The HIPAA News category provides comprehensive and up-to-date coverage of key developments in the world of HIPAA regulations. From major data breaches to enforcement actions, regulatory updates, and industry-specific news, this section is dedicated to keeping you informed about the events and changes that impact healthcare privacy laws.
Our reporting covers significant legal rulings, government actions, policy changes, and emerging trends within the healthcare industry, all with a focus on HIPAA compliance. Whether it’s a new mandate from the Department of Health and Human Services (HHS), a high-profile breach affecting patient data, or evolving enforcement priorities, you’ll find timely and accurate news here to help you stay current with critical HIPAA-related events.
This category is designed for healthcare professionals, business associates, and industry stakeholders who need reliable, real-time updates on the changing HIPAA landscape, with a focus on reporting rather than guidance or interpretation.
New York-based reproductive healthcare provider, Planned Parenthood of Montana, has given additional information about the RansomHub ransomware attack that was initially reported at the beginning of September. During the initial security breach report, the investigation just started and it was not confirmed if the attacker stole any patient information. Now, there is confirmation from Planned … Read more
Multiple class-action lawsuits had been filed against Gryphon Healthcare based in Houston, TX, a revenue cycle management and medical billing solutions provider to healthcare companies. The lawsuits are associated with a data breach in August 2024 involving unauthorized access to almost 400,000 individuals’ protected health information (PHI). The breached data contained names, contact data, Social … Read more
In late October, the National Institute for Standards and Technology (NIST) and the Department of Health and Human Services (HHS)hosted a conference called “Safeguarding Health Information: Building Assurance Through HIPAA Security 2024”. Participants received information about the present state of cybersecurity in healthcare and the role of the HIPAA Security Rule in helping HIPAA-covered entities … Read more
Multi-specialty pediatric group Boston Children’s Health Physicians (BCHP) based in Valhalla, NY provides services to newborns and children in New York and Connecticut. BCHP has reported that its IT vendor encountered a cyberattack. The IT vendor informed BCHP on September 6, 2024, that strange activity was noticed in the IT vendor’s network. On September 10, … Read more
Network of behavioral health facilities, AXIS Health System based in Colorado, has published a notification on its website about encountering a cyber incident. Not much information is provided about the nature of the attack except the initiation of incident response protocols. Investigation is ongoing to know the nature and extent of the breach. In case … Read more
Ponemon Institute conducted a new survey for Proofpoint, which revealed that almost all U.S. healthcare organizations faced a cyberattack in the past year. Of the 648 IT and IT Security experts surveyed, 92% reported at least one cyberattack in the last 12 months, compared to 88% of survey respondents in 2023. The report found that … Read more
A new update to the National Institute of Standards and Technology (NIST) password security guidelines now recommends longer passwords over the previous focus on using a mix of uppercase and lowercase letters, numbers, and special characters. While using multiple character types makes the password more complex, it often results in predictable patterns, which weakens security. … Read more
Because of a massive data breach, Change Healthcare is facing dozens of lawsuits filed by plaintiffs across multiple districts. The cyberattack in question resulted in the theft of 6 TB of sensitive data, including personal and protected health information (PHI) of millions of individuals throughout the United States. The lawsuits allege that Change Healthcare failed … Read more
Texas Attorney General Ken Paxton has initiated a lawsuit against the Department of Health and Human Services (HHS), its Secretary Xavier Becerra, and Director Melanie Fontes Rainer of the Office for Civil Rights (OCR). The lawsuit challenges the long-standing HIPAA Privacy Rule and the 2024 HHS final rule concerning reproductive healthcare privacy. Paxton contends that … Read more
Lehigh Valley Health Network (LVHN) agreed to pay $65 million to settle a class action lawsuit over a data breach in 2023. This settlement of a HIPAA violation will compensate plaintiffs whose sensitive data, including nude photos, was stolen and later posted on the dark web. The breach, caused by a Blackcat ransomware attack, exposed … Read more
The Ransom Hub ransomware group continues to target the healthcare sector, with its latest victim being Planned Parenthood, a reproductive healthcare provider based in New York. The group added Planned Parenthood to its data leak site, claiming responsibility for stealing 93 GB of sensitive information. CEO Martha Fuller of Planned Parenthood of Montana reported the … Read more
An Iranian hacking group, known as Pioneer Kitten (also referred to as Fox Kitten, Rubidium, Parisite, and Lemon Sandstorm), has been working together with ransomware groups to exploit and extort businesses across various sectors, including defense, finance, education, and healthcare. Active since 2017, Pioneer Kitten is assumed to operate under the auspices of the Iranian … Read more
McLaren Health Care has updated the status of a recent cyberattack, confirming the use of ransomware to encrypt files in its network. The attack has disrupted the IT systems at 13 of its hospitals, including the Karmanos surgery centers, cancer centers, and clinics. Although the attack has been contained, system access is still limited, and … Read more
The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released an alert concerning the BlackSuit ransomware group, which they have identified as a rebranded version of the Royal ransomware. This group has been behind numerous attacks on healthcare companies. The FBI and CISA initially alerted about the Royal … Read more
United of Omaha Life Insurance Company located in Nebraska submitted a phishing attack report that indicated the compromise of the protected health information (PHI) of 107,894 people. The insurer discovered the breach on April 23, 2024 after identifying suspicious activity in an employee’s email account. United of Omaha noticed that a third party accessed the … Read more
The healthcare provider, Aveanna Healthcare, based in Georgia recently reported the unauthorized access of the email accounts of 11 personnel by a third party, who acquired access to 10,482 patients’ protected health information (PHI). This is Aveanna Healthcare’s second email breach report this year. On March 15, 2024, Aveanna Healthcare submitted to the HHS’ Office … Read more
The software company, MCG Health, based in Seattle, WA offered to pay $8.8 million to resolve a class action lawsuit associated with a data breach in February 2020 that affected the protected health information (PHI) of 793,283 individuals. Two years after the data breach, on March 25, 2022, MCG Health discovered that a threat actor … Read more
UnitedHealth Group (UHG) has given an update about the response costs associated with the February 2024 ransomware attack involving Change Healthcare. The overall response cost is forecasted to be $2.3 billion to $2.45 billion this 2024, over $1 billion more than the figure reported earlier. UHG already paid more or less $2 billion handling the … Read more
DaVita has discovered that tracking tools used on its web pages and mobile app might have transmitted user information to third-party providers. On July 2, 2024, kidney dialysis service provider DaVita Inc. based in Denver, CO informed 67,443 patients concerning a pixel-related data breach. With the 2,800+ outpatient dialysis centers in the U.S., DaVita serves … Read more