Keynote speaker Frank Abagnale at the 2017 HIMSS Conference discusses breaches of data covered by HIPAA regulations.
https://arstechnica.com/security/2017/02/phish-me-if-you-can-frank-abagnale-says-tech-will-never-defeat-social-engineering/
Protecting yourself means:
- Not giving out information over the phone (even information that seems innocuous)
- Not falling victim to email phishing techniques
Chris Hadnagy, Author of Phishing Dark Waters--"The attacker doesn’t want to take the sexiest route. They want to take the easiest route. They don't care if it's a zero day exploit or some really sexy code. Back when software was much more vulnerable we saw a lot more attacks that involved hacking into software. Now software is more hardened, now the network is better protected, we see phone calls as the main vector for getting through,"
The U.S. government has declassified some of the training materials it uses internally to train governmental employees. I would suggest that you take some time to take the CyberAwareness challenge which takes about an hour and is a well-presented overview of common security threats. You paid for these training materials to be created – so I would suggest you claim your benefit.
http://iase.disa.mil/eta/Pages/online-catalog.aspx
(ed. note: I think the .mil sites should https, no?)