The HIPAA Journal

MARCH 19, 2025

Atlas Healthcare CT Atlas Healthcare CT, the operator of several skilled nursing and rehabilitation centers in Connecticut, was targeted by hackers who gained access to its network and acquired certain stored files on January 20, 2023. Neither entity has previously reported a data breach to OCR.

HIPAA 82

HIPAA Scheduling Hospital Billing 82

Sensible Medicine

MARCH 25, 2025

For example, the Feinstein Institute for Medical Research settled HIPAA violations for $3.9 Sharing data that includes sensitive patient health information, exposes researchers and institutions to significant legal and financial risks. million after being accused of mishandling a laptop containing protected health information.

Collaboration 235

Collaboration Follow-Up HIPAA Medication 235

The HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. On January 22, 2023, the breach portal listed 857 data breaches as still; under investigation.

Business Associate 110

Business Associate HIPAA Unit Organization and Environment Hospital 110

The HIPAA Journal

MAY 2, 2024

By far the most common cause of security incidents in 2023 was network intrusions, which accounted for 51% of security incidents the law firm helped to manage, followed by business email compromise incidents (26%), and inadvertent disclosures (26%). 27% of attacked companies paid a ransom in 2023, compared to 40% in 2022.

HIPAA 115

HIPAA Follow-Up Certification Business Associate 115

The HIPAA Journal

MARCH 24, 2025

In 2023, the company was hit with a damaging data breach. The post Genetic Testing Company 23andMe Files for Bankruptcy appeared first on The HIPAA Journal. In February 2021, the company had its highest end-of-day stock price of $353.0; however, the share value has been tumbling since, reaching a low of $1.27 in early March 2025.In

Tests 80

Tests HIPAA Insurance 80

The HIPAA Journal

MARCH 28, 2025

In 2023, 75% of third-party breaches involved technology products; however, in 2024, threat actors diversified, with only 46.75% of breaches involving technology products. of third-party breaches, similar to 2023. of third-party breaches, similar to 2023. According to a recent report from SecurityScorecard, at least 35.5%

Transfers 53

Transfers Follow-Up HIPAA 53

The HIPAA Journal

APRIL 1, 2025

On October 9, 2023, Azura Vascular Care identified suspicious network activity, with the forensic investigation confirming that hackers had access to its network between September 27, 2023, and October 9, 2023, during which time they potentially stole the protected health information of patients.

HIPAA 53

HIPAA Documentation Billing Scheduling 53

The HIPAA Journal

APRIL 23, 2024

March was a particularly bad month for healthcare data breaches with 93 branches of 500 or more records reported to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a 50% increase from February and a 41% year-over-year increase from March 2023.

Business Associate 125

Business Associate HIPAA Hospital Billing 125

The HIPAA Journal

APRIL 25, 2024

City of Hope National Medical Center identified suspicious activity within its network on October 13, 2023, and the forensic investigation confirmed there had been unauthorized access by a third party between September 19, 2023, and October 12, 2023.

Medication 119

Medication HIPAA Medical History Best Practices 119

The HIPAA Journal

APRIL 22, 2024

University of Wisconsin Hospitals and Clinics Authority Email Account Breach The University of Wisconsin Hospitals and Clinics Authority (UW Health) recently provided an update on a security incident that was detected in late 2023. 20, 2023, and Dec. 20, 2023, and Dec.

Medication 116

Medication HIPAA Hospital Billing 116

The HIPAA Journal

JULY 4, 2024

SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the Wisconsin Department of Health Services has announced a breach of the personal information of 19,150 Medicaid recipients. SkinCure Oncology believes files in those email accounts were viewed and potentially obtained in the attack.

Medical History 118

Medical History HIPAA Insurance Medication 118

The HIPAA Journal

MARCH 19, 2025

An investigation was launched which revealed an unauthorized third party had access to the email account for 2 months since November 6, 2023, and other email accounts may also have been accessed. The post Email Account Breaches Reported by Access TeleCare & Madison County, MS appeared first on The HIPAA Journal.

HIPAA 70

HIPAA Documentation Insurance Medication 70

The HIPAA Journal

APRIL 24, 2024

The latest report is based on data from Mandiant Consulting investigations of targeted attack activity conducted between January 1, 2023, and December 31, 2023. In 2023, Mandiant identified 97 unique zero-day vulnerabilities being exploited in the wild, up 56% from 2022.

