News of a huge HIPAA settlement might make ABA business owners think, “That could never happen to me.” But the WellNow Urgent Care data breach is the perfect case study for why every ABA practice—big or small—needs to take the basics seriously.
What Happened?
On or around April 25, 2023, WellNow’s third-party billing vendor, Practicefirst, suffered a ransomware attack. Files were encrypted and the protected health information (PHI) of potentially tens of thousands of patients was compromised—names, addresses, Social Security numbers, dates of birth, medical and insurance info, and more. In response, a class action lawsuit was filed. The settlement...
Check Out Our Other Articles
ABA Business Weekly: HIPAA, M&A, and Turning the Tide in Special Ed - Live at 8AM Eastern today!
Turning the Tide: How ABA Leaders Can Rebuild Trust in Special Education
Navigating the 2025 ABA M&A Surge: What Ethical Practice Owners Need to Know
Ego Driven Hiring: A Wake-Up Call for ABA Business Owners
Waiving Co-Pays and the Power of Partnership - Live New Today at 8 AM Eastern
NASQN & 3 Pie Squared Partner to Empower Ethical ABA Practice Growth
When Discounts Cross the Line: What ABA Practice Owners Need to Know About Waiving Deductibles
Clarity, Capacity, and Efficiency with Silna
Chaos, Contracts & Chatbots: What’s Really Steering ABA? - Live news today - 8 AM Eastern in Facebook
The Contract Temptation: Why Classifying BCBAs as 1099s May Be a Risk for ABA Companies
When Systems Fail Quietly: Optum, Medicare Fraud, and the ABA Fallout We Can’t Ignore
Whose Hand Is on the Wheel? What a Reddit AI Experiment Means for the Future of Clinical Judgment in ABA
Finding Joy in the Journey
Two Truths and a Wake-Up Call: Medicaid Cuts, Treatment Intensity, and the Future of ABA - Live discussion today at 8 AM Eastern
The Real Impact of Medicaid Cuts on ABA Therapy: What Providers and Families Need to Know
Quality Is a Choice: What Treatment Intensity Says About Who We Are in ABA
3 Things We Thought Would Be Easier!
Celebrating Mothers (and Everyone Else Who Deserves a Break): 50% Off the ABA Business Leaders Platform This Weekend Only!
Experts, X-Rays, and Indiana Drama: Live discussion today at 9:00 AM Eastern
Who Gets to Speak in ABA—and What Does That Say About Us?
Indiana Is Back in the News: What ABA Providers Need to Know About the State’s Latest Push for Cost Controls
How Applied Behavior Analysis Can Improve Healthcare Systems
Dealing with workplace drama!
🧩 Trends, Truths & Turning Points: What’s Shaping Autism and Behavioral Health in 2025
Arkansas Mom Releases Powerful Children’s Book on Autism and Mealtime Struggles
“What are we really doing here?”: The Push to Standardize Quality in Autism Therapy
Behavioral Health Deal Volume Up 53% in Early 2025: What This Means for ABA Practices
The Growing Gap in Autism and IDD Care: Why the Industry Must Scale Ethically and Strategically
Should a BCBA Always Own the Clinic? Maybe Not.
Staff, Tariffs, and RFK Jr.: What ABA Companies Need to Know Right Now - Live today at 8 AM Eastern!
ABA Staff Turnover Is Still Out of Control — Here’s What the Data Says
How the New Tariffs Could Impact ABA Businesses (And What You Can Do About It)
RFK Jr.’s Autism Registry Proposal: Understanding the Implications for ABA Companies
How Margin Keepers Can Help You Master Payroll & Financial Planning
Quality over Quantity- Is more supervision always better?
Denials, Audits & Billing Headaches: ABA News Roundup – April 14, 2025
Nebraska Issues New ABA Medicaid Service Definitions Amid Federal Audit Scrutiny
Concerns Grow Over Insurance Misuse of Medically Unlikely Edits (MUEs) in ABA Therapy Denials
Federal Audit Finds $56 Million in Improper Medicaid Payments for ABA Therapy in Indiana
UnitedHealthcare’s Strategy to Limit ABA Therapy Raises Alarm in the Autism Community
It’s Time to Get Real: ABA Business Owner Burnout
From Policy Shifts to Legal Hits: ABA News Roundup – April 7, 2025 - Live event today at 11AM Eastern!
Texas Recognizes QABA® for Behavior Analyst Licensure
Maryland Clinic Settles HIPAA Violations After Ransomware Attack
New York’s Proposed Medicaid Cuts Raise Concerns for Autism Services
Massachusetts Expands ABA Therapy Coverage to Children with Down Syndrome
Indiana’s Updated Medicaid Policy for ABA Therapy: What You Need to Know
Expanding to a Clinic? Do this first!
