Florida’s Watson Clinic decided to resolve its class action litigation associated with a January 2024 data breach that affected 280,278 persons for $10,000,000. The threat actors stole sensitive data, which included digital images, and published it on the dark web....

On October 22, 2023, First Choice Dental, which operates 12 dental clinics in Madison and Dane counties in Wisconsin, suffered a ransomware attack. The dental care provider agreed to settle the litigation arising from the data security incident. First Choice Dental...

A group of mental health and addiction recovery treatment centers in Tampa, FL, reported a security breach involving unauthorized access to patient information. Oglethorpe provides management services to health centers, wellness facilities, and specialized hospitals...

NextGen Healthcare proposed a $19,375,000 settlement to take care of a combined class action lawsuit over a ransomware attack in 2023 that impacted over one million people. The electronic health records and practice management software company discovered the attack on...

Fraser Child and Family Center decided to pay $750,000 to resolve class action litigation involving a 2024 data breach. Fraser Child and Family Center is an autism, behavioral health, mental health, and disability services provider in Minnesota. From May 30, 2024 to...

Orthopedics Rhode Island (Ortho RI) decided to settle a class action litigation over a 2024 ransomware attack for $2.9 million. Ortho RI discovered the ransomware attack on September 7, 2025 and started a forensic investigation, which confirmed unauthorized network...

Reid Hospital & Health Care Services, Inc., also called Reid Health, in Richmond, Indiana, has decided to settle the class action lawsuit associated with the alleged use of Meta Pixel and other tracking tools on its webpage. Based on the Jane Doe v. Reid Health...

Octapharma Plasma agreed to resolve litigation associated with its April 2024 ransomware attack and data security breach. Octapharma Plasma manages over 190 blood plasma donation centers across 35 states. On or about April 17, 2024, Octapharma noticed suspicious...

Jefferson Healthcare decided to resolve a class action lawsuit alleging the disclosure of sensitive information to third parties without patient permission as a result of installing Meta Pixel and other tracking tools on its site. Jefferson Healthcare provides its...

The U.S. Department of Justice detained a Ukrainian serial ransomware criminal who is believed to have been behind various ransomware operations. Volodymyr Viktorovich Tymoshchuk, using monikers Boba, deadforz farnetwork, and msfv, is claimed to have executed the...

Morris Hospital & Healthcare Centers decided to resolve a combined class action lawsuit that claimed negligence for not preventing a data breach in April 2023 that impacted 248,943 persons. The terms of the settlement agreement require Morris Hospital to create a...

Children’s Hospital Medical Center of Akron, also known as Akron Children’s Hospital, has decided to resolve its class action lawsuit associated with the use of Meta Pixel and third-party analytics and tracking codes on its website. The healthcare provider allegedly...

Mount Sinai Health System, New York City's biggest hospital system, decided to pay $5.3 million to settle its web tracking lawsuit. Allegedly, the health system violated government and state regulations by disclosing the personal health data of users of its website...

The Trump Administration reported a new initiative focused on enhancing interoperability and the exchange of medical information, and has gathered pledges from top healthcare and tech companies to develop a foundation for a next-gen digital health environment that...

Heart South Cardiovascular Group, a cardiac and vascular care provider in Clanton, Centreville, and Alabaster in central Alabama, has decided to resolve the lawsuit associated with a May 2024 data breach that impacted 20,577 individuals. Heart South Cardiovascular...

Director Paula M. Stannard of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported the 18th HIPAA penalty of 2025. Syracuse ASC, also known as Specialty Surgery Center of Central New York, has agreed to pay a $250,000 financial...

BJC Health System, dba BJC HealthCare, agreed to settle a lawsuit prompted by its use of tracking tools on its website. The healthcare organization will pay approximately $9.25 million to resolve the lawsuit and give class members corresponding cash payments....

A ransomware group known as Stormous claims to possess the stolen personal data and protected health information (PHI) of 600,000 North Country HealthCare patients. North Country HealthCare is a federally certified community health center that provides comprehensive...

MarinHealth agreed to pay $3 million to resolve a class action lawsuit over installing the Meta Pixel tracking code on its website from 2019 to 2025. MarinHealth manages Marin Health Medical Center and several outpatient clinics located in Sonoma County and Marin...

On June 30, 2025, the Occupational Safety and Health Administration (OSHA) published in the Federal Register (90 FR 28336) a proposed rule to withdraw the part of the COVID-19 Emergency Temporary Standard that remains in effect. The COVID-19 Emergency Temporary...

Across the USA, academic institutions are facing increased pressure to ensure that students are fully prepared to meet the compliance requirements of clinical practice. In response, ComplianceJunction and Exxat have joined forces to help close the student compliance...

Behavioral health system Arisa Health in Arkansas consented to pay $1.9 million to resolve a class action lawsuit associated with a cyberattack in March 2024. Threat actors gained access to the Arisa Health system and stole the protected health information (PHI) of...

DICOM, Digital Imaging and Communications in Medicine, had a high-severity vulnerability discovered in its MicroDicom DICOM Viewer, which is a free software program used to view and manipulate DICOM medical images. A threat actor can exploit the vulnerability remotely...

Three weeks after the Interlock ransomware attack on May 20, 2025, Kettering Health has affirmed the resumption of normal operations for important healthcare services. Kettering Health has been issuing frequent updates on the development being made to reestablish its...

A MongoDB database that contains approximately 2.7 million patient records and 8.8 million consultation records was compromised on the internet. The database contained names, addresses, birth dates, phone numbers, chart IDs, billing data, email addresses, and language...

Six more Nationwide Recovery Service (NRS) clients confirmed that the NRS data breach resulted in the theft of sensitive data. The list of new victims includes Smile Solutions of Goodlettsville The City of Chattanooga Duncan Regional Hospital MAK Anesthesia Swedish...

ComplianceJunction, a top provider of accredited HIPAA, OSHA, and FWA training, has introduced a partner program that allows healthcare staffing and HR technology platforms to embed compliance training directly into their systems through a secure API....

Kettering Health operates 120 outpatient facilities and 14 medical centers in western Ohio. On May 20, 2025, it encountered organization-wide technology downtime that impacted 14 medical centers and call center operations. The disturbance caused critical IT systems to...

Integrated health system known as Union Health System, based in Terre Haute, Indiana, manages two hospitals and a medical group, which were impacted by a security breach that occurred at Oracle Health and Cerner. Oracle Health sent notification letters to healthcare...

A Federal judge has given preliminary approval of a $20 million settlement to resolve a multidistrict lawsuit against the software company Fortra in association with a 2023 hacking incident that impacted the Fortra GoAnywhere managed file transfer (MFT) solution. The...