Most ePHI breaches come from one or two vulnerabilities: employee errors or loss/theft of a device. Employee errors occur when effective training is missing, and they fall victim to social engineering, for example, and allow the bad actors in. Another way ePHI is compromised is when a device, such as a laptop, tablet, or phone that has access to ePHI, is lost or stolen. This is a frequent occurrence. However, if all data is encrypted, then it will be unreadable, and therefore unusable. Current HIPAA regulations do not require encryption, but it is an accepted safeguard.