This section of The HIPAA Guide provides insights into HIPAA breaches, offering up-to-date reports on data violations within the healthcare sector. Readers can explore real-world case studies, breach penalties, and guidance on how healthcare organizations can improve data security. It also covers the consequences of non-compliance, breach notification requirements, and the latest cybersecurity threats affecting patient health information (PHI). Stay informed and learn how to prevent breaches to ensure both compliance and the protection of sensitive patient data.
The healthcare AI platform provider Xsolis has announced a major data breach in which the protected health
[...]
The medical device giant Medtronic has started issuing notification letters to individuals affected by an
[...]
A massive data breach has been experienced by Amazon-owned One Medical Seniors Health, if the claims of the
[...]
An investigation of a ransomware attack on the U.S. retailer Spencer Gifts that exposed the electronic
[...]
Users of the Flo Period & Ovulation Tracker App may claim their share of a $59.5 settlement fund as
[...]
The dental benefits administrator DentaQuest has recently disclosed a cybersecurity incident that is
[...]
Conduent Business Services, a New Jersey-based provider of back-office services to healthcare organizations,
[...]
One of the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of
[...]
The New York public health system, NYC Health + Hospitals, has started mailing notification letters to almost
[...]
The healthcare software provider RXNT has recently started notifying clients about a security incident that
[...]
The Trump administration’s plan to collect health insurance claims data for all federal employees and
[...]
Four investigations of ransomware attacks on HIPAA-regulated entities have resulted in financial penalties
[...]
CareCloud, a major healthcare technology firm, has recently confirmed that hackers have breached parts of its
[...]
An insurance regulator in Florida has suspended a third-party claims administrator for unlawfully
[...]
Another massive data breach has been reported involving unauthorized access to the sensitive data of millions
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement
[...]
QualDerm Partners, a provider of healthcare management services to almost 160 dermatology practices, has
[...]
A data breach at TriZetto Provider Solutions has affected more than 3.4 million individuals, according to a
[...]
McLaren Health Care, a Michigan-based non-profit health system, has agreed to settle a consolidated class
[...]
Massachusetts Attorney General Andrea Joy Campbell has announced a settlement has been agreed with the
[...]
Covenant Health has recently confirmed that almost half a million patients may have had some of their
[...]
The scale of a June 2025 Aflac data breach has recently been confirmed – more than 22.6 million individuals
[...]
An orthopedic medical practice in New York state – Orthopedics NY LLC – has settled alleged
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 21st
[...]
A settlement has been agreed to resolve a class action lawsuit against Kaiser Permanente’s health insurance
[...]
A network of nine affiliated physician practices has agreed to pay almost $50 million to settle class action
[...]
A nationwide medical imaging provider has recently started notifying more than 1.2 million individuals that
[...]
Hackers are responsible for the majority of healthcare data breaches; however, healthcare providers must
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 20th HIPAA
[...]
The Florida Agency for Health Care Administration (AHCA) has recently proposed a new rule (59A-35.112) that,
[...]
A Nevada dental care provider has recently announced a data breach that potentially involved unauthorized
[...]
The Lash Group and Cencora have agreed to pay $40 million to resolve claims stemming from a 2024 data breach.
[...]
A New York Department of Financial Services (DFS) investigation of a 2021 phishing attack on the dental
[...]
The HIPAA Guide previously reported that the ransomware attack on DaVita had affected more than 1 million
[...]
The New York accountancy and management consultancy firm BST & Co. CPAs, LLP, has agreed to a $175,000
[...]
This article includes a timeline of the Change Healthcare ransomware attack as information was released and
[...]
Syracuse ASC (Specialty Surgery Center of Central New York) has agreed to pay a $250,000 fine and adopt a
[...]
Two massive data breaches have recently been announced by a dermatology practice and a medical imaging
[...]
There has been a slight year-over-year decrease in healthcare data breaches and breached healthcare records.
[...]
The victim count from a Nationwide Recovery Service data breach last year has been growing, with more
[...]
The HHS’ Office for Civil Rights has announced another settlement to resolve an alleged violation of the
[...]
Episource has recently confirmed that the protected health information of more than 5.4 million individuals
[...]
An investigation of a 2022 ransomware attack at Comstar uncovered a HIPAA risk analysis failure. Comstar
[...]
In March 2024, the Nebraska healthcare revenue cycle management and billing services provider ALN Medical
[...]
BayCare Health System in Florida has settled three alleged violations of the HIPAA Rules with the HHS’
[...]
Kettering Health, a faith-based health system in Ohio, has experienced a cyberattack that has caused a
[...]
