2025, HIPAA and Insurance - Healthcare Support Central

Behavioral Healthcare Provider Settles HIPAA Risk Analysis Investigation for $225,000

The HIPAA Journal

JULY 8, 2025

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) with Deer Oaks – The Behavioral Health Solution for $225,000. This is the 17th financial penalty to be imposed on a HIPAA-regulated entity this year.

HIPAA

HIPAA Discharges Long Term Care Business Associate

April 2025 Healthcare Data Breach Report

The HIPAA Journal

MAY 21, 2025

Biggest Healthcare Data Breaches in April 2025 In April, 27 data breaches of 10,000 or more records were reported to OCR, including 11 data breaches of 100,000 or more records. These are likely to continue to be reported by affected HIPAA-regulated entities over the next few weeks.

Business Associate

Business Associate HIPAA Hospital Insurance

Esse Health Confirms Almost 264,000 Patients Affected by April 2025 Cyberattack

The HIPAA Journal

JULY 1, 2025

Esse Health has confirmed that 263,601 individuals have been affected by its April 2025 cyberattack. Louis area in Missouri, has recently notified the Maine Attorney General about an April 2025 cyberattack and data breach involving unauthorized access to the personal and protected health information (PHI) of 263,601 individuals.

Insurance

Insurance Medical History HIPAA Diagnostics

Webinars

How to Start Virtual Care the Right Way: A Proven Roadmap for 2025 and Beyond

MORE WEBINARS

June 2025 Healthcare Data Breach Report

The HIPAA Journal

JULY 20, 2025

In June, HIPAA-regulated entities notified the HHS’ Office for Civil Rights (OCR) about 70 data breaches impacting 500 or more individuals, which is well above the 12-month average of 59 large data breaches per month. The median data breach size over the past 12 months is 4.7 million healthcare records a month. million individuals.

Business Associate

Business Associate HIPAA Medical Coding Insurance

Beacon Health System Affected by Two Business Associate Email Breaches

The HIPAA Journal

MARCH 28, 2025

Two breach notices have been added to the Beacon Health System website, the first on March 24, 2025, involving a business associate called CPS Solutions, a provider of services to support pharmacy operations. Notification letters were mailed to the affected individuals on February 10, 2025.

Business Associate

Business Associate HIPAA Insurance Certification

Medical Express Ambulance Service Data Breach Affects 118K Individuals

The HIPAA Journal

APRIL 16, 2025

Legal counsel for Medical Express confirmed that the data mining process was completed on January 30, 2025, and a mailing vendor was engaged on March 3, 2025. The final list for notifications was obtained on March 19, 2025, and the notification letters were mailed on April 14, 2025.

Medication

Medication HIPAA Insurance Medical History

Cyberattack on Sunflower Medical Group Affects 221,000 Patients

The HIPAA Journal

MARCH 11, 2025

The file review confirmed that the types of data compromised in the cyberattack included names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information. The post Cyberattack on Sunflower Medical Group Affects 221,000 Patients appeared first on The HIPAA Journal.

Medication

Medication Appointments HIPAA Insurance

Sunflower Medical Group Sued Over 221,000-Record Data Breach

The HIPAA Journal

MARCH 26, 2025

According to Sunflower Medical Group, the unauthorized access was identified and blocked on January 7, 2025. The hacker was able to access names, addresses, dates of birth, Social Security numbers, drivers license numbers, medical information, and health insurance information.

Medication

Medication HIPAA Insurance

Compumedics Cyberattack Affects Almost a Dozen Healthcare Providers

The HIPAA Journal

JULY 8, 2025

On March 22, 2025, Compumedics identified unauthorized access to its network which disrupted the operations of its information technology systems. They confirmed that an unauthorized third party had access to its systems between February 15, 2025, and March 23, 2025, during which time files were copied from its systems.

HIPAA

HIPAA Diagnostics Billing Insurance

Cooper Health System Data Breach Affects Almost 60,000 Individuals

The HIPAA Journal

MAY 26, 2025

The file review was completed on or around March 26, 2025, and confirmed that the compromised information included names and Social Security numbers. The ransomware attack was detected on March 13, 2025, and the forensic investigation determined on March 17, 2025, that the ransomware group had exfiltrated files from its network.

