This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) with Deer Oaks – The Behavioral Health Solution for $225,000. This is the 17th financial penalty to be imposed on a HIPAA-regulated entity this year.
Esse Health has confirmed that 263,601 individuals have been affected by its April 2025 cyberattack. Louis area in Missouri, has recently notified the Maine Attorney General about an April 2025 cyberattack and data breach involving unauthorized access to the personal and protected health information (PHI) of 263,601 individuals.
Biggest Healthcare Data Breaches in April 2025 In April, 27 data breaches of 10,000 or more records were reported to OCR, including 11 data breaches of 100,000 or more records. These are likely to continue to be reported by affected HIPAA-regulated entities over the next few weeks.
On March 22, 2025, Compumedics identified unauthorized access to its network which disrupted the operations of its information technology systems. They confirmed that an unauthorized third party had access to its systems between February 15, 2025, and March 23, 2025, during which time files were copied from its systems.
Two breach notices have been added to the Beacon Health System website, the first on March 24, 2025, involving a business associate called CPS Solutions, a provider of services to support pharmacy operations. Notification letters were mailed to the affected individuals on February 10, 2025.
Legal counsel for Medical Express confirmed that the data mining process was completed on January 30, 2025, and a mailing vendor was engaged on March 3, 2025. The final list for notifications was obtained on March 19, 2025, and the notification letters were mailed on April 14, 2025.
Department of Justice has announced the results of its 2025 National Health Care Fraud Takedown, the largest in its history, eclipsing the previous record of $6 billion with actions to disrupt health care fraud schemes involving more than $14.6 billion in intended losses. They included individuals responsible for $10.6
The file review confirmed that the types of data compromised in the cyberattack included names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information. The post Cyberattack on Sunflower Medical Group Affects 221,000 Patients appeared first on The HIPAA Journal.
According to Sunflower Medical Group, the unauthorized access was identified and blocked on January 7, 2025. The hacker was able to access names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information.
The files contained names, health insurance information, and diagnostic and/or clinical information. The lawsuit alleged an impermissible disclosure of protected health information in violation of the requirements of the Health Insurance Portability and Accountability Act (HIPAA). The lawsuit – Kaitlyn Hill.
The file review was completed on or around March 26, 2025, and confirmed that the compromised information included names and Social Security numbers. The ransomware attack was detected on March 13, 2025, and the forensic investigation determined on March 17, 2025, that the ransomware group had exfiltrated files from its network.
The hackers encrypted files and stole data such as names, addresses, telephone numbers, email addresses, dates of birth, demographic information, Social Security numbers, drivers license numbers, medical record numbers, health information, payment information, and health insurance information. Bean of Siri & Glimstad LLP.
An investigation was launched, and it was determined on January 21, 2025, that Ascension had inadvertently disclosed patient data to the former business partner, and that data had likely been stolen in the hacking incident.Ascension confirmed that its own systems were unaffected.
The HIPAA Journal has not downloaded any of the leaked data, so cannot confirm the accuracy of the groups’ claims. Arlington Occupational Health and Wellness in Texas was added to the group’s data leak site on July 4, 2025, along with samples of the stolen data and links to the full dataset.
Behavioral health providers managing both clinical care and business operations face unique challenges: complex prior authorization requirements, extensive documentation standards, and insurance coverage barriers. Insurers denied 19% of in-network claims in 2023 , according to the Kaiser Family Foundation.
The group had access to its network since June 14, 2025, and exfiltrated patient information such as names, addresses, Social Security numbers, dates of birth, driver’s license/state identification card numbers, medical record numbers, treatment information, and health insurance information. A lawsuit – Horvath v. . –
The OCR breach portal still lists the incident as affecting 112,726 patients and plan members of its HIPAA-regulated entity clients, although that total may well be updated in the coming days. The post Verisource Services Increases Data Breach Victim Count to 4 Million appeared first on The HIPAA Journal.
The ransomware group obtained names, dates of birth, Social Security numbers, state ID/driver’s license information, health and insurance information, banking information, and biometric data. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for August 15, 2025.
The review of the accounts confirmed that they contained names, addresses, dates of birth, financial account information, diagnoses, lab results, medications, treatment information, health insurance and claims information, provider names, dates of treatment, and Social Security numbers.
The document review was completed on January 30, 2025, when it was confirmed that the exposed information included first and last names, clinical/treatment information, medical provider names, medical record numbers, and patient account numbers. Notification letters were mailed to the affected individuals two months later, on March 31, 2025.
On March 20, 2025, Pineland Community Service Board disclosed a security incident detected on January 20, 2025. The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network.
The Michigan-based aesthetic surgery provider detected unauthorized third-party access to its computer network on January 29, 2025. The exposed data included names, birth dates, Social Security numbers, and health insurance information. Suspicious activity was identified in a single computer on November 20, 2024.
on February 14, 2025. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025. Peters, Missouri, has notified 1,265 individuals about a security incident on January 17, 2025.
