Tag: HIPAA
-
275M patient records breached”, How to meet HIPAA password manager requirements
Healthcare led all industries in 2024 breaches”, over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/275m-patient-records-breached-how-to-meet-hipaa-password-manager-requirements/
-
10 Best HIPAA Compliance Software Solutions Providers in 2025
In the rapidly evolving healthcare landscape of 2025, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more critical than ever. The increasing reliance on digital health records, telehealth, and other technological advancements has created a complex environment where data security and patient privacy are paramount. To address these challenges, a new…
-
Why Legal Woes Continue to Mount Over Health Data Trackers
The use on online tracking tools on the health-related websites and apps of HIPAA and non-HIPAA regulated entities continues to be a lightning rod due to a long list of ongoing data privacy, regulatory and legal concerns, said partner and attorney Elizabeth Hodge of the law firm Akerman. First seen on govinfosecurity.com Jump to article:…
-
Despite changes, crisis pregnancy centers still attract scrutiny over HIPAA promises
Some crisis pregnancy centers (CPCs) still tell visitors that their data is protected under the HIPAA privacy law, despite guidance to the contrary from the government and CPCs’ own umbrella organizations. Data privacy and abortion-rights groups want states to do more to end those claims. First seen on therecord.media Jump to article: therecord.media/crisis-pregnancy-centers-hipaa-data-privacy
-
Feds Fine Surgery Practice $250K in Ransomware Breach
2021 Pysa Hack Compromised PHI of Nearly 25,000 Patients. A HIPAA breach investigation into a 2021 attack involving a variant of Pysa ransomware resulted in a $250,000 fine for an upstate New York specialty surgery practice, which also agreed to a corrective action plan that will be monitored by federal regulators for the next two…
-
Why Agentic AI in Healthcare Demands Deeper Data Oversight
As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/agentic-ai-in-healthcare-demands-deeper-data-oversight-i-5485
-
Hacks Lead Health Data Breach Trends So Far in 2025
345 Major HIPAA Breaches Reported to Feds So Far This Year, Affecting 29.9 Million. Midway through 2025, the federal website listing major health data breaches in the U.S. shows a familiar scene: Many hacking incidents including ransomware, dozens of third-party vendor incidents, and millions of individuals affected by compromised personal data. First seen on govinfosecurity.com…
-
Why the HIPAA Security Rule Proposal Draws Expert Concerns
While many of the proposed updates to the HIPAA security rule are reasonable expectations, others will be extremely onerous to implement if federal regulators finalize the rule’s overhaul as it’s written today, said Samantha Jacques of McLaren Health and Stephen Goudreault of security firm Gigamon. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/the-hipaa-security-rule-proposal-draws-expert-concerns-i-5482
-
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
-
Court Ditches HIPAA Reproductive Health Info Privacy Rule
Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions. A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court’s ruling could potentially make it easier for state investigators to obtain information about abortions…
-
Tonic.ai Achieves HIPAA Compliance Certification, Ensuring Enhanced Security for Protected Health Information
We are proud to announce that we have successfully completed our HIPAA certification, marking a significant milestone in our commitment to data security and privacy. This achievement underscores our dedication to providing secure data environments for our clients, particularly those in the healthcare industry handling protected health information (PHI). First seen on securityboulevard.com Jump to…
-
Judge overturns Biden-era HHS rule on HIPAA protections for those seeking reproductive care
A federal judge ruled against a Biden administration privacy rule intended to address worries that patients visiting abortion clinics could have their records seized by law enforcement even if their procedure was legal in the state where it took place. First seen on therecord.media Jump to article: therecord.media/judge-overtuns-biden-era-hhs-rule-hipaa-reproductive-care
-
How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance
The U.S. Department of Health and Human Services (HHS) is rolling out new HIPAA regulations in 2025. It’s designed to strengthen patient privacy and security in the face of these changes. These HIPAA updates are a response to the rise of telemedicine, the growing use of electronic health records (EHR), and an alarming increase in……
-
5 SaaS Blind Spots that Undermine HIPAA Security Safeguards
Hidden SaaS risks can quietly undermine HIPAA security safeguards. Discover how SaaS visibility and control help protect ePHI and ensure HIPAA compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/5-saas-blind-spots-that-undermine-hipaa-security-safeguards/
-
Sleep Center Worker Installed Secret Camera in Bathrooms
Ex-Employee Faces Criminal Charges; Hospital Reports Incident as Big HIPAA Breach. A former worker of a New York hospital’s sleep disorders center has been indicted on criminal charges alleging he hid cameras in the facility’s bathrooms to record videos of staff and patients. The hospital reported the incident to federal regulators as a HIPAA breach…
-
HHS Names New Director for HIPAA Enforcement Agency
Paula Stannard Has Deep HHS Regulatory and Legal Roots. The U.S. Department of Health and Human Services has named Paula Stannard to lead its HIPAA enforcement agency – the Office for Civil Rights. Stannard was a legal counsel at HHS under two previous Republican presidential administrations. She also has state and private sector legal experience.…
-
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerabilityIn healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
-
What You Don’t Know About SaaS Can Violate HIPAA Compliance
Explore how SaaS identity risks impact HIPAA compliance and what the 2025 updates mean for MFA, app inventory, and third-party software controls. Read now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/what-you-dont-know-about-saas-can-violate-hipaa-compliance/
-
What’s Inside HHS’ Budget Proposals for FY 2026?