HIPAA

HIPAA Insurance Medication

DOJ Announces Largest Ever Health Care Fraud Takedown

The HIPAA Journal

JULY 1, 2025

Department of Justice has announced the results of its 2025 National Health Care Fraud Takedown, the largest in its history, eclipsing the previous record of $6 billion with actions to disrupt health care fraud schemes involving more than $14.6 billion in intended losses. They included individuals responsible for $10.6

Tests

Tests HIPAA Diagnostics Insurance

Medical Imaging Provider Confirms Data Breach Affecting More Than 348,000 Patients

The HIPAA Journal

AUGUST 5, 2025

Northwest Radiologists & Mount Baker Imaging Northwest Radiologists and Mount Baker Imaging have provided an update on a data breach first announced in March 2025. The forensic investigation confirmed that there had been unauthorized network access between January 20, 2025, and January 25, 2025.

Medication

Medication Follow-Up Business Associate Medical History

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

The HIPAA Journal

APRIL 16, 2025

The hackers encrypted files and stole data such as names, addresses, telephone numbers, email addresses, dates of birth, demographic information, Social Security numbers, drivers license numbers, medical record numbers, health information, payment information, and health insurance information. Bean of Siri & Glimstad LLP.

Follow-Up

Follow-Up HIPAA Documentation Scheduling

Small Georgia Medical Practice Closes Due to Cyberattack

The HIPAA Journal

JULY 21, 2025

Alpha Wellness and Alpha Medical Centre detected unusual network activity on February 3, 2025, and immediately launched an investigation. The compromised information included names, addresses, email addresses, phone numbers, health insurance information, and medical appointment information.

Medication

Medication HIPAA Insurance Appointments

Ascension Notifying Patients About Data Breach at Former Business Partner

The HIPAA Journal

APRIL 29, 2025

An investigation was launched, and it was determined on January 21, 2025, that Ascension had inadvertently disclosed patient data to the former business partner, and that data had likely been stolen in the hacking incident.Ascension confirmed that its own systems were unaffected.

Discharges

Discharges Medical History HIPAA Billing

Verisource Services Increases Data Breach Victim Count to 4 Million

The HIPAA Journal

APRIL 29, 2025

The OCR breach portal still lists the incident as affecting 112,726 patients and plan members of its HIPAA-regulated entity clients, although that total may well be updated in the coming days. The post Verisource Services Increases Data Breach Victim Count to 4 Million appeared first on The HIPAA Journal.

HIPAA

HIPAA Follow-Up Best Practices Billing

Montana Mental Health Center Announces 87,000-Record Data Breach

The HIPAA Journal

JULY 22, 2025

Western Montana Mental Health Center has notified almost 87,000 individuals about a September 2024 cyberattack, and Olde Towne Medical and Dental Center has announced that it fell victim to an Inc Ransom ransomware attack in May 2025. A review of files on the compromised parts of the network was initiated and concluded on May 27, 2025.

Follow-Up

Follow-Up HIPAA Medical Assistant Medication

$4.4 Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation

The HIPAA Journal

MAY 26, 2025

The ransomware group obtained names, dates of birth, Social Security numbers, state ID/driver’s license information, health and insurance information, banking information, and biometric data. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for August 15, 2025.

HIPAA

HIPAA Documentation Scheduling Insurance

East Carolina Health Settles Data Leak Lawsuit for $250,000

The HIPAA Journal

JULY 11, 2025

The files contained names, health insurance information, and diagnostic and/or clinical information. The lawsuit alleged an impermissible disclosure of protected health information in violation of the requirements of the Health Insurance Portability and Accountability Act (HIPAA). The lawsuit – Kaitlyn Hill.

HIPAA

HIPAA Insurance Diagnostics Documentation

Vitruvian Health & Erlanger Health Affected by Nationwide Recovery Service Cyberattack

The HIPAA Journal

APRIL 18, 2025

The document review was completed on January 30, 2025, when it was confirmed that the exposed information included first and last names, clinical/treatment information, medical provider names, medical record numbers, and patient account numbers. Notification letters were mailed to the affected individuals two months later, on March 31, 2025.

HIPAA

HIPAA Hospital Documentation Insurance

Healthcare Data Breaches Reported in Georgia, Washington & New Hampshire

The HIPAA Journal

MARCH 28, 2025

On March 20, 2025, Pineland Community Service Board disclosed a security incident detected on January 20, 2025. The forensic investigation confirmed unauthorized network access between November 24, 2024, and January 20, 2025, during which time the threat actor viewed or copied information from its network.

