In a recent Healthcare Risk Management piece on the surge in healthcare data breaches, Bill Dillon, chair of Gunster's Regulated Industries & Professions, warns that increasing incidents are creating “alert fatigue,” making staff less responsive just as threat actors grow more sophisticated and persistent. As Dillon explains, this complacency often opens the door to intrusions driven by phishing, spear phishing, and social engineering, with many incidents tracing back to a momentary human lapse rather than a purely technical flaw.
Dillon stresses that internal security awareness remains a critical line of defense. He notes that organizations investing in regular, practical training are seeing employees become more wary of phishing—often refusing to engage with suspicious attachments or unfamiliar senders. Still, Dillon underscores that “human vigilance is needed first,” and the only way to sustain it is to “keep driving it home with training” so employees and contractors recognize and resist evolving tactics before mistakes happen.
Bill Dillon formerly served as the firm's Tallahassee Office Managing Shareholder and is Board Certified by the Florida Bar as a specialist in the area of Healthcare law. He is also certified by the Health Care Compliance Association in the area of corporate compliance (CHC) and the International Association of Privacy Professionals as an Information Privacy Professional for the U.S. Section (CIPP/US). Bill focuses his practice on assisting healthcare providers and entities to adhere to the complex regulatory requirements of the healthcare sector. Additionally, he also advises on data privacy and security issues in both the healthcare and non-healthcare sectors.
