Six more Nationwide Recovery Service (NRS) clients confirmed that the NRS data breach resulted in the theft of sensitive data. The list of new victims includes Smile Solutions of Goodlettsville The City of Chattanooga Duncan Regional Hospital MAK Anesthesia Swedish...

ComplianceJunction, a top provider of accredited HIPAA, OSHA, and FWA training, has introduced a partner program that allows healthcare staffing and HR technology platforms to embed compliance training directly into their systems through a secure API....

Kettering Health operates 120 outpatient facilities and 14 medical centers in western Ohio. On May 20, 2025, it encountered organization-wide technology downtime that impacted 14 medical centers and call center operations. The disturbance caused critical IT systems to...

Integrated health system known as Union Health System, based in Terre Haute, Indiana, manages two hospitals and a medical group, which were impacted by a security breach that occurred at Oracle Health and Cerner. Oracle Health sent notification letters to healthcare...

A Federal judge has given preliminary approval of a $20 million settlement to resolve a multidistrict lawsuit against the software company Fortra in association with a 2023 hacking incident that impacted the Fortra GoAnywhere managed file transfer (MFT) solution. The...

The HHS’ Office for Civil Rights (OCR) reported the 6th financial penalty for 2025 involving alleged HIPAA Rules violation. Health care network PIH Health in California consented to resolve the HIPAA violations by paying $600,000 in financial penalty. In June 2019, a...

The Department of Health and Human Services’ Office for Civil Rights (OCR) reported its 7th HIPAA enforcement action as part of its HIPAA risk analysis enforcement initiative. The settlement of an alleged HIPAA risk analysis violation involved the Guam hospital...

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a financial penalty to Northeast Radiology, P.C. for a HIPAA violation. This is the 4th financial penalty for HIPAA violation issued by OCR under the Trump administration and the...

Sentara Health is a not-for-profit healthcare organization based in Florida, Virginia, and Northeastern North Carolina that notified 1,620 individuals concerning a likely insider breach affecting their electronic health records. Sentara Health’s Laboratory Services...

SimonMed Imaging reported a cybersecurity incident at the beginning of this year where unauthorized individuals accessed patient information through one of its vendors. The radiology practice in Scottsdale, Arizona said that one vendor notified it on January 27, 2025...

Sunflower Medical Group is dealing with a class action lawsuit because of a recent data breach affecting the protected health information (PHI) of about 221,000 present and past patients. Sunflower Medical Group's private specialized medical center is located in four...

A woman from New York received a probation sentence averting imprisonment for a criminal violation of the Health Insurance Portability and Accountability Act (HIPAA). She is also required to pay restitution of approximately $13,000. On March 23, 2023, 53-year-old...

Certified public accountancy company Legacy Professionals based in Illinois notified about 217,000 people concerning a security incident and data theft in April 2024. The company discovered suspicious activity in its computer system at the end of April and launched a...

Home healthcare equipment and related services provider, Apria Healthcare based in Indianapolis decided to pay $6,400,000 to settle all claims filed by the 1,869,598 individuals affected by data breaches in 2019 and 2021. In April 2019, hackers accessed areas of its...

Labor Union, UNITE HERE, based in New York has consented to paying $6 million to settle a combined class action lawsuit that claimed the group's inability to carry out proper cybersecurity measures to safeguard the sensitive information it kept. On October 20, 2023,...

The U.S. Department of Justice has made public the decision of Health Net Federal Services (HNFS) and Centene Corporation, its parent company, to pay a financial penalty of $11,253,400 to resolve the issues that HNFS has faked compliance certification with the...

U.S. authorities have published an alert concerning the Ghost ransomware group based in China, which has executed ransomware attacks in about 70 countries on several industries such as healthcare, religious institutions, education, manufacturing, technology, and...

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a financial penalty against Warby Parker, Inc. for noncompliance with the HIPAA Rules. This is the first financial penalty issued by OCR under the Trump administration....

March 1, 2025, is the last day for filing reports involving 2024 data breaches impacting less than 500 people to the HHS’ Office for Civil Rights (OCR). When breach reports are not filed on time, HIPAA-covered entities are considered non-compliant with the HIPAA...

Electronic Frontier Foundation (EFF), a non-profit civil liberties organization, wrote to Attorneys General in Arkansas, Missouri, Florida, and Texas to ask for an investigation of crisis pregnancy centers (CPCs) in their states concerning probable privacy violations...

SonicWall and Apple released patches for critical zero-day vulnerabilities found in their products. Covered entities using these products need to update their HIPAA training to include the implementation of patches or updating the firmware of impacted devices. Threat...

Tennessee Attorney General Jonathan Skrmetti filed a complaint in the U.S. District Court for the Eastern District of Tennessee in Knoxville questioning the lawfulness of the revised HIPAA Privacy Rule passed by the Department of Health and Human Services to reinforce...

The Health and Human Services Commission (HHSC) in Texas discovered multiple agency workers who have violated the HIPAA Privacy Rule. The workers were found to have accessed the information of 61,000 people who acquired agency services with no legitimate work reason...

Comparitech recently publicized a report that showed how much work ransomware groups have been doing. The groups attack networks, encrypt files, and then compel the victims to pay ransom. Comparitech’s analysts found 5,461 ransomware attacks successfully executed in...

The HHS’ Office for Civil Rights (OCR) has reported its first HIPAA enforcement for 2025 to settle alleged HIPAA Rules violations. Electronic medical records and billing support services provider, Elgon Information Systems based in Massachusetts, paid an $80,000...

A dental practice in Indianapolis has consented to pay the Office of the Indiana Attorney General (OIG) a $350,000 financial penalty to settle several alleged violations of national and state legislation associated with an unreported ransomware attack and data breach...

Addiction rehabilitation center American Addiction Centers, Inc. based in Brentwood, TN recently reported a cybersecurity incident that impacted 410,747 present and past patients whose protected health information (PHI) may have been stolen. The notification letter...

In April 2024, the Illinois Department of Human Services (IDHS) suffered an email phishing attack in which several employees were misled into sharing their credentials. The attacker accessed email accounts that included the public assistance account details of over...

A bipartisan bill presented in the Senate requires the Department of Health and Services (HHS) to revise the HIPAA rules to boost cybersecurity throughout the healthcare industry and offer funds to support healthcare organizations with low resources to follow...