HIPAA Violation News

The dermatology practice, Forefront Dermatology, based in Wisconsin has offered to resolve a class action lawsuit filed by patients who had their protected health information (PHI) exposed during a ransomware attack at the end of […]

A federal grand jury in Memphis charged five ex-employees of Methodist Hospital in Tennessee with Health Insurance Portability and Accountability Act (HIPAA) criminal violations for impermissibly obtaining the protected health information (PHI) of patients and […]

Ann & Robert H. Lurie Children’s Hospital has offered to settle a class action lawsuit that was filed in relation to two privacy breaches where employees accessed medical records without authorization. The Chicago hospital found […]

Aveanna Healthcare has decided to pay the Office of the Attorney General of Massachusetts $425,000 as a financial penalty for not implementing proper safety measures to avoid phishing attacks, thus violating state and government legislation. […]

A Californian appellate court has just announced the lower court’s decision to reject class-action status for a legal action filed against a healthcare provider in California because of an insider data breach that impacted 5,485 […]

The American Civil Liberties Union of Rhode Island (ACLU of RI) is filing a lawsuit against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare New England (UHC) because of a data breach in August […]

First, Novant Health stated that the protected health information (PHI) of 1.36 million individuals was transmitted to Meta. Now, Advocate Aurora Health is the second to confirm that it also put the Meta Pixel tracking […]

United Health Centers of the San Joaquin Valley (UNC) has offered a settlement deal to take care of a class action lawsuit filed for the sake of patients impacted by its Vice Society ransomware attack […]

Mon Health is dealing with a class action lawsuit associated with a hacking incident that enabled unauthorized persons to acquire access to its system for 11 days in December 2021. According to Mon Health, it […]

Magellan Health has decided to resolve a class action data breach legal action and will set up a $1.43 million funding to pay for claims submitted by patients impacted by the data breach. Patients whose […]

The HHS’ Office for Civil Rights (OCR) has made a decision to settle three investigations of dental practices for probable violations of HIPAA Right of Access . The three investigations were started after patients filed […]

For three months now, the reported number of healthcare data breaches has gone down. August had 49 reported breaches involving 500 or more records, which is below the typical 58 breaches a month. The number […]

The Ohio law company, Bricker & Eckler LLP, decided to resolve a class action data breach lawsuit filed on behalf of those impacted by a ransomware attack on the company in 2021. Bricker & Eckler […]

Ambry Genetics has made a decision to settle a class action lawsuit that was due to a breach of the protected health information (PHI) of 232,772 patients. In April 2020, Ambry Genetics informed patients about […]

The healthcare provider based in Morristown, VT, Lamoille Health Partners, is dealing with a class action lawsuit because of a ransomware attack in June 2022 that impacted approximately 60,000 patients. Lamoille Health Partners discovered the […]

Avamere Holdings based in Wilsonville, OR, a provider of home health care services and operator of a nursing home, is dealing with a class action lawsuit due to a serious data breach that impacted 96 […]

Humana & Cotiviti have decided to resolve a class action lawsuit and the claims from people impacted by a data breach in 2020 that compromised the protected health information (PHI) of 64,654 people. Humana had […]

A digital marketing and analytics company based in Idaho filed a lawsuit against the Federal Trade Commission for allegedly violating the Federal Trade Commission (FTC) Act with its data practices. Kochava’s principal business unit offers […]

Salinas Valley Memorial Healthcare System based in California has decided to negotiate a class action lawsuit by paying $340,000 to settle claims from patients impacted by the email security breach in 2020. From April 30, […]

Dental Care Alliance decided to resolve a class action lawsuit filed due to a data breach that affected approximately 1.7 million people. A $3 million fund was reserved to cover claims from persons impacted by […]

The Methodist Hospitals Inc decided to resolve a class action lawsuit and allocated a $425,000 fund for claims filed by victims in relation to a data breach in 2019 that impacted about 70,000 patients. The […]

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has reported that Oklahoma State University – Center for Health Sciences (OSU-CHS) has decided to negotiate a HIPAA investigation arising from the […]

Health Aid of Ohio has decided to resolve a class action lawsuit to handle claims concerning its inability to secure the sensitive personal data of its clients. Health Aid of Ohio based in Parma, OH […]

Hearst Health subsidiary, MCG Health based in Seattle, is facing multiple class-action lawsuits due to a data breach that impacted approximately 10 healthcare companies such as Lenoir Health Care, Indiana University Health, Jefferson County Health […]

University of Pittsburgh Medical Center has made the decision to negotiate a class action data breach lawsuit. It will set aside $450,000 to pay for claims from persons who have had losses because of the […]

