Recent HIPAA News
-
OB/GYN Clinics Mid-Atlantic Women’s Care and Physicians to Women, Inc. agreed to settle a class action lawsuit associated with a data breach in April 2023. Hackers acquired access to protected health information (PHI) stored by [...]
-
Healthcare Data Breach Report for May 2025
June 28, 2025May saw 60 reports of healthcare data breaches involving 500 and up individuals submitted to the HHS’ Office for Civil Rights (OCR), a bit lower than the monthly 12-month average of 57 data breaches. This [...] -
The U.S. House Committee on Oversight and Government Reform is looking at the national security and privacy risks associated with the sale of genetic testing firm 23andMe. The committee hearing showed the lawmakers’ worries regarding [...]
-
Comstar Pays $75,000 to Settle HIPAA Investigation
June 14, 2025The HHS’ Office for Civil Rights (OCR) has reported reaching a settlement with Comstar, LLC regarding an alleged non-compliance with the HIPAA Security Rule’s risk analysis requirement. This is the OCR’s 9th enforcement action associated [...] -
Akeela Inc. offers mental health and substance use disorder treatment services in Anchorage, AK. This healthcare provider recently agreed to resolve a class action lawsuit associated with a 2023 data breach that exposed the protected [...]
-
A big law enforcement operation has led to the shutdown of the system used for the DanaBot MaaS operation. This DanaBot banking Trojan and botnet malware is typically passed on through spam emails. It steals [...]
-
Healthcare Data Breach Report for April 2025
May 24, 2025April’s report of healthcare data breaches increased by 17.9% month-over-month, with 66 data breach reports involving 500 and up records submitted to the HHS’ Office for Civil Rights (OCR). This figure is higher than the [...] -
Integrated health system Robeson Health Care Corporation, based in Pembroke, North Carolina, has decided to resolve a class action lawsuit prompted by a cyberattack in February 2023. Allegedly, hackers breached the provider’s network, compromising the [...]
-
Healthcare Data Breach Report in March 2025
May 10, 2025According to breach reports submitted to the HHS’ Office for Civil Rights (OCR), healthcare data breaches is beginning to decrease. 2024 saw an average of 61 big healthcare data breaches per month. In the last [...] -
Incorporating HIPAA Penalties into Employee Training When training employees on HIPAA compliance, it is important to include clear information about potential penalties for violations. Staff should understand the importance of protecting patient health information (PHI) [...]
-
Yale New Haven Health System reported a data security incident that impacted over 5.5 million people. The data breach report submitted the HHS’ Office for Civil Rights shows that the protected health information (PHI) of [...]
-
Retina Group of Washington agreed to resolve a class action lawsuit associated with a data breach in March 2023 that resulted in the unauthorized access of the protected health information (PHI) of 455,935 persons. Retina [...]
-
Hacking Incidents Involving Oracle’s Obsolete Servers
April 17, 2025On April 7, 2025, Oracle mailed notifications to clients concerning a security incident reported in the news, stating that Oracle Cloud was not compromised. Oracle mentioned in the email notification that Oracle Cloud, also called [...] -
Hi-School Pharmacy, a drug store chain in Vancouver, WA has decided to resolve a class action lawsuit associated with a data breach in November 2023. The company will create a $600,000 settlement fund for class [...]
-
A growing number of cyber actors are targeting retailers, suppliers, and software companies, exploiting vulnerabilities to gain access to their systems. According to the latest SecurityScorecard report, about 35.5% of the 2024 data breaches were [...]
-
Healthcare Data Breach Report for February 2025
March 28, 2025February saw a 36% decline in healthcare data breaches, as the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) received 46 big healthcare data breach reports. Big data breaches refer to [...] -
An alert has been released concerning the Medusa ransomware-as-a-service (RaaS) group, which currently claims over 300 victims in critical infrastructure industries such as healthcare, manufacturing, and education. The group started operations in June 2021 as [...]
-
$200,000 Penalty Paid by Oregon Health & Science University for HIPAA Right of Access Violation
March 14, 2025The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued the second financial penalty for 2025 to settle a HIPAA Rules violation. Oregon Health & Science University (OHSU) was [...] -
In 2024, the healthcare sector was shaken by the Change Healthcare ransomware attack causing significant disruption to medical services throughout the country. The protected health information (PHI) of over 190 million people. As per Kroll, [...]
