The HIPAA Journal

MARCH 24, 2025

In 2023, the company was hit with a damaging data breach. users of the 23andMe service have a degree of protection under the Genetic Information Nondiscrimination Act (GITA), as their genetic data cannot be used to make employment or health insurance decisions but there may be other ways that their data could be used.

Tests

Valant

JUNE 18, 2025

Behavioral health providers managing both clinical care and business operations face unique challenges: complex prior authorization requirements, extensive documentation standards, and insurance coverage barriers. Insurers denied 19% of in-network claims in 2023 , according to the Kaiser Family Foundation.

Billing

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA

The HIPAA Journal

JUNE 12, 2025

A settlement has been agreed to resolve class action data breach litigation against HealthEC and its clients over a 2023 hacking incident and data breach. Between July 14, 2023, and July 23, 2023, hackers accessed its network and stole files containing sensitive data. The settlement has received preliminary approval by Hon.

HIPAA

The HIPAA Journal

MARCH 19, 2025

Atlas Healthcare CT Atlas Healthcare CT, the operator of several skilled nursing and rehabilitation centers in Connecticut, was targeted by hackers who gained access to its network and acquired certain stored files on January 20, 2023. Neither entity has previously reported a data breach to OCR.

HIPAA

The HIPAA Journal

JULY 22, 2025

Specialty Networks LLC, a Cardinal Health company that provides radiology information systems and PPS analytics to urology, gastroenterology, and rheumatology practices to improve patient outcomes, has agreed to settle a class action lawsuit stemming from a 2023 data breach. Million appeared first on The HIPAA Journal.

HIPAA

The HIPAA Journal

JULY 11, 2025

The stolen information included names, Social Security numbers, taxpayer identification numbers, medical or health insurance information, and other sensitive information. The affected individuals were notified about the data breach on March 14, 2023.

Follow-Up

The HIPAA Journal

APRIL 1, 2025

On October 9, 2023, Azura Vascular Care identified suspicious network activity, with the forensic investigation confirming that hackers had access to its network between September 27, 2023, and October 9, 2023, during which time they potentially stole the protected health information of patients.

HIPAA

The HIPAA Journal

APRIL 17, 2025

The first unauthorized access occurred in February 2021 and continued until February 2023. In addition, the files accessed by the former employee contained names, contact information, dates of birth, health insurance information, and Social Security numbers. The lawsuit seeks a jury trial and compensatory and punitive damages.

Patient Records

The HIPAA Journal

JULY 11, 2025

Henry Ford Health – was filed in Wayne County Circuit Court, State of Michigan, and alleges the disclosures violated the Health Insurance Portability and Accountability Act (HIPAA), as disclosures of PHI to third parties are not permitted by the HIPAA Privacy Rule for that purpose without obtaining an authorization.

HIPAA

The HIPAA Journal

MARCH 19, 2025

An investigation was launched which revealed an unauthorized third party had access to the email account for 2 months since November 6, 2023, and other email accounts may also have been accessed. The post Email Account Breaches Reported by Access TeleCare & Madison County, MS appeared first on The HIPAA Journal.

HIPAA

The HIPAA Journal

JULY 9, 2024

The Houston, TX-based medical device company, LivaNova, is facing multiple class action lawsuits over an October 2023 cyberattack that exposed the protected health information of 180,000 patients. The post LivaNova Facing Multiple Class Action Lawsuits Over October 2023 Cyberattack appeared first on The HIPAA Journal.

HIPAA

The HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

The HIPAA Journal

APRIL 23, 2024

Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July. According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted.

HIPAA

The HIPAA Journal

APRIL 30, 2024

The ransomware attack was discovered on November 19, 2023, and the forensic investigation confirmed that hackers gained access to its network on October 26, 2023. million in Q4, 2023, as a result of the attack. The post Patient Data Stolen from Livanova in October 2023 Ransomware Attack appeared first on HIPAA Journal.

HIPAA

The HIPAA Journal

APRIL 27, 2025

HIPAA violation cases are compliance investigations that result from a data breach being notified to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) or a privacy complaint being submitted to OCR via the complaints portal. There are many different types of HIPAA violation cases.

HIPAA

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. On January 22, 2023, the breach portal listed 857 data breaches as still; under investigation.