A small Californian medical imaging service provider has been discovered to be in violation of the HIPAA
[...]
A class action lawsuit has been filed against the University of Kansas Health System, Lawrence Memorial
[...]
Ascension has announced that it has been affected by a data breach at one of its former business partners.
[...]
The HHS’ Office for Civil Rights (OCR) has announced another settlement with a HIPAA-regulated entity under
[...]
Two massive healthcare data breaches have recently been reported by HIPAA-regulated entities which combined
[...]
The HHS’ Office for Civil Rights (OCR) has settled an investigation of a phishing attack that saw 35
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has resolved another
[...]
Northeast Radiology, P.C., has agreed to settle an alleged violation of the risk analysis implementation
[...]
A lab test vendor used by Planned Parenthood centers across the country has reported a massive data breach
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is continuing with its
[...]
A lawsuit has been filed by a Maryland health insurer against Change Healthcare over its February 2024
[...]
Oregon Health & Science University has been fined $200,000 by the U.S. Department of Health and Human
[...]
The HHS Office for Civil Rights (OCR) has announced its first financial penalty for HIPAA noncompliance under
[...]
The proper response to an accidental HIPAA violation depends on the nature of the violation, whether or not
[...]
The HHS Office for Civil Rights (OCR) and Northeast Surgical Group, P.C. have agreed to a settlement to
[...]
It has been a busy year of HIPAA enforcement by the HHS’ Office for Civil Rights (OCR). OCR Director
[...]
An OCR investigation of a phishing attack and subsequent mailing error by Solara Medical Supplies uncovered
[...]
The HHS’ Office for Civil Rights has announced a $337,750 settlement with the Florida business associate
[...]
A Virginia data hosting and cloud service provider that suffered a ransomware attack has agreed to settle an
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced another
[...]
Westend Dental has agreed to a consent judgment and order that resolves multiple alleged violations of
[...]
It has taken more than 7 months for Ascension Health to determine how many individuals had their data stolen
[...]
Inmediata Health Group has agreed to pay $250,000 to settle alleged violations of the HIPAA Rules. The
[...]
The failure to mitigate a known vulnerability has landed the New York healthcare provider, HealthAlliance,
[...]
Children’s Hospital Colorado has been fined $548,265 by the Department of Health and Human Services’
[...]
When members of the workforce leave employment, access to electronic protected health information (ePHI) must
[...]
A Hospital in Pennsylvania has agreed to settle an alleged violation of the HIPAA Privacy Rule with the
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) HIPAA audit program is
[...]
A Californian mental health center has been fined $100,000 for failing to provide a patient with timely
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 1st
[...]
The HHS’ Office for Civil Rights (OCR) has imposed a $70,000 civil monetary penalty on a Maryland dental
[...]
The HHS’ Office for Civil Rights (OCR) has announced its 8th financial penalty of the year to resolve
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a settlement
[...]
The U.S. Centers for Medicare and Medicaid Services (CMS) has confirmed that more than 3.1 million
[...]
A massive settlement has been agreed upon by counsels for the plaintiffs and defendants in a lawsuit against
[...]
A massive data breach has been reported by an Atlanta-based software vendor that involved the health
[...]
Alabama Cardiology Group (ACG) has notified the Department of Health and Human Services (HHS) Office for
[...]
Earlier this month, McLaren Health Care in Michigan announced it had fallen victim to a cyberattack that
[...]
Attorneys General in three U.S. states have agreed to a settlement with a biochemical company and its
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 47th
[...]
The average cost of a data breach has risen by 10% since 2023 to $4.88 million, the highest annual rise since
[...]
The National Community Pharmacists Association (NCPA) and around 40 healthcare providers are taking legal
[...]
Change Healthcare has published a substitute breach notice and has started mailing notification letters to
[...]
A Puerto Rican doctor has been convicted of wrongfully obtaining the individually identifiable health
[...]
A Pennsylvania health system has been fined $950,000 by the HHS’ Office for Civil Rights as part of a
[...]
A former employee of the Microsoft-owned HIPAA business associate, Nuance Communications, stole the protected
[...]
Federal prosecutors have charged surgeon Eithan Haim MD in a four-count indictment that alleges four
[...]
The California Attorney General has agreed to a settlement with Adventist Health that resolves alleged
[...]
Change Healthcare has confirmed the types of data compromised in its February ransomware attack and, four
[...]
Blackbaud, a South Carolina company that provides fundraising software for nonprofits has settled alleged
[...]
The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has updated its Change
[...]
The HHS’ Office for Civil Rights has published a FAQ on its website that includes guidance on the HIPAA
[...]
