Settlement with Northeast Surgical Group marks OCR’s 10th ransomware enforcement action and 4th enforcement action in OCR’s Risk Analysis Initiative. Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation…
Category: Health Data
HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000
In 2019, DataBreaches reported that Solara Medical Supplies in California was notifying more than 110,000 patients after an attacker gained access to some employees’ email accounts via phishing. Solara was subsequently sued and settled claims for $9.76 million. Now today, HHS OCR announced a settlement with Solara: Today the U.S. Department of Health and Human…
RIBridges has many lines of defense. How was the system breached?
This article by Alexander Castro originally appeared in Rhode Island Current on January 10, 2025 and is republished here under Creative Commons License. It was updated to replace several paragraphs in the “Slow Leak” section to include a response Deloitte sent the author post-publication. Rhode Island’s online public benefits system appears to be a fortress…
Nine months after discovering a ransomware attack, Teton Orthopaedics notifies patients
On March 25, DataBreaches entered Teton Orthopaedics’ name on a monthly worksheet this site uses for tracking breaches in the healthcare sector. The entry wasn’t based on any report by Teton Orthopaedics or media, and DataBreaches had been unable to find any notice by the provider. The entry was based on a claim by the…
HHS Office for Civil Rights Settles 9th Ransomware Investigation with Virtual Private Network Solutions
HHS OCR announced another settlement that is their ninth ransomware investigation and their third settlement as part of their Risk Analysis Initiative. This one stems from a breach by VPN Solutions that was previously reported on this site: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a…
HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information
Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…