It couldn’t happen to us.
I doubt anyone still feels that a HIPAA breach is impossible in their organization. Results speak louder than words.
A quick search reveals that every year there is a large number of breaches in the US. There is no doubt these organizations know the threat of HIPAA breaches have taken some number of steps to protect against a breach but there is always more that could have been done to reduce/eliminate the exposure.