Nashville, Tenn.—(Feb. 27, 2017) Since 2015, data breaches have risen 40 percent, according to the Identity Theft Resource Center, and it appears that Nashville’s own Vanderbilt University Medical Center (VUMC) is not immune. As reported recently in the Tennessean, VUMC experienced at least one type of breach discovered during its migration to a new system, and as result, the center is now sending out notices to more than 3,000 patients. In addition, Cloudflare, a cloud-based services company, was recently exploited, causing several big companies, like Uber, Yelp, and Fitbit to be affected.

“There are almost daily news reports of compromised personal information leaking from various sources, such as the big Verizon breach, and before that, it was the huge Yahoo disclosure,” said Julie-Karel Elkin, partner at Spicer Rudstrom PLLC who heads up the firm’s Health Data practice.

“Now we have the Vanderbilt issue on top of the ‘cloud bleed’ disaster at Cloudflare, where an ‘internal bug’ caused a breach to tens of thousands of customer records. Unfortunately, most people just don’t want to think about it, and they convince themselves it’s only happening to someone else. It is a real problem facing businesses and customers. No business wants a data leak, but that is what is going to happen if we don’t take a look at our own practices and protect our clients.”

Elkin notes that HIPAA and data security issues are not going away but that they can be successfully managed with the right tools and a good system. Each and every entity that obtains personal health information or personally identifiable information should have someone who knows what they are doing check their systems. A health and data security expert can easily identify vulnerabilities and recommend common sense measures to help any business secure its data from both internal and external threats.


Julie-Karel Elkin is an experienced litigator who has worked with some of the nation’s largest insurance companies, independent businesses, and personal claims. Focusing on negligence and regulatory claims, torts, contract disputes, mediation, and administrative processes, she is uniquely qualified to address all aspects of health data needs. She is the head of Spicer Rudstrom’s Health Data practice in the firm’s Nashville office.