HIPAA – DataBreaches.Net

HHS Office for Civil Rights Settles Phishing Attack Breach with Health Care Network for $600,000

Posted on April 24, 2025April 23, 2025 by Dissent

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with PIH Health, Inc. (PIH), a California health care network, over potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The violations stem from a phishing attack that exposed unsecured electronic protected health…

HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation with Guam Memorial Hospital Authority

Posted on April 17, 2025 by Dissent

While DataBreaches was aware of the 2023 incident referenced below, this site was not aware of any 2019 ransomware attack. The following is a press release issued by HHS OCR today: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Guam Memorial Hospital Authority (GMHA),…

No need to hack when it’s leaking: SavantCare edition

Posted on April 11, 2025April 11, 2025 by Dissent

Today’s concerning leak is brought to you by SavantCare. The leak was discovered by an independent researcher who first reported it on his blog yesterday. In his report, @JayeLTee states that he found exposed data that included data from SavantCare employee chats. “Over two-thirds of the 308 users on the chat were for SavantCare, a…

16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected

Posted on April 4, 2025 by Dissent

In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…

HHS’ Office for Civil Rights Settles HIPAA Security Rule Investigation with Health Fitness Corporation; $227k monetary penalty plus corrective action plan

Posted on March 21, 2025 by Dissent

From HHS’s press release today: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Health Fitness Corporation (Health Fitness), located in Illinois, that provides wellness plans to clients across the country, resolving a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…

Security Researcher Comments on HIPAA Security Rule

Posted on March 20, 2025 by Dissent

As long-time readers know, DataBreaches has occasionally run into difficulties when trying to helpfully notify entities of their data leaks or breaches. In other cases, independent researchers have also reported frustration with trying to get entities to respond to responsible disclosures. More often than not, initial attempts at disclosure are ignored or go to spam…