2023, HIPAA and Insurance - Healthcare Support Central

Behavioral Healthcare Provider Settles HIPAA Risk Analysis Investigation for $225,000

The HIPAA Journal

JULY 8, 2025

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) with Deer Oaks – The Behavioral Health Solution for $225,000. OCR initiated an investigation of the incident in May 2023. 164.308(a)(1)(ii)(A).

HIPAA

HIPAA Discharges Long Term Care Business Associate

East Carolina Health Settles Data Leak Lawsuit for $250,000

The HIPAA Journal

JULY 11, 2025

A settlement has been approved to resolve a class action lawsuit against East Carolina Health (EC Health) that stemmed from a 2023 data breach that affected 19,085 individuals. The data breach occurred at East Carolina University’s Brody School of Medicine, a member of EC Health, and was discovered on or around December 21, 2023.

HIPAA

HIPAA Insurance Diagnostics Documentation

New York Woman Avoids Jail for Criminal HIPAA Violation

The HIPAA Journal

MARCH 21, 2025

A New York woman has avoided a jail term for a criminal violation of the Health Insurance Portability and Accountability Act (HIPAA), having been sentenced to probation. On March 23, 2023, Tonya DAgostino, 53, of Farmington, New York, mailed a parcel via USPS Priority Mail to an individual in Medina, New York. in restitution.

HIPAA

HIPAA Documentation Insurance

Webinars

How to Start Virtual Care the Right Way: A Proven Roadmap for 2025 and Beyond

MORE WEBINARS

April 2025 Healthcare Data Breach Report

The HIPAA Journal

MAY 21, 2025

Two large data breaches were reported in April that occurred way back in 2023, a ransomware attack on the City of Long Beach and a cyberattack on Dameron Hospital in California. These are likely to continue to be reported by affected HIPAA-regulated entities over the next few weeks.

Business Associate

Business Associate HIPAA Hospital Insurance

LivaNova Facing Multiple Class Action Lawsuits Over October 2023 Cyberattack

The HIPAA Journal

JULY 9, 2024

The Houston, TX-based medical device company, LivaNova, is facing multiple class action lawsuits over an October 2023 cyberattack that exposed the protected health information of 180,000 patients. The post LivaNova Facing Multiple Class Action Lawsuits Over October 2023 Cyberattack appeared first on The HIPAA Journal.

HIPAA

HIPAA Insurance Medication

What are the Penalties for HIPAA Violations?

The HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA

HIPAA Business Associate Follow-Up Medication

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

The HIPAA Journal

APRIL 23, 2024

Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July. According to the notification letters mailed to the affected individuals in April 2024, a cyberattack was detected on June 6, 2023, when its network was disrupted.

HIPAA

HIPAA Insurance Medication

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

The HIPAA Journal

APRIL 16, 2025

A settlement has been agreed to resolve a class action lawsuit against Retina Group of Washington over a March 2023 data breach that involved unauthorized access to the protected health information of 455,935 individuals. Million Settlement to Resolve Data Breach Lawsuit appeared first on The HIPAA Journal.

Follow-Up

Follow-Up HIPAA Documentation Scheduling

Cyberattack Forces North Carolina Radiology Practice to Close for More Than a Month

The HIPAA Journal

MARCH 19, 2025

Atlas Healthcare CT Atlas Healthcare CT, the operator of several skilled nursing and rehabilitation centers in Connecticut, was targeted by hackers who gained access to its network and acquired certain stored files on January 20, 2023. Neither entity has previously reported a data breach to OCR.

HIPAA

HIPAA Scheduling Hospital Billing

The Unexpected Burden of Billing for Small Behavioral Health Practices

Valant

JUNE 18, 2025

Behavioral health providers managing both clinical care and business operations face unique challenges: complex prior authorization requirements, extensive documentation standards, and insurance coverage barriers. Insurers denied 19% of in-network claims in 2023 , according to the Kaiser Family Foundation.

Billing

Billing Follow-Up Insurance Documentation

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

The HIPAA Journal

APRIL 30, 2024

The ransomware attack was discovered on November 19, 2023, and the forensic investigation confirmed that hackers gained access to its network on October 26, 2023. million in Q4, 2023, as a result of the attack. The post Patient Data Stolen from Livanova in October 2023 Ransomware Attack appeared first on HIPAA Journal.

HIPAA

HIPAA Insurance Hospital Medication

HIPAA Violation Cases

The HIPAA Journal

APRIL 27, 2025

HIPAA violation cases are compliance investigations that result from a data breach being notified to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) or a privacy complaint being submitted to OCR via the complaints portal. There are many different types of HIPAA violation cases.