Shields Health Care Group is facing a class-action lawsuit over the 2 million-record data breach it recently announced. This is the largest healthcare data breach ever reported for this year. Shields Health Care Group is […]

The law firm Morgan & Morgan filed a class-action lawsuit in the U.S. District Court for the District of Massachusetts against Injured Workers Pharmacy (IWP) in association with a breach of the personal records of […]

A New York Federal Judge dismissed a class-action lawsuit filed against Alliance HealthCare Services and NorthEast Radiology PC because of a data breach that compromised the protected health information (PHI) of above 1.2 million people […]

Class action lawsuits were lately filed against Oregon Anesthesiology Group and Partnership Health Plan in Northern California because of ransomware attacks that resulted in the theft of sensitive patient/plan member information. Partnership Health Plan of […]

Legal action was taken versus the in-home respiratory care company, SuperCare Health, because of a cyberattack and information breach report sent to the Department of Health and Human Services as of March 28, 2022. The […]

An audit of Health Insurance Exchange of Connecticut, Access Health CT, by the state auditor indicated that Access Health CT experienced 44 data breaches in the period of 3.5 years and did not completely report […]

$50,000 Civil Monetary Penalty Paid by Dental Practice for Social Media HIPAA Violation OCR investigated Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A., (UPI), dental practice managing offices in Monroe and Charlotte, NC after a […]

A woman was sentenced to 15 months imprisonment for being involved in a plan to defraud patients of a medical clinic based in Metairie, LA. In 2015, three persons were captured in association with the […]

The U.S. Department of Justice (DOJ) has reported the settlement agreed with the healthcare services company, Comprehensive Health Services (CHS) located in Cape Canaveral, FL to resolve alleged False Claims Act violations. This is the […]

Logan Health and subsidiary, sister, and related entities are facing legal action because of a data breach that happened in 2021 and impacted 213,543 patients of Logan Health Medical Center. Law firm Heenan & Cook […]

The HIPAA violation reporting process is different for different organizations because of differences in policies and procedures, and the process for sending violations reports to HHS´ Office for Civil Rights differs based on the nature […]

Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach […]

The U.S. District Court for the Western District of New York has suggested the dismissal of a class action data breach suit against Practicefirst Medical Management Solutions regarding a ransomware attack in 2020. Medical management […]

CaptureRx has offered to pay $4.75 million to resolve claims associated with a 2021 data breach that impacted roughly 2.4 million patients of its healthcare company customers. CaptureRx is a medical care administrative service company […]

The Rhode Island Attorney General is conducting an investigation involving the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare because of a cyberattack and security breach that allowed hackers to access RIPTA’s system that held […]

The HIPAA Breach Notification Rule requires the sending of data breach notification to the Secretary of the HHS “without unnecessary delay” and not later than 60 days after the discovery date of a data breach. […]

New York Attorney General Letitia James announced the first settlement deal of 2022 over a healthcare data breach. The vision benefits provider based in Ohio, Med Vision Care, is going to pay $600,000 as a […]

An $18.4 million settlement has been reached to resolve a class-action lawsuit filed against Mass General Brigham in relation to the usage of site analytics tools, cookies, pixels, and related technologies on a number of […]

A specialty pharmacy based in Florida is dealing with a class-action lawsuit concerning an October 2021 cyberattack that resulted in the stealing of the personally identifiable information (PII) and protected health information (PHI) of around […]

If a covered entity or business associate fails in complying with HIPAA rules, OCR is authorized to impose fines for HIPAA noncompliance – whether there’s no PHI breach or complaint. Following a great deal of […]

A class-action lawsuit was filed versus San Juan Regional Medical Center in Farmington, New Mexico in relation to a reported data breach last June 2021. According to the breach investigation, there was an unauthorized individual […]

Legal action was filed against Quest Diagnostics and ReproSource Fertility Diagnostics, its subsidiary, in the US District Court for the District of Massachusetts because of a ransomware attack in August 2021 that impacted 350,000 individuals. […]

A former staff of Huntington Hospital located in New York is confronted with a criminal HIPAA violation case related to the unauthorized accessing of health records of 13,000 patients. The night shift hospital staff impermissibly […]

The New Jersey Attorney General has allowed a $130,000 settlement with two printing companies to resolve affirmed violations of the New Jersey Consumer Fraud Act (CFA) and Health Insurance Portability and Accountability Act (HIPAA) that […]

A federal judge has decided to favor the University of Mississippi Medical Center (UMMC) in a case of unauthorized access and data theft versus three ex-workers. UMMC filed a lawsuit against Dr. Spencer Sullivan as […]

A new study has shown prevalent security problems at healthcare companies, which include bad access controls, few limitations on access to protected health information (PHI), and bad password practices, which put sensitive information in danger. […]