Documents Provide Some Details for Cyber, HIPAA, Other Units. The Trump administration’s fiscal 2026 budget-in-brief for the U.S. Department of Health and Services cuts deeply into some agencies including the National Institutes of Health, but calls for continued Security and HIPAA regulatory enforcement actions under a consolidated watchdog organization. First seen on govinfosecurity.com Jump to…
-
Florida Health System Pays $800K for Insider Record Snooping
Case Stems From ‘Malicious Insider’ Accessing One Patient’s Medical Information. A Florida health system paid $800,000 and will implement a corrective action plan to settle a federal HIPAA investigation into a malicious insider incident involving a patient’s medical records in 2018. BayCare Health System did not admit wrongdoing. First seen on govinfosecurity.com Jump to article:…
-
AI in Healthcare: Top Privacy, Cyber, Regulatory Concerns
Emerging artificial intelligence and machine learning technologies being applied in the health and wellness space that are not necessarily covered by HIPAA but instead fall under a variety of tough new state privacy laws that are being enacted, said attorney Lily Li of Metaverse Law. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/ai-in-healthcare-top-privacy-cyber-regulatory-concerns-i-5477
-
City of Long Beach Says at Least 260,000 Affected by Hack
HIPAA Protected Health Information Among Data Stolen in Nov. 2023 Attack. The City of Long Beach, Calif. is notifying nearly 260,000 individuals that their protected health information was potentially stolen in a November 2023 hack that also disrupted IT systems for several weeks. The city has added $1 million to its cybersecurity budget since the…
-
Guam Hospital Pays Feds $25K to Settle HIPAA Investigation
Case Resolves HHS OCR Scrutiny of Two Security Incidents. A Guam public hospital has agreed to pay federal regulators $25,000 and implement a corrective action plan to settle potential HIPAA violations – including a failure to conduct a comprehensive risk analysis – identified during an investigation into two security incidents. First seen on govinfosecurity.com Jump…
-
Industry Asks for Clarity on Proposed HIPAA Cybersecurity Rules
Healthcare and IT security practitioners worry that some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/industry-asks-clarity-proposed-hipaa-rules
-
HSCC Urges White House to Shift Gears on Health Cyber Regs
The Health Sector Coordinating Council is urging the Trump administration to drop work on a proposed HIPAA security rule update and instead engage in a collaborative dialogue with healthcare sector leaders to create alternative cyber requirements, said Greg Garcia, executive director of HSCC. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/hscc-urges-white-house-to-shift-gears-on-health-cyber-regs-i-5472
-
RFK Jr. Cuts at HHS Affect HIPAA, Cyber Response Units
HHS Laying Off 10,000 More People, Consolidating Divisions, Shifting Priorities. The U.S. Department of Health and Human Services announced a major restructuring and workforce reductions on Thursday. The changes disclosed so far include reshuffling units of HHS involved in healthcare sector cybersecurity response activities and HIPAA regulatory work. First seen on govinfosecurity.com Jump to article:…
-
Fitness Firm Pays Feds $228K in Misconfiguration Breach
Settlement Is 5th HIPAA Enforcement Action Under HHS’s OCR Risk Analysis Initiative. An Illinois-based firm that provides fitness and wellness plans to clients throughout the U.S. has agreed to pay federal regulators a settlement of nearly $228,000 and implement a corrective action plan following an IT misconfiguration incident caused several breaches in late 2018 and…
-
HHS OCR Launches New Round of HIPAA Compliance Audits
Audits Focus on HIPAA Security Rule Provisions Related to Ransomware, Hacking. Federal regulators have quietly resumed compliance audits of HIPAA-regulated organizations. With the surge in ransomware and other hacks reported in recent years, the focus of the audits are on provisions of the HIPAA security rule most relevant to these attacks, said a government official.…