HIPAA 112

HIPAA Hospital 112

The HIPAA Journal

MAY 6, 2024

Continuum identified unauthorized activity within its network on October 19, 2023, and after taking steps to secure its systems, third-party cybersecurity specialists were engaged to identify the suspicious activity.

Medication 119

Medication HIPAA Tests Follow-Up 119

The HIPAA Journal

MAY 2, 2024

According to Recorded Future, there were 358 ransomware attacks on healthcare organizations in 2023, a year-on-year increase of 46%. Across all industry sectors, 94% of IT security leaders said they had experienced a significant cyberattack in 2023, and an average of 30 attacks in the past year.

HIPAA 111

HIPAA 111

Health Prime

JANUARY 22, 2025

Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This is the first HIPAA Security rule update since 2013. From 2018-2023, reports of significant breaches increased by 102%.

HIPAA 52

HIPAA Business Associate Best Practices Insurance 52

The HIPAA Journal

APRIL 25, 2024

OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.” On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account.

HIPAA 110

HIPAA Insurance 110

The HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal. During that time, files on the network were viewed or copied.

Triage 121

Triage HIPAA Documentation Billing 121

The HIPAA Journal

APRIL 29, 2024

On September 14, 2023, RMN notified HAPG that it had identified suspicious activity on its network, including in the systems it manages for HAPG. Million Record MSP Data Breach appeared first on HIPAA Journal. The post Health Data Analytics Firm Reports 1.1-Million

HIPAA 115

HIPAA Insurance Medication 115

The HIPAA Journal

APRIL 29, 2024

The Health Breach Notification Rule applies to vendors of personal health records (PHRs) and related entities that are not covered by HIPAA and requires them to notify individuals in the event of a breach of unsecured personally identifiable health data, and in some cases, also notify the media.

HIPAA 112

HIPAA Insurance Communication 112

The HIPAA Journal

JULY 5, 2024

An investigation was launched in November 2023, when unauthorized access was suspected. The post Insider Breaches Reported by Providence Mission Heritage Endocrinology & Samaritan Health Services appeared first on The HIPAA Journal.

HIPAA 118

HIPAA Patient Records Insurance Hospital 118

Healthcare Law Insights blog

JANUARY 15, 2025

This marks the first update to the HIPAA Security Rule since 2013. From 2018-2023, OCR observed a 102% increase in breaches affecting 500 or more individuals, with 167 million affected in 2023 alone. These changes aim to address the steadily increasing risk of cyberattacks on critical healthcare infrastructure. population. [1]

HIPAA 52

HIPAA Business Associate Follow-Up Documentation 52

The HIPAA Journal

APRIL 26, 2024

The breach was detected on June 20, 2023, and it was determined that patient data may have been accessed or acquired by the unauthorized third party, although no specific evidence of data access or data theft was identified. County Department of Health Services Email Accounts appeared first on HIPAA Journal.

Business Associate 118

Business Associate HIPAA Tests Medication 118

Health Populi

APRIL 17, 2023

The bill expands privacy protections for Washington State’s health citizens beyond HIPAA’s provisions. The ethos of the name and the intent of this law is a perfect vision for considering what we hear and learn this week coming out of the 2023 HIMSS Annual Conference as the meeting kicks off today. First, the law.

HIPAA 62

HIPAA Billing Hospital Medication 62

The HIPAA Journal

JULY 5, 2024

An investigation was launched which determined that between November 2, 2023, and March 29, 2024, the vendor accessed and downloaded information from a Kairos database. The post Protected Health Information Stolen in HealthEquity SharePoint Breach appeared first on The HIPAA Journal.

HIPAA 120

HIPAA Insurance Medication 120

The HIPAA Journal

MAY 1, 2024

While ransomware groups were a major threat in 2023 and were behind some of 2023’s largest data breaches, there was a slight decline in attacks year-over-year. Verizon points out that privilege misuse by malicious insiders was not even a top three breach cause in 2022 but rose to 2 nd place in 2023.

