first hour is patient safety, then operations, then the HIPAA clock.

Open

Your EHR or practice-management vendor was breached

Change Healthcare is the archetype. When the vendor is down or breached, the practice is still the covered entity in the eyes of OCR — and the patients still expect their refills.

Open

A laptop, tablet, phone, or USB with patient data is missing

If the device was encrypted and you can prove it, HIPAA's safe-harbor provision often means no breach notification. If you can't prove encryption, the law presumes a breach.

Open

The front desk's email account was taken over

Once inside, attackers send spoofed records requests, payroll-redirect emails to the practice administrator, and patient-impersonation messages aimed at controlled-substance refills.

Open

Coming in Phase 2: clearinghouse outage, patient portal takeover, insider snooping, telehealth platform compromise, medical-device incident, business associate breach, cyber-insurer & OCR response, EPCS controlled-substance compromise.