Mayo Clinic Sued Over Breach of Patient Health Records

View of the Mayo Clinic building in a city.
View of the Mayo Clinic building in a city.

Mayo Clinic is an American nonprofit academic medical center focused on integrated patient care, education, and research. This past week patients have filed class-action complaints against the Mayo Clinic, accusing the healthcare organization of violating the Minnesota Health Records Act. In a news release in October, Mayo Clinic said that a former employee had inappropriately accessed the health records of more than 1,600 patients. Now, multiple patients are seeking to have a class-action case declared against the clinic.

How Does This Effect Business- Long Term?

Every year, stats show that the majority of data breaches in healthcare are due to human error, and cybercriminals continue to exploit this weakness. Despite the statistics, many businesses are still lacking in providing adequate security awareness training for their employees.

What Can Healthcare Organizations Do to Protect Patient Data?

As a healthcare organization, you need to invest not just in firewalls and anti-malware tools but also in continued security awareness training for your staff. A few reasons why you want to invest in security awareness training for employees are:

  • Comply with HIPAA Compliance: Because employees have access to computer equipment or software containing PHI, the HIPAA security rule requires that you participate in HIPAA Security Awareness training to learn basic procedures on how to protect that information.
  • Develop a More Security-focused company culture: Empowering employees with training and knowledge across your entire organization helps instill good security habits throughout the company. Communicating with your staff on additional cybersecurity measures in place helps better protect you from a breach.
  • Prevent and Reduce Breaches, attacks, and downtime: Security awareness training helps educate your staff on how to spot a phishing attempt. Phishing attacks have increased by a massive 600% since the end of February, as bad actors seek to exploit the fear and uncertainty of the current moment.

Training should make all your employees feel responsible and accountable for the company’s cybersecurity. Everyone should ensure your organization does not suffer an attack due to human error. To achieve that, training should be continuous and regularly updated to account for the ever-evolving threats.

With Mayo Clinic in the news for this type of data breach, it puts all healthcare organizations on high alert. HIPAA Compliance is an ongoing process. As regulations and technologies change healthcare organizations need to ensure their systems are secure and your employees are trained to work with patient data. Our team of experts can partner with your organization to reduce the risk of you becoming a news headline for a data breach. If you are interested in learning more about how to stay HIPAA compliant, you can read more here or schedule a call with one of our cybersecurity professionals.

Corsica Technologies
Corsica Technologies is a strategic technology partner specializing in consulting and managed services. With an integrated team of experts in cybersecurity, IT services, AI solutions, digital transformation, EDI, and data integration, Corsica offers comprehensive coverage and unlimited service consumption for one predictable monthly price—whether fully managed or co-managed.

Related Cybersecurity and IT Reads

Managed IT Services for Healthcare - Corsica Technologies
Healthcare IT Support
George Anderson

Healthcare IT Services: Benefits, Best Practices, and More

Originally published February 25, 2025. Completely refreshed July 7, 2026. Healthcare organizations face unique challenges in terms of technology. From evolving cybersecurity threats to portability of medical records, the issues are complex, facing small and large providers alike. Many organizations

Read more
MFA fatigue attack - prevention & more
Cybersecurity
Clayton Mach

MFA Fatigue Attacks: Examples, Prevention, and More

For many years, traditional MFA (multifactor authentication) was effective in preventing account compromise due to stolen passwords. Unfortunately, that’s no longer the case. Cybercriminals now use MFA fatigue attacks, also known as prompt bombing or push bombing, to bypass the

Read more
What is patch management?
Cybersecurity
Garrett Wiesenberg

Patch Management 101: Tools, Processes, and More

Originally published September 9, 2025. Completely refreshed July 6, 2026. If you have digital systems, you need to manage patches for them. It’s that simple. Yet patch management is anything but simple. It’s a complex and challenging, and it never

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.

Ready to talk to an expert?

We’ll respond within 1 business day, or you can grab time on our calendar.