Sav-Rx, a pharmacy benefit management company, is notifying 2.8 million people that their personal and
[...]
WebTPA Employer Services, a Texas-based provider of administrative services to health plans, has confirmed
[...]
The Federal Trade Commission (FTC) has published a final rule that implements changes to its Health Breach
[...]
Kaiser Foundation Health Plan, Inc. has recently reported a major data breach to the HHS’ Office for Civil
[...]
This week, UnitedHealth Group (UHG), the parent company of Change Healthcare, has confirmed that a ransom was
[...]
The Federal Trade Commission (FTC) has proposed a $7.1 million penalty for the mental healthcare platform
[...]
On February 21, 2024, Change Healthcare suffered a ransomware attack that forced the company to take its
[...]
The Federal Trade Commission (FTC) has banned Monument from sharing consumer data with third-party
[...]
The HHS’ Office for Civil Rights has announced that Essex Residential Care, LLC has been ordered to pay a
[...]
Another healthcare provider has paid a financial penalty after failing to comply with the HIPAA Right of
[...]
It has been three weeks since Change Healthcare experienced a Blackcat ransomware attack that caused massive
[...]
Many sources discussing HIPAA violation consequences tend to focus on civil monetary penalties and criminal
[...]
Apria Healthcare is alleged to have failed to comply with the HIPAA Privacy, Security, and Breach
[...]
The Department of Health and Human Services recently submitted its annual reports to Congress on the state of
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced that a second
[...]
A Change Healthcare cyberattack has affected multiple systems at the Tennessee-based healthcare technology
[...]
The deadline for reporting 2023 healthcare data breaches is fast approaching. Since 2024 is a leap year, the
[...]
Integris Health, a not-for-profit health system that operates 16 hospitals and has healthcare providers in 49
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a $4.75 million
[...]
The U.S. Attorney’s Office for the Western District of Tennessee has announced that six individuals have
[...]
The Federal Trade Commission (FTC) has ordered Blackbaud to implement a raft of security measures after
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a settlement
[...]
Pharmacies have disclosed the prescription records of thousands of patients to law enforcement agencies
[...]
In May 2023, the Kentucky-based health system, Norton Healthcare, was attacked by the ALPHV/Blackcat
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has settled its
[...]
St. Joseph’s Medical Center in New York has chosen to settle allegations it violated the HIPAA Privacy Rule
[...]
Perry Johnson & Associates (PJ&A), a provider of transcription services to healthcare providers,
[...]
A $450,000 settlement has been agreed between New York Attorney General Letitia James and US Radiology
[...]
The Secretary of the Department of Health and Human Services (HHS) and the Director of the HHS’ Office for
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first-ever
[...]
Personal Touch Holding Corporation, a Long Island, NY-based home health company, has agreed to a settlement
[...]
A coalition of 33 state attorneys general has reached a settlement with the Puerto Rico-based healthcare
[...]
The Charleston, SC-based fundraising service provider, Blackbaud, has agreed to a settlement with 49 states
[...]
The Indiana Attorney General has agreed to a $250,000 settlement with Schneck Medical Center. The settlement
[...]
The California Attorney General and the district attorneys general from Alameda, San Bernardino, San
[...]
The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with the nation’s
[...]
In July 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the
[...]
Last week, HHS’ Office for Civil Rights (OCR) announced the settlement of its latest HIPAA right of access
[...]
Advocate Aurora Health has agreed to settle a consolidated class action lawsuit over its use of Meta Pixel
[...]
HCA Healthcare, one of the largest health systems in the United States, has suffered a major data breach that
[...]
The HHS’ Office for Civil Rights has agreed to settle a HIPAA case with the business associate iHealth
[...]
The HHS’ Office for Civil Rights has announced its second HIPAA enforcement action of the month. Yakima
[...]
Manasa Health Center in New Jersey has agreed to pay $30,000 to resolve alleged HIPAA violations stemming
[...]
Managed Care of North America (MCNA) Dental has reported one of the largest ever breaches of protected health
[...]
New York Attorney General, Letitia James, has agreed to settle a compliance investigation with Professional
[...]
PharMerica, one of the largest pharmacy service providers in the United States, has recently confirmed that
[...]
The Luxottica Group PIVA-owned vision benefits provider, EyeMed, has agreed to settle potential violations of
[...]
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been
[...]
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is continuing to crack down
[...]
Tracking code has been used on virtually all hospital websites, according to a new study conducted by
[...]
The HHS’ Office for Civil Rights has sent annual reports to Congress on reported data breaches and its
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced that the
[...]