From Big Deals to Big Trouble: ABA Business News - March 31, 2025
The truth behind the client and staff cancellations
Top ABA Headlines
Local Owner Highlight- When to scale your ABA Business
Understanding the journey- Improving caregiver relationships with Melanie Thurston
How Effective Bookkeeping Ensures Payroll Stability and Helps You Retain ABA Staff
The Importance of Bookkeeping Services for ABA Business Owners
Mastering Marketing – Local Outreach Done Right
How to Scale Your ABA Business
You Just Closed Your ABA Company... Now What?
Building the Future of Small ABA Businesses – Join Us in This Mission
Red Flags in ABA Service Providers
Coaching Session- Discussing Onboarding with a New Owner
Would You Rather: Hiring in ABA
Grow your own BCBAs vs. hiring- What you need to know
Aligning Leadership with Values: Behavioral Intelligence in ABA with Dr. Paul Gavoni
ABA Accreditation: Compliance or Commitment to Quality?
AI meets clinical decision making- Using AI to improve patient outcomes- with Amanda Ralston
Comprehensive Updates to ABA Practice Handbooks: Enhanced Policies, Compliance, and ACQ Standards Integration
Leadership in ABA: Building Values, Managing Relationships, and Driving Progress with Martin Myers
Leadership, transparency, and collaboration in ABA organizations, with Jennifer Heidt
Building Better Care; Public Policy and Staff Empowerment
Free RBT Training for Your ABA Team This Holiday Season!
Innovating ABA Practice with AI Solutions
How can we help? Using ACT with Meg Solomon.
Building Resilience in ABA Practices: Lessons in Staffing, Billing, and Growth
Flash Sale: 6 Months Free Access to Our ABA Business Leaders Training Platform for 25 Companies!
I Hate My Job: Exploring Real Solutions
I Hate My Job: Reaction to Posts
I Hate My Job: Real Stories of Ethical Dilemmas in ABA
Introducing the New ABA Business Leaders Training Platform
I Hate My Job: Voicing the Frustrations of ABA Professionals
Introducing Our New Self-Paced Courses: Revenue Cycle Management & Effective Hiring with Indeed
CPABA Conference: A Path Forward for the Field - Get a 10% Discount!
Empower & Thrive: Registration Extended Until October 7 - 50% off!
Exciting New Coaching Opportunity for 3 Pie Squared ABA Business Leaders!
Free Download! Discover Essential Tax Compliance Tips with MarginKeepers
Why Stephen is Excited About the CPABA Conference 2024 - Discount just for you! -
3 Pie Squared Partners with Happy Medium RBT to Offer a Revolutionary 40-Hour RBT Training
Maximizing Recruitment with Indeed: How to Find the Right Candidates Without Breaking the Bank
Empathetic Leadership in ABA: Supporting Our Techs
Five Weeks of Wisdom: Bite-Sized Insights from 3 Pie Squared
Introducing the ABA Business Leaders Training Platform
Free Download! Boost Your Established ABA Practice with MarginKeepers' Essential Accounting Tips
Inside the World of ABA Audits and Legal Guidance with Kim Mack Rosenberg, Esq.
Ethical Practices for ABA Testimonials and Reviews with Dr. Jon Bailey
Navigating Growth and Challenges in ABA Business with Alecia Barrett
For a limited time, buy any of our handbooks and get our Business Leaders Membership for 75% off!
Collaboration in ABA: Strengthening Connections Among ABA Business Owners
"I Hate My Job" Series Kickoff: Discussing Burnout and Unethical Practices in the ABA Field
Top Five Essentials for Your Company Policies
Discount Ends Tomorrow – Last Chance to Get 20% Off Our Comprehensive ABA Billing Training Series!
Mastering Digital Marketing for ABA Practices with Reece from Reputation Elevation
Navigating ABA Business Growth: Consultation with Alecia Barrett
Unlock Your Billing Potential: Our New ABA Billing Course and Free ABA Billing Tips!
Navigating Company Policies: A Blueprint for ABA Practices
Free Chart of Accounts: Optimize Your Bookkeeping with MarginKeepers
Safeguarding Integrity: Proactive Strategies to Mitigate Billing Fraud in ABA Therapy
Steering Clear of Fraud: Mastering Insurance Billing in ABA Practice
From Overwhelm to Strategy: The Journey of an ABA Business Leader
Beyond the Startup: Common Mistakes by Seasoned ABA Business Owners
Essential Elements of an Employee Handbook for ABA Practices
Don’t Do That!: Avoiding Common Missteps in Your ABA Practice
Pre-Hire Power: The Critical Importance of an Employee Handbook for ABA Practices
Integrating Art into ABA Therapy: A Conversation with Natasha Bouchillon
Why a Client Handbook is Crucial Before Starting ABA Services
🥧 Grab a Slice of Success: Pi Day Flash Sale! 🎉
Why Should I Get a Client Handbook Before I Start Seeing Clients?
Financial Insights for ABA Practices: Free Chart of Accounts from MarginKeepers!
Navigating Authentic Copywriting in ABA Services: Insights and Innovations
Big Changes to the Podcast!
Get Free Expert Consulting for Your ABA Business on Our Podcast – Apply Now!