The data review was completed on February 13, 2025, and confirmed that names, dates of birth, Social Security numbers, medical information, treatment information, healthcare provider information, and health insurance information had been exposed.
in early March 2025.In users of the 23andMe service have a degree of protection under the Genetic Information Nondiscrimination Act (GITA), as their genetic data cannot be used to make employment or health insurance decisions but there may be other ways that their data could be used.
According to the filing, a breach of its IT systems was detected on June 5, 2025, which rendered certain IT systems and data unavailable. Surmotics holds a cyber insurance policy and anticipates that the policy will cover a significant percentage of any expenditures, not including the deductible and certain exclusions.
The breach was detected on January 15, 2025, and immediate action was taken to prevent further unauthorized access. The forensic investigation confirmed that an unauthorized third party accessed the account between January 10, 2025, and January 14, 2025, and potentially viewed or acquired patient data.
In its April 11, 2025, substitute breach notice, Endue Software explained that unauthorized access to some of its systems was identified on February 17, 2025.The The forensic investigation confirmed that an unauthorized actor gained access to some of its systems for a brief period on February 16, 2025.
The HIPAA Journal reported on the breach on May 19, 2025, the same day six class action lawsuits were filed in federal court in California over the data breach. The affected individuals started to be notified about the data breach on May 9, 2025. More lawsuits are expected to be filed in the coming days.
A comprehensive and time-intensive review of the affected accounts was recently concluded, and it was confirmed that names, addresses, Social Security numbers, drivers license numbers, bank account information, payment card information, dates of birth, medical information, and health insurance information were stored in the accounts.
Henry Ford Health – was filed in Wayne County Circuit Court, State of Michigan, and alleges the disclosures violated the Health Insurance Portability and Accountability Act (HIPAA), as disclosures of PHI to third parties are not permitted by the HIPAA Privacy Rule for that purpose without obtaining an authorization.
Do you know how to manage insurance claims to minimize denials and maintain your cash flow? Billing and Revenue Cycle Insurance claims are complex, which is why some practices employ dedicated billing staff. HIPAA Compliance and Data Security Every technology solution you use must meet strict standards for protecting patient data.
All claims must be submitted by or be postmarked by June 30, 2025. The settlement has received preliminary approval from the court, and the final approval hearing has been scheduled for June 16, 2025. Million Data Breach Settlement appeared first on The HIPAA Journal. The post Azura Vascular Care Agrees to $3.15
Recent Videos Related Content Decoding malpractice premiums: Insider insights every physician should know Jennifer Wiggins June 27th 2025 Article Check out these essential insights on controlling malpractice insurance premiums, including specialty impact, location factors, policy types and available discounts for physicians.
Compliance and Security Upgrades HIPAA compliance audits: $5,000 – $15,000 Security assessments: $3,000 – $10,000 Data encryption upgrades: $2,000 – $8,000 Total Cost of Ownership (TCO) Analysis Understanding the total cost of ownership is crucial for making informed EHR investment decisions.
Recent Videos Related Content Decoding malpractice premiums: Insider insights every physician should know Jennifer Wiggins June 27th 2025 Article Check out these essential insights on controlling malpractice insurance premiums, including specialty impact, location factors, policy types and available discounts for physicians.
An analysis of the exposed files confirmed they contained patient information such as names, Social Security numbers, birth dates, medical record numbers, driver’s license numbers, health insurance numbers, Medicare numbers, Medicaid numbers, health insurance information, and medical and treatment information.
These regulations ensure that healthcare providers accurately bill patients and insurance companies while protecting sensitive patient information. Following health insurance policies and procedures. For example, this April 2025, CMS announces 50 new ICD-10-PCS codes (PDF). Why is medical compliance critical? The result?
A data review vendor was engaged, and Access TeleCare was provided with the final results of the review on August 30, 2024; however, it took until March 4, 2025, for individual notifications to be mailed. On January 14, 2025, an employee emailed a document to a personal email account.
Suspicious network activity was identified by Dermatologists of Birmingham on or around March 7, 2025. A comprehensive review was conducted of all exposed files, and that process was completed on May 15, 2025. A limited subset of individuals also had their Social Security numbers exposed.
After learning that the insurance company (trying to play doctor) recommends a generic drug that is less effective and has more adverse effects because it does not carry the more expensive drug on its formulary, this gives the doctor cause for concern for their patient.
According to Statista, the global IT outsourcing market is projected to exceed $591billion by 2025, reflecting a compound annual growth rate of 5.1percent. Faster TimetoMarket In a health insurance policy management system project, a client achieved a fourmonth launch timeline by outsourcing development and QA to a dedicated vendor.
In addition to responding to the specific questions in the RFI, HLCs and the Confidentiality Coalitions comments focused on the critical need to harmonize federal data privacy and security standards with the Health Insurance Portability and Accountability Act (HIPAA). Published April 9, 2025 You can view the response here.
which does business as Erie Insurance, is investigating a network intrusion. Erie Insurance is a Fortune 500 company that provides a range of insurance policies, including life insurance, auto insurance, cyber insurance, and Medicare supplements. Pennsylvania-based Erie Indemnity Corp.,
We organize all of the trending information in your field so you don't have to. Join 5,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content