Follow-Up 106

Follow-Up Transfers HIPAA Medication 106

The HIPAA Journal

OCTOBER 29, 2024

billion in MA risk-adjusted payments were made for 2023 and that 80% of those payments were made to just 20 MA companies. In fiscal year 2023, the CMS identified $12.7 The post HHS-OIG Identifies Potential Misuse of HRAs and Chart Reviews by MA Companies appeared first on The HIPAA Journal. HHS-OIG estimates that around $7.5

Follow-Up 108

Follow-Up Tests HIPAA Documentation 108

The HIPAA Journal

MARCH 18, 2025

A settlement has been agreed to resolve multiple Infosys McCamish Systems class action lawsuits that were filed in response to a 2023 ransomware attack and data breach that involved unauthorized access to the personal data of more than 6 million individuals.Infosys is Indias second-largest IT services provider, and Infosys McCamish Systems is a U.S.

HIPAA 82

HIPAA Follow-Up Insurance Medication 82

The HIPAA Journal

JULY 3, 2024

They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected. The post Texas Retina Associates Cyberattack Affects 312,000 Patients appeared first on The HIPAA Journal.

HIPAA 125

HIPAA Hospital Insurance Medication 125

The HIPAA Journal

OCTOBER 30, 2024

An investigation was launched by the Office of the New York Attorney General (OAG) following an intrusion of Albany ENT & Allergy Services’ network by two different threat actors between March 23, 2023, and April 4, 2023. The first intrusion involved ransomware and was discovered on March 27, 2023, when files were encrypted.

HIPAA 99

HIPAA Tests Medication 99

The HIPAA Journal

NOVEMBER 7, 2024

Ransomware attacks were amongst the most expensive cyberattacks, with average losses of $353,000 per incident, up from average losses of $239,000 in H2, 2023 but down from an average loss of $402,000 in H1, 2023. Other incidents accounted for 23% of claims, down 10% from H2, 2023.

Follow-Up 96

Follow-Up Insurance Transfers HIPAA 96

The HIPAA Journal

JULY 5, 2024

Suspicious activity was detected in an employee’s email account on November 3, 2023, and after securing the account, a forensic investigation was launched to determine the nature and scope of the activity. The post Email Breach Affects 22,000 Ambulatory Surgery Center of Westchester Patients appeared first on The HIPAA Journal.

Business Associate 74

Business Associate HIPAA Insurance Patient Records 74

The HIPAA Journal

MARCH 7, 2025

A further hacking incident was experienced in 2021 and was disclosed by Apria Healthcare in May 2023. Several lawsuits were filed in the Southern District of Indiana in response to the data breach, and in October 2023, the lawsuits were consolidated into a single action in the U.S. The post Apria Healthcare Agrees to $6.4M

HIPAA 75

HIPAA Documentation Insurance Medication 75

CollaborateMD

FEBRUARY 20, 2025

billion in 2023, is forecasted to grow to 5.06 For example, CollaborateMD , a cloud-based, HIPAA-compliant practice management software solution that can be integrated with electronic health records (EHRs) and other healthcare systems, allows for seamless data sharing, a key aspect of effective supply chain management.

Patient Care 92

Patient Care Supply Management Medication Patient Safety 92

The HIPAA Journal

NOVEMBER 6, 2024

Valleygate Dental Surgery Centers Valleygate Dental Surgery Centers of Charlotte, Fayetteville, and the West in North Carolina, have provided an update on a cyberattack that was detected on November 17, 2023. The intrusion was detected on March 9, 2023, when ransomware was used to encrypt files.

Insurance 82

Insurance HIPAA Medication Certification 82

Healthcare Law Insights blog

DECEMBER 27, 2023

On December 12, 2023, members of Congress sent a letter to Health & Human Services Secretary Xavier Becerra announcing the results of a Congressional inquiry into the practice of pharmacies handing over patient information without legal process. Isn’t that entrapment? But what about when the patient has not authorized release?

HIPAA 64

HIPAA Documentation Best Practices Follow-Up 64

Health Populi

FEBRUARY 27, 2024

The aspirational document sets out the mission that “every individual deserves the right to obtain health care that is comprehensive, equitable and compassionate.”

Billing 141

Billing Insurance Hospital HIPAA 141