HIPAA

HIPAA Business Associate Hospital Medication

$5.48 Million Settlement Approved to Resolve HealthEC Data Breach Litigation

The HIPAA Journal

JUNE 12, 2025

A settlement has been agreed to resolve class action data breach litigation against HealthEC and its clients over a 2023 hacking incident and data breach. Between July 14, 2023, and July 23, 2023, hackers accessed its network and stole files containing sensitive data. The settlement has received preliminary approval by Hon.

HIPAA

HIPAA Follow-Up Documentation Insurance

Genetic Testing Company 23andMe Files for Bankruptcy

The HIPAA Journal

MARCH 24, 2025

In 2023, the company was hit with a damaging data breach. users of the 23andMe service have a degree of protection under the Genetic Information Nondiscrimination Act (GITA), as their genetic data cannot be used to make employment or health insurance decisions but there may be other ways that their data could be used.

Tests

Tests HIPAA Insurance

Henry Ford Health Settles Tracking Technology Lawsuit

The HIPAA Journal

JULY 11, 2025

Henry Ford Health – was filed in Wayne County Circuit Court, State of Michigan, and alleges the disclosures violated the Health Insurance Portability and Accountability Act (HIPAA), as disclosures of PHI to third parties are not permitted by the HIPAA Privacy Rule for that purpose without obtaining an authorization.

HIPAA

HIPAA Transfers Scheduling Communication

Azura Vascular Care Agrees to $3.15 Million Data Breach Settlement

The HIPAA Journal

APRIL 1, 2025

On October 9, 2023, Azura Vascular Care identified suspicious network activity, with the forensic investigation confirming that hackers had access to its network between September 27, 2023, and October 9, 2023, during which time they potentially stole the protected health information of patients.

HIPAA

HIPAA Documentation Billing Scheduling

$14 Million Settlement Approved to Resolve Independent Living Systems Data Breach Litigation

The HIPAA Journal

JULY 11, 2025

The stolen information included names, Social Security numbers, taxpayer identification numbers, medical or health insurance information, and other sensitive information. The affected individuals were notified about the data breach on March 14, 2023.

Follow-Up

Follow-Up HIPAA Documentation Insurance

Healthcare Data Breach Statistics

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. On January 22, 2023, the breach portal listed 857 data breaches as still; under investigation.

Business Associate

Business Associate HIPAA Unit Organization and Environment Hospital

BakerHostetler Report Identifies Healthcare Data Breach and Litigation Trends

The HIPAA Journal

MAY 2, 2024

Data Breach Insights Healthcare accounted for 28% of data breach incidents, followed by finance and insurance (17%), business and professional services (15%), and education (13%). 27% of attacked companies paid a ransom in 2023, compared to 40% in 2022. million in 2023. The was a significant increase in data breaches at vendors.

HIPAA

HIPAA Follow-Up Certification Business Associate

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

The HIPAA Journal

APRIL 25, 2024

City of Hope National Medical Center identified suspicious activity within its network on October 13, 2023, and the forensic investigation confirmed there had been unauthorized access by a third party between September 19, 2023, and October 12, 2023.

Medication

Medication Medical History HIPAA Best Practices

$4.4 Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation

The HIPAA Journal

MAY 26, 2025

The lawsuit was filed in response to a cyberattack and data breach detected on or around April 25, 2023, when ransomware was used to encrypt files. Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation appeared first on The HIPAA Journal.

HIPAA

HIPAA Documentation Scheduling Insurance

Email Account Breaches Reported by Access TeleCare & Madison County, MS

The HIPAA Journal

MARCH 19, 2025

An investigation was launched which revealed an unauthorized third party had access to the email account for 2 months since November 6, 2023, and other email accounts may also have been accessed. The post Email Account Breaches Reported by Access TeleCare & Madison County, MS appeared first on The HIPAA Journal.

HIPAA

HIPAA Documentation Insurance Medication

Bradford Health Services Notifies Patients About 2023 Cyberattack

The HIPAA Journal

MAY 30, 2025

Bradford Health Services, Alabama Bradford Health Services in Birmingham, Alabama, has issued a May 30, 2025, notice about a data security incident that was detected more than 18 months ago on December 8, 2023. The post Bradford Health Services Notifies Patients About 2023 Cyberattack appeared first on The HIPAA Journal.

Tests

Tests HIPAA Hospital Collaboration

Email Breaches Reported by SkinCure Oncology & the Wisconsin Department of Health Services

The HIPAA Journal

JULY 4, 2024

SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the Wisconsin Department of Health Services has announced a breach of the personal information of 19,150 Medicaid recipients. SkinCure Oncology believes files in those email accounts were viewed and potentially obtained in the attack.

Medical History

Medical History HIPAA Insurance Medication

KU Health Facing Lawsuit Over Worker’s Unlawful Accessing of Nude Patient Photos

The HIPAA Journal

APRIL 17, 2025

The first unauthorized access occurred in February 2021 and continued until February 2023. In addition, the files accessed by the former employee contained names, contact information, dates of birth, health insurance information, and Social Security numbers. The lawsuit seeks a jury trial and compensatory and punitive damages.