Appointments

Appointments HIPAA Insurance Billing

Northbay Healthcare Settles Data Breach Litigation for $3.6 Million

The HIPAA Journal

JULY 16, 2025

Data compromised in the incident included names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, medical information, health insurance information, biometric information, usernames/passwords, financial account numbers, and credit/debit card numbers. Million appeared first on The HIPAA Journal.

HIPAA

HIPAA Insurance Scheduling Medication

Cyberattack on Michigan Plastic Surgery Practice Affects Almost 20,000 Patients

The HIPAA Journal

MARCH 19, 2025

The Michigan-based aesthetic surgery provider detected unauthorized third-party access to its computer network on January 29, 2025. The exposed data included names, birth dates, Social Security numbers, and health insurance information. Suspicious activity was identified in a single computer on November 20, 2024.

HIPAA

HIPAA Insurance

Phishing Attack Affects Multiple Cancer Treatment Centers

The HIPAA Journal

JULY 8, 2025

The review of the accounts confirmed that they contained names, addresses, dates of birth, financial account information, diagnoses, lab results, medications, treatment information, health insurance and claims information, provider names, dates of treatment, and Social Security numbers.

HIPAA

HIPAA Insurance Medication

The Unexpected Burden of Billing for Small Behavioral Health Practices

Valant

JUNE 18, 2025

Behavioral health providers managing both clinical care and business operations face unique challenges: complex prior authorization requirements, extensive documentation standards, and insurance coverage barriers. Insurers denied 19% of in-network claims in 2023 , according to the Kaiser Family Foundation.

Billing

Billing Follow-Up Insurance Documentation

Gramercy Surgery Center Agrees to Pay $400,000 to Cover Data Breach Claims

The HIPAA Journal

JULY 9, 2025

The group had access to its network since June 14, 2025, and exfiltrated patient information such as names, addresses, Social Security numbers, dates of birth, driver’s license/state identification card numbers, medical record numbers, treatment information, and health insurance information. A lawsuit – Horvath v. . –

HIPAA

HIPAA Documentation Scheduling Insurance

Alera Group Notifies 155K Individuals About July 2024 Hacking Incident

The HIPAA Journal

AUGUST 8, 2025

a provider of risk management, insurance, and financial services, has notified 155,567 individuals about the potential theft of some of their protected health information. The incident was first announced on May 21, 2025, and has recently been reported to the HHS’ Office for Civil Rights.

Insurance

Insurance Medical History HIPAA Diagnostics

Seven Healthcare Organizations Added to Ransomware Groups’ Data Leak Sites

The HIPAA Journal

JULY 10, 2025

The HIPAA Journal has not downloaded any of the leaked data, so cannot confirm the accuracy of the groups’ claims. Arlington Occupational Health and Wellness in Texas was added to the group’s data leak site on July 4, 2025, along with samples of the stolen data and links to the full dataset.

Diagnostics

Diagnostics HIPAA Billing Documentation

Hillcrest Convalescent Center Announces 106K-Record Data Breach

The HIPAA Journal

MARCH 11, 2025

The data review was completed on February 13, 2025, and confirmed that names, dates of birth, Social Security numbers, medical information, treatment information, healthcare provider information, and health insurance information had been exposed.

HIPAA

HIPAA Insurance Medication

Genetic Testing Company 23andMe Files for Bankruptcy

The HIPAA Journal

MARCH 24, 2025

in early March 2025.In users of the 23andMe service have a degree of protection under the Genetic Information Nondiscrimination Act (GITA), as their genetic data cannot be used to make employment or health insurance decisions but there may be other ways that their data could be used.

Tests

Tests HIPAA Insurance

Lake Washington Vascular Ransomware Attack Affects 21,500 Patients

The HIPAA Journal

MARCH 20, 2025

on February 14, 2025. The intrusion was detected on January 13, 2025, and the investigation confirmed that an unauthorized third party had access to its network between December 8, 2024, and January 11, 2025. Peters, Missouri, has notified 1,265 individuals about a security incident on January 17, 2025.

Hospice

Hospice HIPAA Medical History Diagnostics

2025 Guide to Billing in Hospital Management Systems

Arkenea

JULY 23, 2025

These sophisticated platforms must navigate an increasingly complex landscape of insurance policies, regulatory requirements, and technological demands while maintaining the highest standards of data security and patient privacy. Advanced systems include claim scrubbing capabilities that identify and correct common errors before submission.

