The HIPAA Journal

MARCH 19, 2025

The Michigan-based aesthetic surgery provider detected unauthorized third-party access to its computer network on January 29, 2025. At the time of issuing notification letters on March 7, 2025, the Hand & Plastic Surgery Centre was unaware of any reports of identity theft or fraud as a result of the incident.

HIPAA 89

HIPAA Insurance 89

The HIPAA Journal

MARCH 26, 2025

According to Sunflower Medical Group, the unauthorized access was identified and blocked on January 7, 2025. Notification letters were mailed to the affected individuals on March 7, 2025, and complimentary credit monitoring and identity theft protection services were offered to individuals whose Social Security numbers were involved.

Medication 74

Medication HIPAA Insurance 74

The HIPAA Journal

APRIL 29, 2025

In its April 11, 2025, substitute breach notice, Endue Software explained that unauthorized access to some of its systems was identified on February 17, 2025.The The forensic investigation confirmed that an unauthorized actor gained access to some of its systems for a brief period on February 16, 2025.

Hospital 75

Hospital HIPAA Insurance Medication 75

The HIPAA Journal

APRIL 16, 2025

The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for June 9, 2025. The deadline for exclusion from the settlement and objection to the settlement is May 27, 2025, and the deadline for submitting claims is June 23, 2025. Bean of Siri & Glimstad LLP.

Follow-Up 68

Follow-Up HIPAA Documentation Scheduling 68

The HIPAA Journal

MARCH 19, 2025

The breach was detected on January 15, 2025, and immediate action was taken to prevent further unauthorized access. The forensic investigation confirmed that an unauthorized third party accessed the account between January 10, 2025, and January 14, 2025, and potentially viewed or acquired patient data.

HIPAA 85

HIPAA Scheduling Hospital Billing 85

The HIPAA Journal

MARCH 17, 2025

Vulnerability CVE-2025-2230 is due to improper authentication. Vulnerability CVE-2025-2229 is due to weak credentials, where a token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. CVE-2025-2230 was resolved in the May 2019 release, ISCV 4.2

HIPAA 73

HIPAA Patient Records 73

Mobius MD

FEBRUARY 14, 2025

Below, weve compiled some of the best medical apps doctors use to solve everyday clinical needs in 2025. Top Medical Apps for Physicians in 2025 Apps for Clinical Communication Doximity is one of the most widely used apps among physicians. It offers HIPAA-compliant messaging, free digital faxing, and telehealth capabilities.

Medication 52

Medication HIPAA Documentation Communication 52

The HIPAA Journal

APRIL 17, 2025

One of the objectives of the HIPAA Journal 2024/25 Annual Survey was to obtain insights into HIPAA compliance best practices. The proposed update was published as a Notice of Proposed Rulemaking (NPRM) in January 2025. Why CPG Awareness Needs to be Improved There are several reasons why CPG awareness needs to be improved.

HIPAA 62

HIPAA Best Practices Tests Communication 62

The HIPAA Journal

MARCH 11, 2025

The review of the compromised files was completed on January 22, 2025, and it was confirmed that they contained the personal and protected health information of 122,437 individuals who had previously received care at either the Center for Digestive Health or the Center for Digestive Endoscopy.

Medication 81

Medication HIPAA Appointments Insurance 81

The HIPAA Journal

APRIL 30, 2025

City officials confirmed that notification letters started to be mailed on April 14, 2025. The post City of Long Beach Notifies Individuals Affected by November 2023 Cyberattack appeared first on The HIPAA Journal. It then took a further 13 months before notification letters were mailed to the affected individuals.

HIPAA 69

HIPAA 69

Mobius MD

JANUARY 1, 2025

However, managing a successful medical practice in 2025 will require lots of work beyond the EMR. Medical practice software: the best of 2025 As a medical workflow company, our team at Mobius MD constantly follows the latest in practice management software and health IT.

Medication 52

Medication Scheduling Documentation Communication 52

The HIPAA Journal

MARCH 20, 2025

on February 14, 2025. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025. Peters, Missouri, has notified 1,265 individuals about a security incident on January 17, 2025.