A previous patient of Northwestern Memorial HealthCare (NMHC) filed a lawsuit against Elekta Inc. regarding its ransomware attack and security breach last April 2021. Many U.S. healthcare providers are business associates with Elekta, a Swedish […]

Californian healthcare provider San Diego Health is facing multiple class-action lawsuits over a data breach impacting the protected health information (PHI) of 496,949 patients. San Diego Health discovered suspicious activity in the email accounts of […]

Two DuPage Medical Group patients are taking legal action against the healthcare provider right after a July 2021 ransomware attack through which patients’ protected health information (PHI) was compromised. DuPage Medical Group experienced the ransomware […]

The U.S. Department of Justice reported that a federal court in the Eastern District of Texas has sentenced a Texas lady to serve 30 months in federal prison for committing a conspiracy to acquire protected […]

The pharmacy and supermarket company Kroger has offered to pay $5 million to settle lawsuits which the victims of a data breach filed because their personal data and protected health information (PHI) were exposed. Kroger […]

Two former patients filed a class-action lawsuit against BJC HealthCare in relation to an email data breach in March 2020, but the lawsuit has made it through two motions to dismiss. Bradley Dean Taylor and […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that organizations can use to evaluate how effectively they are prepared to protect against and recuperate from a ransomware attack. The threat […]

An ex-employee of Aultman Health Foundation viewed 7,300 patient information with no permission for nearly 12 years prior to the discovery of the HIPAA violation. The employee was given access to patient information to carry […]

In October 2020, Mayo Clinic reported that a former employee was found to have committed impermissible access to the health records of roughly 1,600 patients. Based on a statement released by the Mayo Clinic, the […]

The Chief Operating Officer of an IT security agency is facing a lawsuit due to a financially driven cyberattack on Gwinnett Medical Center based in Lawrenceville, GA last September 2018. Vikas Singla, aged 45, of […]

The health insurance and healthcare provider Humana in Louisville, KY and its business associate Cotiviti are confronted with legal action due to a data breach identified in late December 2020. On May 26, 2021, a […]

In September 2020, Nebraska Medicine and the University of Nebraska Medical Center found out that their systems were hacked and downloaded with malware allowing the hackers access to the protected health information (PHI) of approximately […]

The HHS’ Office for Civil Rights has reached a settlement with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) to resolve a potential violation of the HIPAA Right of Access. This is OCR’s 8th financial […]

There has been a great deal of uncertainty regarding the case of inquiring somebody if they have gotten a COVID-19 vaccine. Does it constitute a HIPAA violation, particularly with regards to employers asking their staff […]

Universal Health Services (UHS) is facing a lawsuit associated with a 2020 data breach; but, the lawsuit proceeded only for one of the patients identified on the lawsuit. UHS manages approximately 400 hospitals and care […]

The Pennsylvania Department of Health and also its COVID-19 contact tracing provider are getting sued because of a breach of the personal and medical information of 72,000 Pennsylvanians. Insight Global and the Department of Health […]

Einstein Healthcare Network, a health system based in Philadelphia, is dealing with a class-action lawsuit associated with an August 2020 phishing attack that enabled an unauthorized person to access several employee email accounts. Einstein Healthcare […]

The healthcare data breaches reported in March increased by 38.8%. There were 62 breaches involving at least 500 records reported to the HHS’ Office for Civil Rights, the majority of which were hacking incidents. The […]

The Ventura County District Attorney directed Adventist Health Physicians Network located in Simi Valley, California to pay civil momentary penalties worth $40,000 for a civil privacy settlement resolving a patient privacy breach that impacted 3,797 […]

Roper St Francis Healthcare is confronted with a class action lawsuit associated with an October 2020 data breach wherein patient information was purportedly stolen. The lawsuit alleges negligence for not protecting patients’ private information. From […]

Med-Data Inc., a revenue cycle management services vendor based in Spring, TX, has given confirmation that the protected health information (PHI) of patients of some of its clients were loaded to GitHub, an open-source software […]

The HHS’ Office for Civil Rights has reported reaching a settlement with Village Plastic Surgery based in Ridgewood, NJ to resolve potential HIPAA Right of Access violations. Based on the conditions of the settlement, Village […]

The Arizona Supreme Court revived a HIPAA violation legal case that a man from Phoenix filed because of a privacy violation by a pharmacy worker associated with an erectile dysfunction medicine prescription. Greg Shepherd, aged […]

Cochise Eye and Laser, an ophthalmology and optometry company located in Sierra Vista, AZ, had a ransomware attack on January 13, 2021 and saw the encryption of its patient booking and billing application. Due to […]

The number of healthcare data breaches involving 500 or more records in January 2021 decreased by 48% month-over-month. There were 32 data breaches reported in January compared to December’s 62. Although this is below the […]