-
Healthcare Data Breach Report for January 2025
March 1, 2025In January, 66 big healthcare data breaches were reported by HIPAA-covered entities to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In the last 12 months, the average number of [...] -
Berry, Dunn, McNeil & Parker to Pay $7.25 Million to Settle Data Breach
February 20, 2025Berry, Dunn, McNeil & Parker, LLC (BerryDunn) opted to negotiate a class action lawsuit that claimed negligence for not stopping a data breach that impacted over 1.1 million people. BerryDunn has consented to set up [...] -
DOGE Given Access to Key CMS Systems
February 13, 2025The Department of Government Efficiency (DOGE) employees were given access to HHS Centers for Medicare and Medicaid Services (CMS) important payment and contracting systems to find options for enhancing productivity and to determine fraud and [...] -
Contec Identifies Vulnerability in CMS8000 Patient Monitors That Transmits Patient Data
February 6, 2025Contec Health discovered a remote code execution vulnerability along with a hidden backdoor in the software of its popular patient monitors, the Epsimed MN-120 patient monitors and Contec CMS8000 patient monitors. Cybersecurity and Infrastructure Security [...] -
Healthcare Data Breach Report for December 2024
January 30, 2025The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) only received 46 reports of data breaches involving 500 and up healthcare records in December. The small December total showed that since [...] -
Change Healthcare Substantially Completes Review of Data Stolen During Ransomware Attack
January 22, 2025It’s about 11 months after Change Healthcare’s network breach that resulted in the theft of data of approximately 100 million people, and encryption of files using ransomware. On January 14, 2025, Change Healthcare released information [...] -
OneBlood Notifies July 2024 Ransomware Attack Victims
January 15, 2025OneBlood, a Florida nonprofit blood donation organization reported on July 31, 2024 that it suffered a ransomware attack. The cyberattack resulted in the shutdown of its IT systems. The organization continued to collect, test, and [...] -
Nebraska’s Attorney General Mike Hilgers filed a lawsuit against Change Healthcare in relation to the ransomware attack it experienced on February 11, 2024. Change Healthcare had been targeted by a BlackCat/ALPHV ransomware group affiliate, who [...]
-
The U.S. Bureau of Labor Statistics has released its results of the 2023 National Census of Fatal Occupational Injuries. According to the census, workplace fatalities declined by 3.7% year-over-year. In 2023, 5,283 workplace fatalities occurred [...]
-
Healthcare Data Breach Report for November 2024
December 26, 2024In November 2024, healthcare data breaches increased by 15.3% month-over-month. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) received 68 data breach reports involving 500 and up healthcare records. This [...] -
RI Bridges System Breach Impacts Rhode Island Residents’ Data
December 18, 2024The data of hundreds of thousands of residents in Rhode Island were stolen during a cyberattack on the Rhode Island Bridges system. State residents use this online portal to get social services and medical insurance. [...] -
Puerto Rican Healthcare Clearinghouse Resolves Alleged HIPAA Violations
December 12, 2024The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opted to resolve the alleged HIPAA Privacy and Security Law violations with Inmediata Health Group, a healthcare clearinghouse in Puerto Rico. [...] -
October 2024 Healthcare Data Breach Report
December 6, 2024In October, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights received 57 reports of healthcare data breaches involving 500 and up records. Data breaches increased by 62.9% month-over-month from 35 [...] -
Signature Health Pays $16,131 to Settle OSHA Violation
November 27, 2024In April 2024, Signature Health mental health treatment facility based in Maple Heights, Ohio had an incident where a patient attacked a nurse. The patient continuously stabbed the staff using a knife he carried into [...] -
In July 2024, a federal jury found 34-year-old Trent James Russell guilty of unlawful access to the health data of Supreme Court Justice Ruth Bader Ginsburg when he was working as the coordinator of an [...]
-
Updated Security Risk Assessment Tool Announced by OCR
November 14, 2024The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) currently focuses its enforcement initiative on implementing the risk analysis requirements of the Security Management Standard under the HIPAA Security Law. OCR [...] -
South Dakota Plastic Surgery Practice Pays $500,000 HIPAA Penalty
November 7, 2024The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by [...] -
September 2024 Healthcare Data Breach Report
November 1, 2024The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) [...] -
Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United [...]
-
Active Exploitation of Critical Vulnerabilities in Fortinet and Veeam Backup & Replication
October 16, 2024Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and [...] -
Mass Exploited Critical Vulnerability in Zimbra Email Servers
October 10, 2024A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows [...] -
OSHA May Exempt Volunteer Fire Departments from the New Emergency Response Standard Requirements
October 2, 2024The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major [...] -
Healthcare Data Breach Report in August 2024
September 26, 2024The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for [...] -
Continuing Training of Nurses and HIPAA Compliance
September 19, 2024A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also [...] -
Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. [...]
-
Is Outlook HIPAA compliant?
September 10, 2024Yes, Outlook can be HIPAA compliant if used with Microsoft 365’s HIPAA-compliant plans, configured with proper security settings, and covered by a signed Business Associate Agreement (BAA). Outlook can be HIPAA compliant if configured properly and [...] -
Healthcare Data Breach Report for July 2024
September 4, 2024Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of [...] -
In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks [...]
-
IU Health Faces Privacy Lawsuit for HIPAA Violations
August 21, 2024Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). [...] -
Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the [...]
-
Average Cost of a Data Breach Rises Yearly Report
August 7, 2024A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s [...]