Hospice 79

Hospice HIPAA Medical History Diagnostics 79

The HIPAA Journal

APRIL 18, 2025

The document review was completed on January 30, 2025, when it was confirmed that the exposed information included first and last names, clinical/treatment information, medical provider names, medical record numbers, and patient account numbers. Notification letters were mailed to the affected individuals two months later, on March 31, 2025.

HIPAA 55

HIPAA Hospital Documentation Insurance 55

Arkenea

MARCH 26, 2025

Raleigh, NC March 26, 2025: Arkenea, a leading healthcare software development company , is proud to be recognized as the Best Bespoke Healthcare Software Developer 2025 East Coast USA by Global Health & Pharma (GHP) Magazine for the second consecutive year. To learn more, visit www.arkenea.com.

HIPAA 52

HIPAA 52

The HIPAA Journal

APRIL 1, 2025

On or around March 14, 2025, notification letters started to be mailed to the affected individuals, who have been offered complimentary credit monitoring and identity theft protection services out of an abundance of caution.

HIPAA 75

HIPAA Insurance Medication 75

Arkenea

MARCH 27, 2025

Raleigh, NC March 26, 2025: Arkenea, a leading healthcare software development company , is proud to be recognized as the Best Bespoke Healthcare Software Developer 2025 East Coast USA by Global Health & Pharma (GHP) Magazine for the second consecutive year. To learn more, visit www.arkenea.com.

HIPAA 52

HIPAA 52

The HIPAA Journal

MARCH 19, 2025

A data review vendor was engaged, and Access TeleCare was provided with the final results of the review on August 30, 2024; however, it took until March 4, 2025, for individual notifications to be mailed. On January 14, 2025, an employee emailed a document to a personal email account.

HIPAA 74

HIPAA Documentation Insurance Medication 74

The HIPAA Journal

MARCH 21, 2025

On March 17, 2025, Nebraska Governor Jim Pillen signed Legislative Bill 241 into law, which limits class action liability for private entities for cybersecurity events. The new law will take effect three months from the adjournment of the Nebraska Legislatures 2025 session.

HIPAA 53

HIPAA Billing 53

The HIPAA Journal

APRIL 30, 2025

In April 2025, two companies were discovered to have failed to conduct exclusion list checks, resulting in the employment of excluded individuals. The post Healthcare Orgs Fined for Employing Nurses on the HHS-OIG Exclusion List appeared first on The HIPAA Journal.

Diagnostics 72

Diagnostics Billing HIPAA 72

The HIPAA Journal

MARCH 11, 2025

The data review was completed on February 13, 2025, and confirmed that names, dates of birth, Social Security numbers, medical information, treatment information, healthcare provider information, and health insurance information had been exposed.

HIPAA 68

HIPAA Insurance Medication 68

The HIPAA Journal

MARCH 18, 2025

An amendment to the law has been signed by state governor Andy Beshear that narrows the scope of the law, exempting information collected by healthcare providers covered under HIPAA that maintain protected health information in compliance with the HIPAA Rules and other related regulations. 8 164.514(e).

HIPAA 73

HIPAA Documentation 73

The HIPAA Journal

MARCH 28, 2025

On March 20, 2025, Pineland Community Service Board disclosed a security incident detected on January 20, 2025. The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network.

Appointments 53

Appointments HIPAA Insurance Billing 53

The HIPAA Journal

MARCH 24, 2025

in early March 2025.In The post Genetic Testing Company 23andMe Files for Bankruptcy appeared first on The HIPAA Journal. The company was successful initially and went public in 2021 via a merger with a Special Purpose Acquisition Company (SPAC) and had a market capitalization of $6 billion.

Tests 82

Tests HIPAA Insurance 82

The HIPAA Journal

APRIL 1, 2025

All claims must be submitted by or be postmarked by June 30, 2025. The settlement has received preliminary approval from the court, and the final approval hearing has been scheduled for June 16, 2025. Million Data Breach Settlement appeared first on The HIPAA Journal. The post Azura Vascular Care Agrees to $3.15

HIPAA 60

HIPAA Documentation Billing Scheduling 60

The HIPAA Journal

APRIL 30, 2025

The implication of this requirement if finalized – is that covered entities will only be permitted to contract services from business associates that can demonstrate compliance with HIPAA. Despite the variety of compliance requirements, some areas of HIPAA compliance are common to all business associates.