The Federal Trade Commission (FTC) has announced its first enforcement action over noncompliance with the
[...]
The HHS’ Office for Civil Rights (OCR) has announced that a diagnostic laboratory in Georgia – Life
[...]
The Right of Access provision of the HIPAA Privacy Rule permits patients to obtain a copy of their medical
[...]
HIPAA does not prohibit medical practices from responding to online reviews and feedback on platforms such as
[...]
Just a few weeks after settling a class action lawsuit over a 2019 data breach that affected 166,077
[...]
Advocate Aurora Health says code snippets on its websites may have transmitted the protected health
[...]
A major cyberattack and IT outage are causing considerable disruption at one of the largest healthcare
[...]
The HIPAA Right of Access provides individuals with the right to obtain a copy of the medical records held by
[...]
The HHS’ Office for Civil Rights (OCR) has announced its 17th financial penalty of the year to resolve
[...]
Novant Health has notified more than 1.3 million patients that some of their protected health information has
[...]
An investigation conducted by the HHS’ Office for Civil Rights (OCR) of a hacking incident at Oklahoma
[...]
Cyberattacks on business associates of HIPAA-covered entities have the potential to affect many covered
[...]
An investigation into the use of the Meta Pixel tool on hospital websites has revealed one-third of the top
[...]
A data breach affecting 2 million individuals has been reported to the Department of Health and Human
[...]
Ransomware attacks are increasing at an alarming rate. Attacks increased by 13% in 2021, which is a bigger
[...]
Eye Care Leaders, a vendor of cloud-based electronic health record and practice management solutions for eye
[...]
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced that four
[...]
A major data breach has recently been reported by a dental clinic operator in Texas that has affected more
[...]
Monongalia Health System in West Virginia (Mon Health) has recently announced it fell victim to a cyberattack
[...]
Settlements have been proposed to resolve class action lawsuits filed against the healthcare clearinghouse
[...]
On December 21, 2021, the Rhode Island Public Transport Authority (RIPTA), a quasi-public agency, reported a
[...]
On January 1, 2021, Broward Health announced it was the victim of a cyberattack involving data exfiltration
[...]
The New Jersey Attorney General has been the most active enforcer of compliance with the Health Insurance
[...]
The healthcare industry in the United States continues to be targeted by ransomware gangs. Recently, the
[...]
The protected health information of almost 320,000 patients has potentially been compromised in an August
[...]
An investigation by the state of New Jersey into a cyberattack on a fertility clinic has uncovered multiple
[...]
The Marlborough, MA-based fertility-related medical laboratory ReproSource Fertility Diagnostics has started
[...]
A lawsuit has been filed on behalf of a mother of a baby who is alleged to have died as a consequence of a
[...]
Children’s Hospital & Medical Center (CHMC) has agreed to settle a HIPAA Right of Access
[...]
The 2021 IBM Security/Ponemon Institute Cost of a Data Breach Study determined the average cost of a data
[...]
Ransomware gangs have increased attacks on the healthcare industry. Data from Emsisoft show 560 healthcare
[...]
According to the 2021 IBM Security Cost of a Data Breach report, the average cost of a data breach has risen
[...]
A major data breach has occurred at Wisconsin-based Forefront Dermatology. The protected health information
[...]
California has updated its data breach reporting requirements for healthcare facilities and has also
[...]
Accessing the medical records of patients when there is no legitimate work reason for doing is a violation of
[...]
On February 8, 2021, Wolfe Eye Clinic in Iowa suffered a ransomware attack that resulted in widespread
[...]
The protected health information (PHI) of 3,253,822 current and former members of the 20/20 Hearing Care
[...]
The U.S. Department of Health and Human Services’ Office for Civil Rights has fined an endocrine disorder
[...]
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its 7th HIPAA
[...]
It is now common for the victims of healthcare data breaches to take legal action against a healthcare
[...]
Another staff member at New York’s Montefiore Medical Center has been found to have been illegally
[...]
The number of healthcare organizations known to have been affected by the Accellion cyberattack has been
[...]
The U.S. Department of Health and Human Services’ Office for Civil Rights has announced its 18th settlement
[...]
The HHS’ Office for Civil Rights has fined Arbour Hospital $65,000 for failing to provide a patient with
[...]
In 2019, the largest reported healthcare data breach was at American Medical Collection Agency (AMCA), a debt
[...]
This month, a U.S District Court judge for the Southern District of Georgia has sentenced a man for making
[...]
Sharpe Healthcare has agreed to settle a HIPAA violation case with the Department of Health and Human
[...]
One of the largest ever healthcare data breaches has recently been reported by the Florida-based health
[...]