Billing

Billing Hospital Documentation Insurance

Cyberattack on Medical Imaging Provider Affects 1.4 Million Patients

The HIPAA Journal

JULY 18, 2025

At the start of the month, The HIPAA Journal reported on a cybersecurity incident at Radiology Associates of Richmond, a provider of medical imaging services at seven hospitals in central Virginia and multiple outpatient medical imaging facilities in the state. A network intrusion was detected by the law firm on or around May 6, 2025.

Medication

Medication HIPAA Insurance Hospital

Cyberattack Forces North Carolina Radiology Practice to Close for More Than a Month

The HIPAA Journal

MARCH 19, 2025

The breach was detected on January 15, 2025, and immediate action was taken to prevent further unauthorized access. The forensic investigation confirmed that an unauthorized third party accessed the account between January 10, 2025, and January 14, 2025, and potentially viewed or acquired patient data.

HIPAA

HIPAA Scheduling Hospital Billing

Endue Software Confirms Data Breach Affecting Multiple Providers

The HIPAA Journal

APRIL 29, 2025

In its April 11, 2025, substitute breach notice, Endue Software explained that unauthorized access to some of its systems was identified on February 17, 2025.The The forensic investigation confirmed that an unauthorized actor gained access to some of its systems for a brief period on February 16, 2025.

Hospital

Hospital HIPAA Insurance Medication

Family Health Center; NorthCare Settle Data Breach Lawsuits

The HIPAA Journal

AUGUST 7, 2025

The ransomware attack prevented access to certain systems, and the forensic investigation confirmed unauthorized access to names, addresses, health insurance information, Social Security numbers, and medical information. The deadline for exclusion from and objection to the settlement is September 12, 2025.

HIPAA

HIPAA Documentation Admissions Scheduling

Serviceaide Facing Multiple Class Action Lawsuits Over 483K-Record Data Breach

The HIPAA Journal

MAY 31, 2025

The HIPAA Journal reported on the breach on May 19, 2025, the same day six class action lawsuits were filed in federal court in California over the data breach. The affected individuals started to be notified about the data breach on May 9, 2025. More lawsuits are expected to be filed in the coming days.

HIPAA

HIPAA Insurance Medication

Boston Children’s Health Physicians Pays $5.15M to Settle Data Breach Lawsuit

The HIPAA Journal

AUGUST 6, 2025

The Bianlian hacking group claimed responsibility for the attack and gained access to names, Social Security numbers, addresses, dates of birth, driver’s license numbers, medical record numbers, health insurance information, billing information, and limited treatment information.

HIPAA

HIPAA Insurance Documentation Billing

Florida Gastroenterology Practice Settles Data Breach Class Action Complaint

The HIPAA Journal

JULY 22, 2025

Complimentary credit monitoring and credit score services were offered to the affected individuals, who were notified by mail in February 2025. All class members may submit a claim for two years of credit monitoring services, which include a $1,000,000 identity theft insurance policy.

HIPAA

HIPAA Admissions Documentation Scheduling

Navigating malpractice claims: A physician’s step-by-step guide

Physicians Practice

JULY 24, 2025

According to the National Association of Insurance Commissioners, around 110,000 malpractice claims will be filed in the U.S. They will notify your malpractice insurance carrier. Avoid discussing the incident with anyone outside your insurer or assigned defense attorney — including colleagues, staff, or even the patient’s family.

De-Escalation

De-Escalation Communication Billing Documentation

173,000 Patients Affected by Chord Specialty Dental Partners Email Data Breach

The HIPAA Journal

APRIL 1, 2025

A comprehensive and time-intensive review of the affected accounts was recently concluded, and it was confirmed that names, addresses, Social Security numbers, drivers license numbers, bank account information, payment card information, dates of birth, medical information, and health insurance information were stored in the accounts.

HIPAA

HIPAA Insurance Medication

Business Associate Data Breaches Affect Florida Healthcare Providers

The HIPAA Journal

AUGUST 7, 2025

The review was completed on June 6, 2025, and confirmed that Premier Dermatiology Partners’ data was present in the compromised accounts. Many of the healthcare providers affected by the Oracle Health incident issued notifications shortly after being notified about the January 22, 2025, hacking incident.