Patient Records

Patient Records HIPAA Hospital Insurance

Email Accounts Compromised at UW Health and Medical Home Network

The HIPAA Journal

APRIL 22, 2024

University of Wisconsin Hospitals and Clinics Authority Email Account Breach The University of Wisconsin Hospitals and Clinics Authority (UW Health) recently provided an update on a security incident that was detected in late 2023. 20, 2023, and Dec. 20, 2023, and Dec.

Medication

Medication HIPAA Hospital Billing

Health Data Analytics Firm Reports 1.1-Million Record MSP Data Breach

The HIPAA Journal

APRIL 29, 2024

Berry, Dunn, McNeil & Parker, LLC (BerryDunn) provides health data analytics services to healthcare providers, health insurers, and government regulatory and healthcare policy agencies and its clients provide BerryDunn with personal and health data to allow the firm to perform its contracted services.

HIPAA

HIPAA Insurance Medication

Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services

The HIPAA Journal

JULY 5, 2024

The nature of the access was not disclosed; however, Providence said there is an active investigation by the California Department of Insurance. The review confirmed that only names, State IDs, driver’s license numbers, and health insurance coverage information were accessed.

HIPAA

HIPAA Patient Records Insurance Hospital

A Health Consumer Bill of Rights: Assuring Affordability, Access, Autonomy, and Equity

Health Populi

FEBRUARY 27, 2024

That’s the mantra coming out of this week’s annual Capitol Conference convened by the National Association of Benefits and Insurance Professionals (NABIP). FYI you might know of NABIP by its former acronym, NAHU, the National Association of Health Underwriters).

Billing

Billing Insurance HIPAA Hospital

HHS Updates HIPAA Rule to Enhance ePHI Security

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA

HIPAA Business Associate Best Practices Insurance

HHS updates HIPAA rule to enhance ePHI security

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA

HIPAA Business Associate Best Practices Insurance

Protected Health Information Stolen in HealthEquity SharePoint Breach

The HIPAA Journal

JULY 5, 2024

An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database. The post Protected Health Information Stolen in HealthEquity SharePoint Breach appeared first on The HIPAA Journal.

HIPAA

HIPAA Insurance Medication

BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network

The HIPAA Journal

APRIL 25, 2024

OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.” On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account.

HIPAA

HIPAA Insurance

SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks

The HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal. During that time, files on the network were viewed or copied.

Triage

Triage HIPAA Documentation Billing

Texas Retina Associates Cyberattack Affects 312,000 Patients

The HIPAA Journal

JULY 3, 2024

They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected. The post Texas Retina Associates Cyberattack Affects 312,000 Patients appeared first on The HIPAA Journal.

HIPAA

HIPAA Hospital Insurance Medication

FTC Issues Final Rule Updating Health Breach Notification Rule

The HIPAA Journal

APRIL 29, 2024

The Health Breach Notification Rule applies to vendors of personal health records (PHRs) and related entities that are not covered by HIPAA and requires them to notify individuals in the event of a breach of unsecured personally identifiable health data, and in some cases, also notify the media.

HIPAA

HIPAA Insurance Communication

Ransomware Attack Severity Increased 68% in H1, 2024

The HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition. Other incidents accounted for 23% of claims, down 10% from H2, 2023.

Follow-Up

Follow-Up Insurance Transfers HIPAA

Phishers Gain Access to 23 L.A. County Department of Health Services Email Accounts

The HIPAA Journal

APRIL 26, 2024

The breach was detected on June 20, 2023, and it was determined that patient data may have been accessed or acquired by the unauthorized third party, although no specific evidence of data access or data theft was identified. County Department of Health Services Email Accounts appeared first on HIPAA Journal.

Business Associate

Business Associate HIPAA Tests Medication

Cyber Insurance Provider Reports Fall in Claims Frequency in 2024

The HIPAA Journal

MAY 9, 2025

A new report from a leading cyber insurance provider shows a slight decline in claims for ransomware attacks in 2024. Fund transfer fraud was also costly, with an average loss of $185,000, although thats a 46% reduction from the $340,000 average loss in 2023.

Insurance

Insurance Transfers HIPAA

OCR Announces Proposed Updates to HIPAA Security Rule, Raises the Bar for Healthcare Cybersecurity

Healthcare Law Insights blog

JANUARY 15, 2025

This marks the first update to the HIPAA Security Rule since 2013. From 2018-2023, OCR observed a 102% increase in breaches affecting 500 or more individuals, with 167 million affected in 2023 alone. These changes aim to address the steadily increasing risk of cyberattacks on critical healthcare infrastructure. population. [1]

HIPAA

HIPAA Business Associate Follow-Up Documentation

20,000-Record Data Breaches Reported by Axis Health System & Gandara Mental Health Center

The HIPAA Journal

NOVEMBER 6, 2024

The types of data involved varied from individual to individual and included names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical treatment/diagnosis information, and health insurance information. The intrusion was detected on March 9, 2023, when ransomware was used to encrypt files.

