Recent HIPAA News

On April 7, 2025, Oracle mailed notifications to clients concerning a security incident reported in the news, stating that Oracle Cloud was not compromised. Oracle mentioned in the email notification that Oracle Cloud, also called [...]

Hi-School Pharmacy, a drug store chain in Vancouver, WA has decided to resolve a class action lawsuit associated with a data breach in November 2023. The company will create a $600,000 settlement fund for class [...]

A growing number of cyber actors are targeting retailers, suppliers, and software companies, exploiting vulnerabilities to gain access to their systems. According to the latest SecurityScorecard report, about 35.5% of the 2024 data breaches were [...]

February saw a 36% decline in healthcare data breaches, as the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) received 46 big healthcare data breach reports. Big data breaches refer to [...]

An alert has been released concerning the Medusa ransomware-as-a-service (RaaS) group, which currently claims over 300 victims in critical infrastructure industries such as healthcare, manufacturing, and education. The group started operations in June 2021 as [...]

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued the second financial penalty for 2025 to settle a HIPAA Rules violation. Oregon Health & Science University (OHSU) was [...]

In 2024, the healthcare sector was shaken by the Change Healthcare ransomware attack causing significant disruption to medical services throughout the country. The protected health information (PHI) of over 190 million people. As per Kroll, [...]

In January, 66 big healthcare data breaches were reported by HIPAA-covered entities to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In the last 12 months, the average number of [...]

Berry, Dunn, McNeil & Parker, LLC (BerryDunn) opted to negotiate a class action lawsuit that claimed negligence for not stopping a data breach that impacted over 1.1 million people. BerryDunn has consented to set up [...]

The Department of Government Efficiency (DOGE) employees were given access to HHS Centers for Medicare and Medicaid Services (CMS) important payment and contracting systems to find options for enhancing productivity and to determine fraud and [...]

Contec Health discovered a remote code execution vulnerability along with a hidden backdoor in the software of its popular patient monitors, the Epsimed MN-120 patient monitors and Contec CMS8000 patient monitors. Cybersecurity and Infrastructure Security [...]

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) only received 46 reports of data breaches involving 500 and up healthcare records in December. The small December total showed that since [...]

It’s about 11 months after Change Healthcare’s network breach that resulted in the theft of data of approximately 100 million people, and encryption of files using ransomware. On January 14, 2025, Change Healthcare released information [...]

OneBlood, a Florida nonprofit blood donation organization reported on July 31, 2024 that it suffered a ransomware attack. The cyberattack resulted in the shutdown of its IT systems. The organization continued to collect, test, and [...]

Nebraska’s Attorney General Mike Hilgers filed a lawsuit against Change Healthcare in relation to the ransomware attack it experienced on February 11, 2024. Change Healthcare had been targeted by a BlackCat/ALPHV ransomware group affiliate, who [...]

The U.S. Bureau of Labor Statistics has released its results of the 2023 National Census of Fatal Occupational Injuries. According to the census, workplace fatalities declined by 3.7% year-over-year. In 2023, 5,283 workplace fatalities occurred [...]

In November 2024, healthcare data breaches increased by 15.3% month-over-month. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) received 68 data breach reports involving 500 and up healthcare records. This [...]

The data of hundreds of thousands of residents in Rhode Island were stolen during a cyberattack on the Rhode Island Bridges system. State residents use this online portal to get social services and medical insurance. [...]

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opted to resolve the alleged HIPAA Privacy and Security Law violations with Inmediata Health Group, a healthcare clearinghouse in Puerto Rico. [...]

In October, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights received 57 reports of healthcare data breaches involving 500 and up records. Data breaches increased by 62.9% month-over-month from 35 [...]

In April 2024, Signature Health mental health treatment facility based in Maple Heights, Ohio had an incident where a patient attacked a nurse. The patient continuously stabbed the staff using a knife he carried into [...]

In July 2024, a federal jury found 34-year-old Trent James Russell guilty of unlawful access to the health data of Supreme Court Justice Ruth Bader Ginsburg when he was working as the coordinator of an [...]

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by [...]

The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) [...]

Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United [...]

Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and [...]

A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows [...]

The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major [...]

The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for [...]

A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also [...]

Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. [...]

Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of [...]

In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks [...]

Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). [...]

Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the [...]

A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s [...]

The National Community Pharmacists Association (NCPA) and about 3 dozen healthcare companies in 22 U.S. states filed a lawsuit against Optum, Change Healthcare, and UnitedHealth Group related to its ransomware attack and data security breach [...]

In June 2024, 47 data breaches involving 500 and up healthcare records were reported to the HHS’ Office for Civil Rights (OCR). This is the lowest number of breaches from October 2023 to date. Data [...]

The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number [...]

The prosthetics and orthotics firm based in Jackson, TN known as Human Technology Inc., and its associates Murphy’s Orthopedic & Footcare, Greer Orthotics & Prosthetics, and Hi-Tech Prosthetics & Orthotics were impacted by a data [...]

Pennsylvania revised its data breach notification regulation, limiting the meaning of personal information, including the need to alert the state Attorney General, and the provision of credit monitoring services to victims of data breaches victims [...]

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has recommended the first federal workplace heat standard to safeguard millions of people in America from the health threats connected with exposure to intense [...]

The number of reported healthcare data breaches dropped to its lowest for the second month since October 2023. May had 51 data breaches with 500 and up breached healthcare records reported to OCR. This number [...]

SecurityScorecard gave the U.S. healthcare industry a B+ rating for cybersecurity during the first 6 months of 2024. This indicates that the industry is doing better in spite of the reported major breaches, including the [...]

Medication benefits management service provider A&A Services, also known as Sav-Rx, is facing a class action lawsuit because of a data breach that occurred in October 2023 affecting 2.8 million people. On or about October [...]

In 2022, a hacker accessed Medibank’s system, stole the personal and health data of 9.7 million people, and exposed the stolen files on the dark web. This Australian health insurance company has confirmed the ransomware [...]

Adventist Health has just reported that an unauthorized individual accessed the protected health information (PHI) of over 70,000 patients of Adventist Health Tulare in California. The security incident happened at its business associate, Signature Performance, [...]