Business Associate

Business Associate Medical History HIPAA Tests

Surmodics & Kentfield Hospital Fall Victim to Cyberattacks

The HIPAA Journal

JULY 7, 2025

According to the filing, a breach of its IT systems was detected on June 5, 2025, which rendered certain IT systems and data unavailable. Surmotics holds a cyber insurance policy and anticipates that the policy will cover a significant percentage of any expenditures, not including the deductible and certain exclusions.

Hospital

Hospital HIPAA Diagnostics Tests

Azura Vascular Care Agrees to $3.15 Million Data Breach Settlement

The HIPAA Journal

APRIL 1, 2025

All claims must be submitted by or be postmarked by June 30, 2025. The settlement has received preliminary approval from the court, and the final approval hearing has been scheduled for June 16, 2025. Million Data Breach Settlement appeared first on The HIPAA Journal. The post Azura Vascular Care Agrees to $3.15

HIPAA

HIPAA Documentation Billing Scheduling

Behavioral Healthcare Provider Settles HIPAA Risk Analysis Investigation for $225,000

April 2025 Healthcare Data Breach Report

Webinars

Trending Sources

Esse Health Confirms Almost 264,000 Patients Affected by April 2025 Cyberattack

Webinars

June 2025 Healthcare Data Breach Report

Beacon Health System Affected by Two Business Associate Email Breaches

Medical Express Ambulance Service Data Breach Affects 118K Individuals

Cyberattack on Sunflower Medical Group Affects 221,000 Patients

Sunflower Medical Group Sued Over 221,000-Record Data Breach

Compumedics Cyberattack Affects Almost a Dozen Healthcare Providers

Cooper Health System Data Breach Affects Almost 60,000 Individuals

DOJ Announces Largest Ever Health Care Fraud Takedown

Medical Imaging Provider Confirms Data Breach Affecting More Than 348,000 Patients

Retina Group of Washington Agrees to $3.6 Million Settlement to Resolve Data Breach Lawsuit

Small Georgia Medical Practice Closes Due to Cyberattack

Ascension Notifying Patients About Data Breach at Former Business Partner

Verisource Services Increases Data Breach Victim Count to 4 Million

Montana Mental Health Center Announces 87,000-Record Data Breach

$4.4 Million Settlement Agreed to Resolve WellNow Urgent Care Data Breach Litigation

East Carolina Health Settles Data Leak Lawsuit for $250,000

Vitruvian Health & Erlanger Health Affected by Nationwide Recovery Service Cyberattack

Healthcare Data Breaches Reported in Georgia, Washington & New Hampshire

Northbay Healthcare Settles Data Breach Litigation for $3.6 Million

Cyberattack on Michigan Plastic Surgery Practice Affects Almost 20,000 Patients

Phishing Attack Affects Multiple Cancer Treatment Centers

The Unexpected Burden of Billing for Small Behavioral Health Practices

Gramercy Surgery Center Agrees to Pay $400,000 to Cover Data Breach Claims

Alera Group Notifies 155K Individuals About July 2024 Hacking Incident

Seven Healthcare Organizations Added to Ransomware Groups’ Data Leak Sites

Hillcrest Convalescent Center Announces 106K-Record Data Breach

Genetic Testing Company 23andMe Files for Bankruptcy

Lake Washington Vascular Ransomware Attack Affects 21,500 Patients

2025 Guide to Billing in Hospital Management Systems

Cyberattack on Medical Imaging Provider Affects 1.4 Million Patients

Cyberattack Forces North Carolina Radiology Practice to Close for More Than a Month

Endue Software Confirms Data Breach Affecting Multiple Providers

Family Health Center; NorthCare Settle Data Breach Lawsuits

Serviceaide Facing Multiple Class Action Lawsuits Over 483K-Record Data Breach

Boston Children’s Health Physicians Pays $5.15M to Settle Data Breach Lawsuit

Florida Gastroenterology Practice Settles Data Breach Class Action Complaint

Navigating malpractice claims: A physician’s step-by-step guide

173,000 Patients Affected by Chord Specialty Dental Partners Email Data Breach

Business Associate Data Breaches Affect Florida Healthcare Providers

Surmodics & Kentfield Hospital Fall Victim to Cyberattacks

Azura Vascular Care Agrees to $3.15 Million Data Breach Settlement

Stay Connected