HIPAA News

OB/GYN Clinics Mid-Atlantic Women’s Care and Physicians to Women, Inc. agreed to settle a class action lawsuit associated with a data breach in April 2023. Hackers acquired access to protected health information (PHI) stored by […]

May saw 60 reports of healthcare data breaches involving 500 and up individuals submitted to the HHS’ Office for Civil Rights (OCR), a bit lower than the monthly 12-month average of 57 data breaches. This […]

The U.S. House Committee on Oversight and Government Reform is looking at the national security and privacy risks associated with the sale of genetic testing firm 23andMe. The committee hearing showed the lawmakers’ worries regarding […]

The HHS’ Office for Civil Rights (OCR) has reported reaching a settlement with Comstar, LLC regarding an alleged non-compliance with the HIPAA Security Rule’s risk analysis requirement. This is the OCR’s 9th enforcement action associated […]

Akeela Inc. offers mental health and substance use disorder treatment services in Anchorage, AK. This healthcare provider recently agreed to resolve a class action lawsuit associated with a 2023 data breach that exposed the protected […]

A big law enforcement operation has led to the shutdown of the system used for the DanaBot MaaS operation. This DanaBot banking Trojan and botnet malware is typically passed on through spam emails. It steals […]

April’s report of healthcare data breaches increased by 17.9% month-over-month, with 66 data breach reports involving 500 and up records submitted to the HHS’ Office for Civil Rights (OCR). This figure is higher than the […]

Integrated health system Robeson Health Care Corporation, based in Pembroke, North Carolina, has decided to resolve a class action lawsuit prompted by a cyberattack in February 2023. Allegedly, hackers breached the provider’s network, compromising the […]

According to breach reports submitted to the HHS’ Office for Civil Rights (OCR), healthcare data breaches is beginning to decrease. 2024 saw an average of 61 big healthcare data breaches per month. In the last […]

Yale New Haven Health System reported a data security incident that impacted over 5.5 million people. The data breach report submitted the HHS’ Office for Civil Rights shows that the protected health information (PHI) of […]

Retina Group of Washington agreed to resolve a class action lawsuit associated with a data breach in March 2023 that resulted in the unauthorized access of the protected health information (PHI) of 455,935 persons. Retina […]

On April 7, 2025, Oracle mailed notifications to clients concerning a security incident reported in the news, stating that Oracle Cloud was not compromised. Oracle mentioned in the email notification that Oracle Cloud, also called […]

Hi-School Pharmacy, a drug store chain in Vancouver, WA has decided to resolve a class action lawsuit associated with a data breach in November 2023. The company will create a $600,000 settlement fund for class […]

A growing number of cyber actors are targeting retailers, suppliers, and software companies, exploiting vulnerabilities to gain access to their systems. According to the latest SecurityScorecard report, about 35.5% of the 2024 data breaches were […]

February saw a 36% decline in healthcare data breaches, as the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) received 46 big healthcare data breach reports. Big data breaches refer to […]

An alert has been released concerning the Medusa ransomware-as-a-service (RaaS) group, which currently claims over 300 victims in critical infrastructure industries such as healthcare, manufacturing, and education. The group started operations in June 2021 as […]

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued the second financial penalty for 2025 to settle a HIPAA Rules violation. Oregon Health & Science University (OHSU) was […]

In 2024, the healthcare sector was shaken by the Change Healthcare ransomware attack causing significant disruption to medical services throughout the country. The protected health information (PHI) of over 190 million people. As per Kroll, […]

In January, 66 big healthcare data breaches were reported by HIPAA-covered entities to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In the last 12 months, the average number of […]

Berry, Dunn, McNeil & Parker, LLC (BerryDunn) opted to negotiate a class action lawsuit that claimed negligence for not stopping a data breach that impacted over 1.1 million people. BerryDunn has consented to set up […]

The Department of Government Efficiency (DOGE) employees were given access to HHS Centers for Medicare and Medicaid Services (CMS) important payment and contracting systems to find options for enhancing productivity and to determine fraud and […]

Contec Health discovered a remote code execution vulnerability along with a hidden backdoor in the software of its popular patient monitors, the Epsimed MN-120 patient monitors and Contec CMS8000 patient monitors. Cybersecurity and Infrastructure Security […]

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) only received 46 reports of data breaches involving 500 and up healthcare records in December. The small December total showed that since […]

It’s about 11 months after Change Healthcare’s network breach that resulted in the theft of data of approximately 100 million people, and encryption of files using ransomware. On January 14, 2025, Change Healthcare released information […]

OneBlood, a Florida nonprofit blood donation organization reported on July 31, 2024 that it suffered a ransomware attack. The cyberattack resulted in the shutdown of its IT systems. The organization continued to collect, test, and […]

