Recent HIPAA News

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by [...]

The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) [...]

Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United [...]

Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and [...]

A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows [...]

The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major [...]

The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for [...]

A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also [...]

Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. [...]

Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of [...]

In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks [...]

Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). [...]

Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the [...]

A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s [...]

The National Community Pharmacists Association (NCPA) and about 3 dozen healthcare companies in 22 U.S. states filed a lawsuit against Optum, Change Healthcare, and UnitedHealth Group related to its ransomware attack and data security breach [...]

In June 2024, 47 data breaches involving 500 and up healthcare records were reported to the HHS’ Office for Civil Rights (OCR). This is the lowest number of breaches from October 2023 to date. Data [...]

The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number [...]

The prosthetics and orthotics firm based in Jackson, TN known as Human Technology Inc., and its associates Murphy’s Orthopedic & Footcare, Greer Orthotics & Prosthetics, and Hi-Tech Prosthetics & Orthotics were impacted by a data [...]

Pennsylvania revised its data breach notification regulation, limiting the meaning of personal information, including the need to alert the state Attorney General, and the provision of credit monitoring services to victims of data breaches victims [...]

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has recommended the first federal workplace heat standard to safeguard millions of people in America from the health threats connected with exposure to intense [...]

The number of reported healthcare data breaches dropped to its lowest for the second month since October 2023. May had 51 data breaches with 500 and up breached healthcare records reported to OCR. This number [...]

SecurityScorecard gave the U.S. healthcare industry a B+ rating for cybersecurity during the first 6 months of 2024. This indicates that the industry is doing better in spite of the reported major breaches, including the [...]

Medication benefits management service provider A&A Services, also known as Sav-Rx, is facing a class action lawsuit because of a data breach that occurred in October 2023 affecting 2.8 million people. On or about October [...]

In 2022, a hacker accessed Medibank’s system, stole the personal and health data of 9.7 million people, and exposed the stolen files on the dark web. This Australian health insurance company has confirmed the ransomware [...]

Adventist Health has just reported that an unauthorized individual accessed the protected health information (PHI) of over 70,000 patients of Adventist Health Tulare in California. The security incident happened at its business associate, Signature Performance, [...]

The Health Sector Cyber Initiative of the Biden administration has partnered with Microsoft and Google to give critical access and rural hospitals free and discounted cybersecurity services. In 2023, the healthcare industry experienced more ransomware [...]

In July 2023, the LockBit ransomware group listed Panorama Eyecare on its data leak website and noted to have stolen 798 GB of files from the doctor-led management services provider based in Fort Collins, CO. [...]

The Los Angeles County Department of Mental Health suffered a phishing attack that allowed unauthorized access to the email account of an employee resulting in the compromise of protected health information (PHI) for 1,598 individuals. [...]

The Cybersecurity and Infrastructure Security Agency (CISA) included a critical vulnerability identified in the NextGen Healthcare Mirth Connect remote code execution to its Known Exploited Vulnerability (KEV) Catalog. Mirth Connect is a free software integration [...]

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) issued an alert warning the healthcare and public health (HPH) sector against business email compromise (BEC) attacks. This kind of spear [...]

Healthcare data breaches dropped by 43% month-over-month. There were 54 data breaches involving 500 and up records reported to the HHS’ Office for Civil Rights. The reported number of breaches this April is the lowest [...]

PHI Compromised in Redwood Coast Regional Center Cyberattack Social services organization Redwood Coast Regional Center based in Ukiah, CA offers services and assistance to children and adults who have developmental handicaps. It recently submitted a [...]

Federal Judge Dismisses CommonSpirit Health Data Breach Lawsuit Due to Not Enough Standing A federal court judge decided to dismiss a class action lawsuit versus CommonSpririt Health regarding its 2022 data breach because of the [...]

March had 93 healthcare data breach reports involving 500 or more records submitted to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The number of breaches increased by 50% from [...]

OctaPharma Plasma Donation Centers Closed While Investigating Ransomware Attack The Swiss pharmaceutical provider, Octapharma Plasma, experienced a cyberattack that impacted the systems at 190 plasma donation centers located in 35 U.S. states. Those donation centers [...]

MedData Pays $7 Million to Resolve Class Action Data Breach Lawsuit Revenue cycle management company MedData based in Spring, TX consented to pay $7 million to resolve a class action lawsuit associated with the breach [...]

Seattle Children’s Hospital Website Tracking Technology Lawsuit Dismissed with Prejudice A Washington court dismissed with prejudice the class action lawsuit filed against Seattle Children’s Hospital (SCH) concerning its usage of pixels and other tracking technologies [...]

The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in February dropped with 59 data breaches involving 500 and up records reported. The breaches [...]

Senator Mark R. Warner (D-VA) presented new legislation that will approve advance and faster payments to healthcare companies in case of a cyberattack. The new legislation was prompted by the ransomware attack on Change Healthcare, [...]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released updates on the guidance for entities covered by the Health Insurance Portability and Accountability Act (HIPAA) about online tracking technologies. The [...]

NSA Releases Guidance on Implementing Zero Trust to Restrict Lateral Movement The National Security Agency (NSA) has released guidance on implementing zero trust security to restrict lateral movement inside a network when a threat actor [...]

The Department of Health and Human Services (HHS) has reported the Blackcat ransomware attack on UnitedHealth Group-managed Change Healthcare in February 2024. The attack affected over 100 of Change Healthcare’s systems, which subsequently impacted the [...]

Feds Alerts Healthcare Industry Concerning ALPHV/Blackcat Ransomware Group A joint cybersecurity notification was given by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human [...]

Ransomware Attack on Maryland Psychotherapy Provider Ended in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) resolved the supposed Health Insurance Portability and Accountability Act (HIPAA) violations with [...]

January had 61 data breach reports involving 500 and up records submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a 22% month-over-month decrease in reported data breaches. [...]

California AG Accepts $5 Million Settlement with Quest Diagnostics Concerning Improper Disposal of Waste and Patient Information California Attorney General Rob Bonta has reported that a $5 million settlement with Quest Diagnostics has been approved [...]

U.S. Fertility Offers to Pay $5.75 Million Settlement of Class Action Data Breach Lawsuit U.S. Fertility LLC, which operates over 100 fertility clinics throughout the U.S., has offered to pay $5.75 million to resolve a [...]