Phishing got a Tennessee hospice in hot water. Tighten up your employee training on HIPAA, or face potential embarrassment over even minor breaches. An example: “An unauthorized actor(s) gained access to two Alive Hospice employee email accounts” through phishing scams, the Nashville, Tennessee-based provider says in a breach notice on its website. An inquiry using third-party forensic investigators “determined the unauthorized activity began on or around December 20, 2017, for one user and on or around April 5, 2018, for the other user.” The accounts contained a variety of patients’ protected health information, although there’s no evidence that PHI was accessed. One employee had repeat problems with the phishing scenario, Alive reveals. On July 13, Alive Hospice began mailing notice letters to individuals who may have been affected by this incident, it says. Alive is offering potentially impacted individuals access to credit monitoring and identity restoration services for one year without charge. “While Alive Hospice already has stringent security measures in place to protect information in its systems, Alive Hospice is also implementing additional safeguards to protect the security of information,” the provider says in its notice.