Nebraska’s Attorney General Mike Hilgers filed a lawsuit against Change Healthcare in relation to the ransomware attack it experienced on February 11, 2024. Change Healthcare had been targeted by a BlackCat/ALPHV ransomware group affiliate, who […]

The U.S. Bureau of Labor Statistics has released its results of the 2023 National Census of Fatal Occupational Injuries. According to the census, workplace fatalities declined by 3.7% year-over-year. In 2023, 5,283 workplace fatalities occurred […]

In November 2024, healthcare data breaches increased by 15.3% month-over-month. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) received 68 data breach reports involving 500 and up healthcare records. This […]

The data of hundreds of thousands of residents in Rhode Island were stolen during a cyberattack on the Rhode Island Bridges system. State residents use this online portal to get social services and medical insurance. […]

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opted to resolve the alleged HIPAA Privacy and Security Law violations with Inmediata Health Group, a healthcare clearinghouse in Puerto Rico. […]

In October, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights received 57 reports of healthcare data breaches involving 500 and up records. Data breaches increased by 62.9% month-over-month from 35 […]

In April 2024, Signature Health mental health treatment facility based in Maple Heights, Ohio had an incident where a patient attacked a nurse. The patient continuously stabbed the staff using a knife he carried into […]

In July 2024, a federal jury found 34-year-old Trent James Russell guilty of unlawful access to the health data of Supreme Court Justice Ruth Bader Ginsburg when he was working as the coordinator of an […]

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made a decision regarding its investigation of a South Dakota plastic surgery practice’s ransomware attack. This is the sixth ransomware investigation by […]

The number of healthcare data breaches in September is the lowest since May 2020. Only 34 data breach reports involving 500 and up records were submitted to the Department of Health and Human Services (HHS) […]

Censys, a company that provides an Internet intelligence platform for threat hunting and attack surface management, discovered thousands of IP addresses that leak medical devices and systems online, 49% of which are from the United […]

Cybercriminals are taking advantage of a critical vulnerability with a CVSS severity score of 9.8 identified in Veeam Backup & Replication software. The software is designed for data backup and recovery across virtual, physical, and […]

A critical vulnerability tracked as CVE-2024-45519 with a CVSS base score of 9.8, has been identified in Zimbra’s email servers, exposing the servers to remote code execution and full server compromise. Exploiting the vulnerability allows […]

The Occupational Safety and Health Administration (OSHA) has addressed growing concerns regarding its proposal on the Emergency Response Standard and the potential challenges it could present for volunteer fire departments. Because of terrorist incidents, major […]

The number of large healthcare data breaches in August slightly increased. There were 49 data breaches involving 500 or more healthcare records reported to the U.S. Department of Health and Human Services (HHS) Office for […]

A recent American Association of Colleges of Nursing (AACN) meeting discussed the growing number of citations and sanctions against nurses for their Health Insurance Portability and Accountability Act (HIPAA) violations while providing care. Discussions also […]

Acadian Ambulance Service based in Louisiana is sending notifications to individuals impacted by a cyberattack and data breach. According to the Daixin Team, they had stolen 10 million unique records from the private ambulance service. […]

Large healthcare data breaches have reached an 18-month low after going down for the fourth consecutive month. In July 2024, 43 breach reports involving 500 and up records were submitted to the U.S. Department of […]

In the cybersecurity newsletter published in August 2024, OCR emphasized that physical security measures like facility access controls, are important for HIPAA Security Rule compliance. HIPAA-regulated entities should not treat these measures as mere tasks […]

Indiana Attorney General Todd Rokita has filed a privacy lawsuit against IU Health and its Associates for alleged violations of the Indiana Deceptive Consumer Sales Act and the Health Insurance Portability and Accountability Act (HIPAA). […]

Supreme Court Justice Ruth Bader of Ginsburg found an organ transplant coordinator guilty of unlawfully accessing medical information and removing proof but was found not guilty on the charge of posting a copy of the […]

A data breach’s average cost has increased to $4.88 million; critical infrastructure entities have the highest breach costs. The most expensive breaches involved healthcare companies. Healthcare data breach costs dropped by 10.6% year-over-year with 2023’s […]

The National Community Pharmacists Association (NCPA) and about 3 dozen healthcare companies in 22 U.S. states filed a lawsuit against Optum, Change Healthcare, and UnitedHealth Group related to its ransomware attack and data security breach […]

In June 2024, 47 data breaches involving 500 and up healthcare records were reported to the HHS’ Office for Civil Rights (OCR). This is the lowest number of breaches from October 2023 to date. Data […]

The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number […]

The prosthetics and orthotics firm based in Jackson, TN known as Human Technology Inc., and its associates Murphy’s Orthopedic & Footcare, Greer Orthotics & Prosthetics, and Hi-Tech Prosthetics & Orthotics were impacted by a data […]

