Sedgwick Government Solutions confirmed that an unauthorized party accessed an isolated file transfer system and that a ransomware group publicly claimed theft of data, triggering incident response actions. Incident Confirmation Sedgwick Government Solutions (SGS)...

Top of the World Ranch Treatment Center (TWRTC) paid $103,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights to settled a potential HIPAA Security Rule violation and will implement required corrective actions. HIPAA Security Rule...

Texas Attorney General Ken Paxton has launched an investigation into the Conduent Business Services data breach, which he stated could potentially be the largest healthcare data breach in United States history. Investigation Announcement Texas Attorney General Ken...

McLaren Health Care has agreed to pay $14 million to settle class action litigation related to two ransomware attacks that occurred in 2023 and 2024 resulting in data breaches. Nature Of the Incidents McLaren Health Care encountered two ransomware attacks that...

Alabama Cardiovascular Group has resolved a class-action data breach litigation as a result of a data security breach discovered on July 2, 2024. The investigators found out that an unauthorized third party got access to its system from June 6, 2024, to July 2, 2024,...

HHS has applied the annual inflation adjustment to the civil monetary penalties for violations of the HIPAA Rules effective January 28, 2026, increasing the financial penalties for covered violations. HIPAA-certified entities also need to take note of these updates....

United Seating and Mobility, dba Numotion, decided to resolve a class action litigation associated with two data security incidents in 2024. The mobility equipment provider encountered an attack involving unauthorized access to the protected health information (PHI)...

Fortune 1000 pharmacy services provider, PharMerica, decided to resolve a class action litigation associated with a hacking incident resulting in a data breach in 2023 that impacted 5.8 million people. Besides paying $5.2 million for costs and benefits, the company...

Continuum Health Alliance, a health management and patient services provider based in Marlton, NJ, has decided to settle a combined class action litigation associated with a data breach in October 2023 that impacted over 377,000 patients of its customer, Consensus...

VisionPoint Eye Center based in central Illinois agreed to settle a class action lawsuit associated with a data breach that happened on October 2024 affecting around 67,000 individuals. This eye treatment service provider confirmed that an unauthorized third party...

Hypertension Nephrology Associates (HNA) located in Willow Grove, Pennsylvania, decided to pay $625,000 to resolve a class action lawsuit associated with a January 2024 data breach. HNA discovered the unauthorized system access on February 6, 2024 after finding a...

Dermatology practice Brevard Skin and Cancer Center in Brevard, Florida, suffered a cyberattack that was first discovered on October 14, 2025. It took quick action to keep its systems secure. Third-party cybersecurity experts investigated the nature and magnitude of...

Main Line Fertility Center, located in Pennsylvania, will pay individuals for the probable impermissible disclosure of their sensitive information to third parties through website monitoring technologies. Main Line Fertility Center used third-party tracking codes and...

Precision Imaging Centers, based in Jacksonville, Florida, offers X-ray imaging, CT, MRI, PET, and ultrasound services. It faced a class action lawsuit arising from a cybersecurity incident discovered on November 2, 2022 and agreed to settle it. Hackers breached its...

Florida’s Watson Clinic decided to resolve its class action litigation associated with a January 2024 data breach that affected 280,278 persons for $10,000,000. The threat actors stole sensitive data, which included digital images, and published it on the dark web....

On October 22, 2023, First Choice Dental, which operates 12 dental clinics in Madison and Dane counties in Wisconsin, suffered a ransomware attack. The dental care provider agreed to settle the litigation arising from the data security incident. First Choice Dental...

A group of mental health and addiction recovery treatment centers in Tampa, FL, reported a security breach involving unauthorized access to patient information. Oglethorpe provides management services to health centers, wellness facilities, and specialized hospitals...

NextGen Healthcare proposed a $19,375,000 settlement to take care of a combined class action lawsuit over a ransomware attack in 2023 that impacted over one million people. The electronic health records and practice management software company discovered the attack on...

Fraser Child and Family Center decided to pay $750,000 to resolve class action litigation involving a 2024 data breach. Fraser Child and Family Center is an autism, behavioral health, mental health, and disability services provider in Minnesota. From May 30, 2024 to...

Orthopedics Rhode Island (Ortho RI) decided to settle a class action litigation over a 2024 ransomware attack for $2.9 million. Ortho RI discovered the ransomware attack on September 7, 2025 and started a forensic investigation, which confirmed unauthorized network...

Reid Hospital & Health Care Services, Inc., also called Reid Health, in Richmond, Indiana, has decided to settle the class action lawsuit associated with the alleged use of Meta Pixel and other tracking tools on its webpage. Based on the Jane Doe v. Reid Health...

Octapharma Plasma agreed to resolve litigation associated with its April 2024 ransomware attack and data security breach. Octapharma Plasma manages over 190 blood plasma donation centers across 35 states. On or about April 17, 2024, Octapharma noticed suspicious...

Jefferson Healthcare decided to resolve a class action lawsuit alleging the disclosure of sensitive information to third parties without patient permission as a result of installing Meta Pixel and other tracking tools on its site. Jefferson Healthcare provides its...

The U.S. Department of Justice detained a Ukrainian serial ransomware criminal who is believed to have been behind various ransomware operations. Volodymyr Viktorovich Tymoshchuk, using monikers Boba, deadforz farnetwork, and msfv, is claimed to have executed the...

Morris Hospital & Healthcare Centers decided to resolve a combined class action lawsuit that claimed negligence for not preventing a data breach in April 2023 that impacted 248,943 persons. The terms of the settlement agreement require Morris Hospital to create a...

Children’s Hospital Medical Center of Akron, also known as Akron Children’s Hospital, has decided to resolve its class action lawsuit associated with the use of Meta Pixel and third-party analytics and tracking codes on its website. The healthcare provider allegedly...

Mount Sinai Health System, New York City's biggest hospital system, decided to pay $5.3 million to settle its web tracking lawsuit. Allegedly, the health system violated government and state regulations by disclosing the personal health data of users of its website...

The Trump Administration reported a new initiative focused on enhancing interoperability and the exchange of medical information, and has gathered pledges from top healthcare and tech companies to develop a foundation for a next-gen digital health environment that...

Heart South Cardiovascular Group, a cardiac and vascular care provider in Clanton, Centreville, and Alabaster in central Alabama, has decided to resolve the lawsuit associated with a May 2024 data breach that impacted 20,577 individuals. Heart South Cardiovascular...

Director Paula M. Stannard of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported the 18th HIPAA penalty of 2025. Syracuse ASC, also known as Specialty Surgery Center of Central New York, has agreed to pay a $250,000 financial...