Navigating the Credentialing Conundrum: Insights from ABA Leaders
Navigating ADA Compliance: Essential Insights for ABA Business Owners
Nurturing Success: The Interplay Between Company and Team Dynamics
🌟 Dive Into the World of Sleep with Dr. Emily Ice: A Podcast Episode Not to Miss 🌜
A little late but our update is here!
Maximizing Your ABA Practice’s Potential: The Power of Bookkeeping with MarginKeepers
33% Off ABA Business Leaders for the Next 25 People!
Client Hours Discussion with April, Mallory Stinger, and Jennifer Helton
Improving Quality Through Accreditation: A Discussion with Erick Dubuque, Director of ACQ
Optimize Your ABA Practice with the Case Load Utilization Tool - 50% until Friday!
Black Friday Special - Rate Negotiations 2.0 - Elevating Your Practice with Provider Rate Resources
Navigating Medical Necessity with Dan and Mike from ABA on Tap
Upcoming Podcast with Erick Dubuque, Director of ACQ & Exciting News on How We Can Help Companies Navigate This New Standard! 🌟🎙️
Partnering with MarginKeepers, Co.: A Game Changer for Your ABA Practice
Celebrate Canadian Thanksgiving with a Bang: 50% Off ABA Business Leaders Membership and Earn 33.5 CEUs!
Empowering Change: Insights from New BCBA Business Owners
Founding a Nonprofit Practice with Susan Habchy
ABA Business Amazon List
De-Stress & Avoid ABA Burnout with a Relaxing Post-Work Routine
Three Common Struggles of a New ABA Practice
Benefits of Outsourcing with 3 Pie Squared
Why 3 Pie Squared
The Essential List for a Successful Business
2019 Satisfaction Survey results
The Cost of RBT Turnover
What You Need to Know About HIPAA
Podcast with Dr. Becca Tagg
Run Your Therapy Business Like a Well-Oiled Machine!
How to Grow Your Practice
has received preliminary court approval, and the final hearing is set for August 15, 2025. Payments to affected individuals will be made within 75 days of final approval, and anyone wanting to opt out or file a claim must do so by July 11, 2025. You can find full details on the settlement website:https://wellnowdatasecuritysettlement.com/
The Real Lesson for ABA Practice Owners
The specifics might sound technical, but the risks are painfully ordinary:
- A routine vendor relationship.
- Malware/ransomware attack—often triggered by a single click on a phishing email.
- Missing, outdated, or incomplete Business Associate Agreements (BAAs).
- No ironclad system for checking the security and HIPAA-readiness of every vendor who handles client data.
You don’t need to be a giant chain to get caught in this trap. If you’re an ABA business owner, every EHR, billing company, scheduling tool, or cloud service you use is a potential vulnerability. And regulators, courts, and your clients expect you to have those BAAs and security checks in place, every single time.
What Does This Mean for ABA Businesses?
- Legal and Financial Exposure: Fines, lawsuits, and settlements don’t just happen to giant companies. Even a small breach can put an ABA startup out of business.
- Reputation at Risk: One breach can damage years of trust with families and school partners—especially when your whole mission is about helping vulnerable kids.
- Everyday Actions Matter: The “little stuff”—making sure you actually have a current BAA, not clicking on a sketchy email link, updating your HIPAA manual, and confirming that staff (and vendors) are trained—often makes the biggest difference.
What Should You Do Right Now?
- Audit Your Vendor List: Who has access to your client or billing data? Does every one of them have a signed, current BAA on file?
- Review Your HIPAA Policy Manual: If you’re still using a generic download from years ago, it’s time to upgrade to something ABA-specific and current.
- Train (and Retrain) Your Staff: Everyone on your team—including your BCBAs, billing people, and techs—needs to know how to spot phishing, use secure communications, and handle PHI safely.
- Partner with True Experts: We’re now working with a HIPAA consultant who understands the realities of ABA and healthcare. Even better, 3 Pie Squared clients get an exclusive 10% discount for any consulting engagement.
How We Can Help (and Why You Don’t Have to Do This Alone)
Staying on top of HIPAA is tough, but you don’t have to figure it out by yourself. We now offer dedicated HIPAA Consultation services—whether you need help setting up Microsoft 365 or Google Workspace for HIPAA compliance, want a thorough risk assessment, or need advice on vendor management and BAAs.
Our ABA-specific HIPAA Policy Manual is built for today’s practice. It includes:
- A full risk assessment template
- A BAA template you can use with any vendor
- Comprehensive staff training modules
- State privacy law summaries, so you’re covered beyond just federal requirements
If you want expert guidance (and to take advantage of our new 10% discount for all 3 Pie Squared customers), you can book a HIPAA consult with our partner anytime. Book here: https://3piesquared.com/stephen-booking-page
Find out more about the HIPAA Policy Manual here: https://3piesquared.com/productDetails/hipaa_policy_manual
Sources
- Full settlement details and key dates: https://wellnowdatasecuritysettlement.com/
- HIPAA Journal article on the WellNow breach and settlement: https://www.hipaajournal.com/wellnow-urgent-care-data-breach-settlement/