Pennsylvania revised its data breach notification regulation, limiting the meaning of personal information, including the need to alert the state Attorney General, and the provision of credit monitoring services to victims of data breaches victims […]

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has recommended the first federal workplace heat standard to safeguard millions of people in America from the health threats connected with exposure to intense […]

The number of reported healthcare data breaches dropped to its lowest for the second month since October 2023. May had 51 data breaches with 500 and up breached healthcare records reported to OCR. This number […]

SecurityScorecard gave the U.S. healthcare industry a B+ rating for cybersecurity during the first 6 months of 2024. This indicates that the industry is doing better in spite of the reported major breaches, including the […]

Medication benefits management service provider A&A Services, also known as Sav-Rx, is facing a class action lawsuit because of a data breach that occurred in October 2023 affecting 2.8 million people. On or about October […]

In 2022, a hacker accessed Medibank’s system, stole the personal and health data of 9.7 million people, and exposed the stolen files on the dark web. This Australian health insurance company has confirmed the ransomware […]

Adventist Health has just reported that an unauthorized individual accessed the protected health information (PHI) of over 70,000 patients of Adventist Health Tulare in California. The security incident happened at its business associate, Signature Performance, […]

The Health Sector Cyber Initiative of the Biden administration has partnered with Microsoft and Google to give critical access and rural hospitals free and discounted cybersecurity services. In 2023, the healthcare industry experienced more ransomware […]

In July 2023, the LockBit ransomware group listed Panorama Eyecare on its data leak website and noted to have stolen 798 GB of files from the doctor-led management services provider based in Fort Collins, CO. […]

The Los Angeles County Department of Mental Health suffered a phishing attack that allowed unauthorized access to the email account of an employee resulting in the compromise of protected health information (PHI) for 1,598 individuals. […]

The Cybersecurity and Infrastructure Security Agency (CISA) included a critical vulnerability identified in the NextGen Healthcare Mirth Connect remote code execution to its Known Exploited Vulnerability (KEV) Catalog. Mirth Connect is a free software integration […]

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) issued an alert warning the healthcare and public health (HPH) sector against business email compromise (BEC) attacks. This kind of spear […]

Healthcare data breaches dropped by 43% month-over-month. There were 54 data breaches involving 500 and up records reported to the HHS’ Office for Civil Rights. The reported number of breaches this April is the lowest […]

PHI Compromised in Redwood Coast Regional Center Cyberattack Social services organization Redwood Coast Regional Center based in Ukiah, CA offers services and assistance to children and adults who have developmental handicaps. It recently submitted a […]

Federal Judge Dismisses CommonSpirit Health Data Breach Lawsuit Due to Not Enough Standing A federal court judge decided to dismiss a class action lawsuit versus CommonSpririt Health regarding its 2022 data breach because of the […]

March had 93 healthcare data breach reports involving 500 or more records submitted to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The number of breaches increased by 50% from […]

OctaPharma Plasma Donation Centers Closed While Investigating Ransomware Attack The Swiss pharmaceutical provider, Octapharma Plasma, experienced a cyberattack that impacted the systems at 190 plasma donation centers located in 35 U.S. states. Those donation centers […]

MedData Pays $7 Million to Resolve Class Action Data Breach Lawsuit Revenue cycle management company MedData based in Spring, TX consented to pay $7 million to resolve a class action lawsuit associated with the breach […]

Seattle Children’s Hospital Website Tracking Technology Lawsuit Dismissed with Prejudice A Washington court dismissed with prejudice the class action lawsuit filed against Seattle Children’s Hospital (SCH) concerning its usage of pixels and other tracking technologies […]

The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in February dropped with 59 data breaches involving 500 and up records reported. The breaches […]

Senator Mark R. Warner (D-VA) presented new legislation that will approve advance and faster payments to healthcare companies in case of a cyberattack. The new legislation was prompted by the ransomware attack on Change Healthcare, […]

The Department of Health and Human Services’ Office for Civil Rights (OCR) has released updates on the guidance for entities covered by the Health Insurance Portability and Accountability Act (HIPAA) about online tracking technologies. The […]

NSA Releases Guidance on Implementing Zero Trust to Restrict Lateral Movement The National Security Agency (NSA) has released guidance on implementing zero trust security to restrict lateral movement inside a network when a threat actor […]

The Department of Health and Human Services (HHS) has reported the Blackcat ransomware attack on UnitedHealth Group-managed Change Healthcare in February 2024. The attack affected over 100 of Change Healthcare’s systems, which subsequently impacted the […]

Feds Alerts Healthcare Industry Concerning ALPHV/Blackcat Ransomware Group A joint cybersecurity notification was given by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human […]