Business Associate

The HIPAA Journal

MAY 2, 2024

Data Breach Insights Healthcare accounted for 28% of data breach incidents, followed by finance and insurance (17%), business and professional services (15%), and education (13%). 27% of attacked companies paid a ransom in 2023, compared to 40% in 2022. million in 2023. The was a significant increase in data breaches at vendors.

HIPAA

The HIPAA Journal

APRIL 25, 2024

City of Hope National Medical Center identified suspicious activity within its network on October 13, 2023, and the forensic investigation confirmed there had been unauthorized access by a third party between September 19, 2023, and October 12, 2023.

Medication

The HIPAA Journal

MAY 30, 2025

Bradford Health Services, Alabama Bradford Health Services in Birmingham, Alabama, has issued a May 30, 2025, notice about a data security incident that was detected more than 18 months ago on December 8, 2023. The post Bradford Health Services Notifies Patients About 2023 Cyberattack appeared first on The HIPAA Journal.

Tests

The HIPAA Journal

JULY 4, 2024

SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the Wisconsin Department of Health Services has announced a breach of the personal information of 19,150 Medicaid recipients. SkinCure Oncology believes files in those email accounts were viewed and potentially obtained in the attack.

Medical History

The HIPAA Journal

APRIL 22, 2024

University of Wisconsin Hospitals and Clinics Authority Email Account Breach The University of Wisconsin Hospitals and Clinics Authority (UW Health) recently provided an update on a security incident that was detected in late 2023. 20, 2023, and Dec. 20, 2023, and Dec.

Medication

The HIPAA Journal

APRIL 29, 2024

Berry, Dunn, McNeil & Parker, LLC (BerryDunn) provides health data analytics services to healthcare providers, health insurers, and government regulatory and healthcare policy agencies and its clients provide BerryDunn with personal and health data to allow the firm to perform its contracted services.

HIPAA

The HIPAA Journal

JULY 5, 2024

The nature of the access was not disclosed; however, Providence said there is an active investigation by the California Department of Insurance. The review confirmed that only names, State IDs, driver’s license numbers, and health insurance coverage information were accessed.

HIPAA

The HIPAA Journal

APRIL 25, 2024

OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.” On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account.

HIPAA

The HIPAA Journal

JULY 5, 2024

An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database. The post Protected Health Information Stolen in HealthEquity SharePoint Breach appeared first on The HIPAA Journal.

HIPAA

The HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal. During that time, files on the network were viewed or copied.

Triage

Health Populi

FEBRUARY 27, 2024

That’s the mantra coming out of this week’s annual Capitol Conference convened by the National Association of Benefits and Insurance Professionals (NABIP). FYI you might know of NABIP by its former acronym, NAHU, the National Association of Health Underwriters).

Billing

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA

The HIPAA Journal

JULY 3, 2024

They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected. The post Texas Retina Associates Cyberattack Affects 312,000 Patients appeared first on The HIPAA Journal.

HIPAA

The HIPAA Journal

APRIL 29, 2024

The Health Breach Notification Rule applies to vendors of personal health records (PHRs) and related entities that are not covered by HIPAA and requires them to notify individuals in the event of a breach of unsecured personally identifiable health data, and in some cases, also notify the media.

HIPAA

The HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition. Other incidents accounted for 23% of claims, down 10% from H2, 2023.

Follow-Up

The HIPAA Journal

APRIL 26, 2024

The breach was detected on June 20, 2023, and it was determined that patient data may have been accessed or acquired by the unauthorized third party, although no specific evidence of data access or data theft was identified. County Department of Health Services Email Accounts appeared first on HIPAA Journal.

Business Associate

The HIPAA Journal

MAY 9, 2025

A new report from a leading cyber insurance provider shows a slight decline in claims for ransomware attacks in 2024. Fund transfer fraud was also costly, with an average loss of $185,000, although thats a 46% reduction from the $340,000 average loss in 2023.

Insurance

The HIPAA Journal

NOVEMBER 6, 2024

The types of data involved varied from individual to individual and included names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical treatment/diagnosis information, and health insurance information. The intrusion was detected on March 9, 2023, when ransomware was used to encrypt files.

HIPAA

Healthcare Law Insights blog

JANUARY 15, 2025

This marks the first update to the HIPAA Security Rule since 2013. From 2018-2023, OCR observed a 102% increase in breaches affecting 500 or more individuals, with 167 million affected in 2023 alone. These changes aim to address the steadily increasing risk of cyberattacks on critical healthcare infrastructure. population. [1]

HIPAA