Wilmington Surgical Associates located in North Carolina is dealing with a class suit due to a Netwalker ransomware attack that resulted in a data breach last October 2020. In most ransomware attacks today, data files […]

The court has given preliminary approval of a settlement proposal by 21st Century Oncology to take care of a November 2020 class-action lawsuit. The class-action lawsuit was submitted in District Court for the Middle District […]

The Conti ransomware gang has left a big set of healthcare information online that was presumably taken from Leon Medical Centers based in Florida and Nocona General Hospital based in Texas. Leon Medical Centers experienced […]

Two personnel of the Department of Veteran Affairs’ (VA) information technology allegedly made false representations regarding the privacy and security risks of a huge data AI project involving the VA and a private firm that […]

The contract of Philly Fighting COVID to distribute COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was ended following accusations that the organization’s privacy policies potentially allowed the purchase of private […]

A recent study printed in the Journal of the American Medical Informatics Association (JAMIA) revealed that information blocking by electronic health record (EHR) vendors remains remarkably rampant in spite of recent policymaking that forbids information […]

The HHS’ Office for Civil Rights (OCR) is moving forward with its efforts to catch healthcare companies that fail to provide patients with prompt access to their healthcare records. OCR recently announced a settlement reached […]

Twitter is penalized with €450,000 ($544,600) for violating the EU’s General Data Protection Regulation (GDPR). The Data Protection Commission (DPC) in Ireland issued the fine in connection with Twitter’s privacy breach report to the DPC […]

Kalispell Regional Healthcare based in Montana has offered a $4.2 million settlement deal to take care of a lawsuit filed on behalf of victims associated with a data breach that was reported in October 2019. […]

OCR imposed more financial penalties on HIPAA covered entities and business associates this 2020 than any year since OCR got authorized by the HIPAA Enforcement Rule to issue financial penalties on non-complying entities. As of […]

The U.S. Department of Health and Human Services’ Office for Civil Rights just issued the 10th financial penalty covered by the HIPAA Right of Access enforcement initiative. Riverside Psychiatric Medical Group based in California has […]

The Information Commissioner’s Office (ICO), the United Kingdom’s data protection authority, has enforced a £18.4 million ($23.8 million) financial fine on Marriott International for violating the EU’s General Data Protection Regulation (GDPR). The ICO had […]

Aetna Life Insurance Company and the associated covered entity (Aetna) has decided to resolve several potential HIPAA violations that the Department of Health and Human Services’ Office for Civil Rights (OCR) found in the course […]

Before September, the HHS’ Office for Civil Rights only issued three financial penalties on covered entities and business associates over HIPAA violations. Yet, in September, there was a squall of notices regarding HIPAA settlements when […]

Community Health Systems located in Franklin, TN, and its subsidiary CHSPCS LLC agreed to settle a multi-state action with 28 state attorneys general by paying out $5 M. An investigation directed by Tennessee Attorney General […]

The 12th HIPAA penalty of 2020 has been reported by the Department of Health and Human Services’ Office for Civil Rights (OCR). It is the 8th under the HIPAA Right of Access enforcement initiative since […]

A healthcare employee who was charged with violation of patient privacy and the Health Insurance Portability and Accountability Act (HIPAA) Rules was cleared of any violation after the federal law enforcement’s investigation. The said employee […]

Health insurer Anthem Inc. based in Indianapolis, IN has settled its multi-state actions filed by state attorneys general in relation to its 2014 78.8 million record data breach. One settlement deal for $39.5 million was […]

People affected by the recent data breaches that occurred at Blackbaud and Assured Imaging took legal action for the compromise and theft of their personal data and protected health information (PHI). Several Lawsuits Filed in […]

Montefiore Medical Center in Bronx, New York has dismissed a worker due to the supposed theft of the protected health information PHI of around 4,000 patients. Montefiore learned about the possible internal data breach in […]

HealthAlliance Hospital and its health record management vendor, Ciox Health, are facing a lawsuit for refusing to give a widow the medical records of her deceased husband. In October 2020, the husband of Sherry Russell, […]

Konica Minolta Healthcare Americas Inc. is going to pay $500,000 as a financial penalty to bring to an end a case against Viztek LLC, its ex-subsidiary, to take care of False Claims Act violations in […]

A law company is filing a lawsuit against Medical Records Online (MRO), a healthcare release-of-information solution provider, for charging too much on law companies and insurance companies when furnishing electronic copies of patients’ health records. […]

In December 2019, the Department of Health and Human Services’ Office for Civil Rights had two more enforcement actions taken against covered entities that were found to have broken the HIPAA Regulations. The first financial […]