Ransomware Attack on Maryland Psychotherapy Provider Ended in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) resolved the supposed Health Insurance Portability and Accountability Act (HIPAA) violations with […]

January had 61 data breach reports involving 500 and up records submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a 22% month-over-month decrease in reported data breaches. […]

California AG Accepts $5 Million Settlement with Quest Diagnostics Concerning Improper Disposal of Waste and Patient Information California Attorney General Rob Bonta has reported that a $5 million settlement with Quest Diagnostics has been approved […]

U.S. Fertility Offers to Pay $5.75 Million Settlement of Class Action Data Breach Lawsuit U.S. Fertility LLC, which operates over 100 fertility clinics throughout the U.S., has offered to pay $5.75 million to resolve a […]

Lincare Holdings Offers $7.25 Million Settlement of Data Breach Lawsuit Regarding the Lincare Holdings Inc. Data Breach Litigation, Lincare Holdings proposed a $7.25 million settlement to resolve the class action lawsuit filed over a data […]

Netherlands COVID-19 Testing Laboratory Database Exposed A medical lab based in the Netherlands that was used as a COVID-19 testing center has left a database compromised online that included the sensitive information of about 1.3 […]

December had the second-highest number of data breach reports for 2023. The Department of Health and Human Services (HHS) Office for Civil Rights had 74 healthcare data breach reports involving 500 and up records in […]

Singing River Health System has reported the compromise of the PHI of 253,000 patients due to a ransomware attack in August 2023. Data breach reports from Fincantieri Marine Group, Highlands Oncology Group, Family Healthcare, and […]

Class action lawsuits had been filed against ESO Solutions because of a recently announced cyberattack and data breach that impacted just about 2.7 million people. The data breach affected sensitive data like names, contact details, […]

November’s reported breaches involving 500 and up healthcare records increased by 45% with 61 big data breaches reported to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). For the 2023 […]

Liberty Hospital based in Kansas City is dealing with a cyberattack that has upset its IT systems. The cyberattack was discovered on December 19, 2023, and it was decided to reroute ambulances to other hospitals […]

Proliance Surgeons Faces Lawsuit Over Ransomware Attack and Data Breach Surgery group Proliance Surgeons based in Seattle, Washington is facing a class action lawsuit due to a recently reported ransomware attack and data breach that […]

CarePointe ENT Resolves HIPAA Lawsuit with Indiana Attorney General At the end of September 2023, Indiana Attorney General Todd Rokita submitted a lawsuit against CarePointe ENT involving a ransomware attack that resulted in a data […]

Longhorn Imaging Center Data Breach South Austin Health Imaging LLC, dba Longhorn Imaging Center based in Austin, TX, has just reported a case of hacking to the HHS’ Office for Civil Rights indicating that 100,643 […]

October saw a drop in the number of reported data breaches involving 500 or more healthcare records. Only 40 data breaches were reported by HIPAA-regulated entities in October, making the 12-month average of 54 breaches […]

About 9 million patients were impacted by a cyberattack on Perry Johnson & Associates. This transcription service provider’s data breach is the second-biggest healthcare data breach this 2023 and it is the 6th biggest healthcare […]

Doctors’ Management Services to Pay OCR $100,000 to Settle HIPAA Probe The HHS’ Office for Civil Rights (OCR) has agreed to accept $100,000 from Doctors’ Management Services to settle a ransomware attack and data breach […]

Brooklyn Premier Orthopedics (BPO) based in New York has reported the potential access and theft of the protected health information (PHI) of 48,459 patients in a recent cyberattack. As per BPO’s breach notice dated October […]

Healthcare data privacy improved in September with the least reported healthcare data breaches since February 2023. There were 48 data breaches involving 500 and up records reported to the HHS’ Office for Civil Rights (OCR) […]

The Medicare and Medicaid plan provider, CareSource, based in Dayton, OH is facing multiple class action lawsuits associated with a cyberattack that resulted in a data breach. The Clop ransomware group took advantage of a […]

Healthcare data breaches in August increased by 21.4% month-over-month. There were 68 data breaches involving 500 or more records that were reported to the HHS’ Office for Civil Rights. August is now the second-worst month […]

284K Oak Valley Hospital District Patients Affected By Cyberattack Oak Valley Hospital District in Oakdale, CA, has recently informed 283,629 patients concerning the exposure of their sensitive information due to a cybersecurity incident. The hospital […]

TikTok’s $368 Million Penalty for Child Privacy Violations The Irish Data Protection Commission (DPC) has reported that it finally made a decision regarding its inquiry into TikTok. It imposed a financial penalty of €345 million […]

Two Class Action Lawsuits Filed Against CentroMed Over 350,000-Record Data Breach El Centro Del Barrio, doing business as CentroMed in San Antonio, TX, is dealing with two class action lawsuits because of a cyberattack in […]