HIPAA

HIPAA Insurance Medication Certification

Apria Healthcare Agrees to $6.4M Data Breach Settlement

The HIPAA Journal

MARCH 7, 2025

A further hacking incident was experienced in 2021 and was disclosed by Apria Healthcare in May 2023. Hackers had access to its network between August 27, 2021, and October 10, 2021, and potentially viewed or obtained personal, medical, health insurance, and financial information. The post Apria Healthcare Agrees to $6.4M

HIPAA

HIPAA Documentation Insurance Medication

GNC Offers “Free Healthcare” — Telehealth, Generic Meds, and Loyalty in the Retail Health Ecosystem

Health Populi

JULY 24, 2023

In the program’s FAQs, one question clearly addresses this, transparently and in layperson’s terms: Q: “Do I need health insurance to use GNC Health?” ” A: “Nope — insurance isn’t needed or accepted.” Here’s the list of those top-of-mind healthcare worries for U.S.

Insurance

Insurance Acute Care Billing HIPAA

$17.5 Million Settlement Resolves Infosys McCamish Systems Data Breach Lawsuit

The HIPAA Journal

MARCH 18, 2025

A settlement has been agreed to resolve multiple Infosys McCamish Systems class action lawsuits that were filed in response to a 2023 ransomware attack and data breach that involved unauthorized access to the personal data of more than 6 million individuals.Infosys is Indias second-largest IT services provider, and Infosys McCamish Systems is a U.S.

HIPAA

HIPAA Follow-Up Insurance Medication

Behavioral Healthcare Provider Settles HIPAA Risk Analysis Investigation for $225,000

East Carolina Health Settles Data Leak Lawsuit for $250,000

Webinars

Trending Sources

New York Woman Avoids Jail for Criminal HIPAA Violation

Webinars

April 2025 Healthcare Data Breach Report

LivaNova Facing Multiple Class Action Lawsuits Over October 2023 Cyberattack

What are the Penalties for HIPAA Violations?

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

Cyberattack Forces North Carolina Radiology Practice to Close for More Than a Month

The Unexpected Burden of Billing for Small Behavioral Health Practices

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

HIPAA Violation Cases

$5.48 Million Settlement Approved to Resolve HealthEC Data Breach Litigation

Genetic Testing Company 23andMe Files for Bankruptcy

Henry Ford Health Settles Tracking Technology Lawsuit

Azura Vascular Care Agrees to $3.15 Million Data Breach Settlement

$14 Million Settlement Approved to Resolve Independent Living Systems Data Breach Litigation

Healthcare Data Breach Statistics

BakerHostetler Report Identifies Healthcare Data Breach and Litigation Trends

Multiple Class Action Lawsuits Filed Against City of Hope National Medical Center Over Data Breach

$4.4 Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation

Email Account Breaches Reported by Access TeleCare & Madison County, MS

Bradford Health Services Notifies Patients About 2023 Cyberattack

Email Breaches Reported by SkinCure Oncology & the Wisconsin Department of Health Services

KU Health Facing Lawsuit Over Worker’s Unlawful Accessing of Nude Patient Photos

Email Accounts Compromised at UW Health and Medical Home Network

Health Data Analytics Firm Reports 1.1-Million Record MSP Data Breach

Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services

A Health Consumer Bill of Rights: Assuring Affordability, Access, Autonomy, and Equity

HHS Updates HIPAA Rule to Enhance ePHI Security

HHS updates HIPAA rule to enhance ePHI security

Protected Health Information Stolen in HealthEquity SharePoint Breach

BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network

SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks

Texas Retina Associates Cyberattack Affects 312,000 Patients

FTC Issues Final Rule Updating Health Breach Notification Rule

Ransomware Attack Severity Increased 68% in H1, 2024

Phishers Gain Access to 23 L.A. County Department of Health Services Email Accounts

Cyber Insurance Provider Reports Fall in Claims Frequency in 2024

OCR Announces Proposed Updates to HIPAA Security Rule, Raises the Bar for Healthcare Cybersecurity

20,000-Record Data Breaches Reported by Axis Health System & Gandara Mental Health Center

Apria Healthcare Agrees to $6.4M Data Breach Settlement

GNC Offers “Free Healthcare” — Telehealth, Generic Meds, and Loyalty in the Retail Health Ecosystem

$17.5 Million Settlement Resolves Infosys McCamish Systems Data Breach Lawsuit

Stay Connected