The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA Right of Access enforcement action
[...]
The Federal Trade Commission (FTC) has announced the settlement with SkyMed International has been finalized
[...]
The 5th Circuit U.S. Court of Appeals in Louisiana has vacated the civil monetary penalties imposed on the
[...]
Excellus Health Plan has settled a HIPAA violation case with the HHS’ Office for Civil Rights and has
[...]
The U.S. Department of Health and Human Services has issued its largest ever HIPAA fine for noncompliance
[...]
In 2019, the Department of Health and Human Services’ Office for Civil Rights announced a new HIPAA
[...]
The protected health information of more than a million dental patients has potentially been obtained by
[...]
The University of Cincinnati Medical Center (UCMC) has been fined $65,000 by the HHS’ Office for Civil
[...]
A Regal Park, NY-based private otolaryngology practitioner has been issued with a $15,000 financial penalty
[...]
The HHS’ Office for Civil Rights has made good on its promise to step up enforcement of compliance with the
[...]
New Jersey Attorney General General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs have
[...]
The health plan Aetna, part of the Aetna Life Insurance Company, has agreed to pay a $1 million penalty to
[...]
In 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights launched its HIPAA Right
[...]
Tennessee Attorney General Herbert H. Slatery III has announced a $5 million settlement has been reached with
[...]
The Department of Health and Human Services’ Office for Civil Rights has imposed its 8th HIPAA penalty on a
[...]
A multi-state investigation by attorneys general in 42 states and Washington D.C. over the 78.8 million
[...]
The HHS’ Office for Civil Rights (OCR) has imposed its second largest ever HIPAA violation penalty –
[...]
The Community Health Systems business associate, CHSPSC LLC, has settled its HIPAA violation case with the
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has settled another HIPAA
[...]
In 2019, the HHS’ Office for Civil Rights launched an enforcement initiative targeting organizations that
[...]
Research recently published in a collaborative report by security researcher Jelle Ursem and DataBreaches has
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to settle a HIPAA
[...]
The protected health information of 914,000 patients has potentially been compromised in two hacking
[...]
In April 2020, the Fortune 500 firm Magellan Health experienced a ransomware attack that resulted in
[...]
A lawsuit filed against Episcopal Health Services following a phishing attack that exposed the protected
[...]
Monthly breach reports show that email is the most common location of breached protected health information.
[...]
A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures
[...]
A recent analysis of 2019 healthcare data breaches by Protenus has confirmed that 2019 was a particularly bad
[...]
A recent audit of a mail-order pharmacy and 29 other healthcare provides by the Department of Health and
[...]
West Georgia Ambulance, Inc., an ambulance company serving Carroll County in Georgia, has agreed to settle a
[...]
The Department of Health and Human Services’ Office for Civil Rights has announced another settlement has
[...]
A breach notification failure and the lack of a business associate agreement has led to a $2.175 million
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined another HIPAA-covered
[...]
Security researchers at Wizecase have discovered 9 medical databases containing millions of patient records
[...]
Jackson Health System (JHS) has paid a $2.15 million civil monetary penalty to the HHS’ Office for Civil
[...]
A dental practice has been fined $10,000 by the HHS’ Office for Civil Rights for violating Health Insurance
[...]
The HHS’ Office for Civil Rights has announced the first HIPAA settlement under its HIPAA Right of Access
[...]
A recent investigation by ProPublica, Greenbone Networks, and the German public broadcaster Bayerischer
[...]
It has been another terrible month for healthcare data breaches – The worst of the year to date in terms of
[...]
Healthcare providers are providing patients with copies of their medical records, but a majority have been
[...]
A consolidated class action lawsuit against Premera Blue Cross over its 2014 data breach of 10.6 million
[...]
Allscripts Healthcare Solutions has proposed a settlement of $145 million to resolve alleged violations of
[...]
Over the past 10 days, several more healthcare providers have announced that they have been affected by the
[...]
Premera Blue Cross has agreed to settle its HIPAA violation lawsuit and pay a $10 million penalty to resolve
[...]
The penalties for HIPAA violations are usually restricted to fines for the covered entity or business
[...]
It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of
[...]
After 42 years in business, the parent company of American Medical Collections Agency (AMCA) has sought
[...]
The number of individuals affected by the data breach at American Medical Collections Agency (AMCA) continues
[...]
Quest Diagnostics, one of the largest medical laboratory chains in the United States, has announced that
[...]
Just a few days after the HHS’ Office for Civil Rights announced a settlement had been reached with Medical
[...]
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, and the subsequent
[...]
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been
[...]