Business Associate 52

Business Associate HIPAA Documentation Certification 52

The HIPAA Journal

MARCH 5, 2025

The upward trend in ransomware attacks in 2024 has continued in 2025 with large numbers of new victims added to ransomware groups data leak sites in January and February. victims were added to data leak sites, with the victim count rising to 378 in 2025. Over the first five weeks of 2024, 282 new U.S.

HIPAA 66

HIPAA 66

The HIPAA Journal

APRIL 29, 2025

The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for August 27, 2025. The deadline for exclusion from the settlement, objection to the settlement, and submitting claims is July 3, 2025.

Follow-Up 103

Follow-Up HIPAA Best Practices Documentation 103

The HIPAA Journal

APRIL 4, 2025

The employee was a remote worker, and following a January 2025 virtual meeting with his manager, the manager raised concerns with the privacy team that the individual with whom the manager had been interacting may not have been the person who was initially hired for the position.

Tests 81

Tests HIPAA Medication 81

The HIPAA Journal

MARCH 27, 2025

The post 99% Of Healthcare Orgs Managing IoMT Devices with Known Exploited Vulnerabilities appeared first on The HIPAA Journal. The industrial cybersecurity platform provider Claroty analyzed more than 2.25

Hospital 55

Hospital HIPAA Patient Care Medication 55

The HIPAA Journal

APRIL 28, 2025

Frederick Health Medical Group, a Maryland-based healthcare group, announced on January 27, 2025, that it had fallen victim to a ransomware attack and had called in cybersecurity experts to investigate the incident. The post Ransomware Attack on Frederick Health Medical Group Affects 934,000 Patients appeared first on The HIPAA Journal.

Medication 88

Medication HIPAA Best Practices Insurance 88

The HIPAA Journal

APRIL 2, 2025

SimonMed Imaging has recently confirmed that it was affected by a cybersecurity incident earlier this year that involved unauthorized access to patient data via one of its vendors.The Scottsdale, Arizona-based radiology practice said that on January 27, 2025, it was alerted by one of its vendors that they were experiencing a security incident.

HIPAA 52

HIPAA Insurance Medication 52

The HIPAA Journal

APRIL 28, 2025

Email accounts have been compromised at four HIPAA-regulated organizations: Alternate Solutions Health Network in Ohio; Park Royal Hospital in Florida; 90 Degree Benefits in Minnesota; and the Charleston Fire Department in West Virginia. Individual notification letters also started to be mailed on April 14, 2025.

HIPAA 72

HIPAA Billing Hospital Insurance 72

Healthcare Law Insights blog

JANUARY 15, 2025

This marks the first update to the HIPAA Security Rule since 2013. 1] The Proposed Rule applies to HIPAA-regulated entities, including Covered Entities such as health plans, healthcare clearinghouses, most healthcare providers, and their Business Associates. population. [1]

HIPAA 52

HIPAA Business Associate Follow-Up Documentation 52

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. This page is regularly updated to reflect the latest healthcare data breach statistics.

Business Associate 109

Business Associate HIPAA Unit Organization and Environment Hospital 109

The HIPAA Journal

APRIL 15, 2025

The attack occurred on Saturday, April 12, 2025, and is impacting some of its operations, according to a Monday, April 14, 2025, 8K filing with the U.S. The post Dialysis Provider DaVita Hit with Ransomware Attack appeared first on The HIPAA Journal. Securities and Exchange Commission (SEC).

HIPAA 82

HIPAA 82

Health Populi

OCTOBER 30, 2024

Finally, doctors are trusted data stewards for patients — something we’ve appreciated since the advent of HIPAA. Bravo to Essence Healthcare, a Medicare Advantage plan, for offering Oura rings in 2025 to members who want to engage with self-tracking, sharing data, and acting on advice to benefit their health as they age.

Medication 71

Medication HIPAA Hospital Patient Experience 71

Mobius MD

MARCH 7, 2025

This article discusses three of the top HIPAA-compliant medical dictation apps in 2025. Three of the best products on the market in 2025 are Mobius Conveyor , Dragon Medical One , and NVoq.Voice. More physicians are using medical speech-to-text software to save time on clinical notes.

Medication 52

Medication Documentation HIPAA Hospice 52