On March 10, 2025, Vision Upright MRI notified HHS of a breach affecting 23,031 patients, but there was nothing posted on their website to explain the breach. A press release issued by HHS today provides some explanation for the incident that involved the medical images of 21,778 patients. From their release: OCR initiated a compliance…
Category: HIPAA
HHS Office for Civil Rights Settles Phishing Attack Breach with Health Care Network for $600,000
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with PIH Health, Inc. (PIH), a California health care network, over potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The violations stem from a phishing attack that exposed unsecured electronic protected health…
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation with Guam Memorial Hospital Authority
While DataBreaches was aware of the 2023 incident referenced below, this site was not aware of any 2019 ransomware attack. The following is a press release issued by HHS OCR today: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Guam Memorial Hospital Authority (GMHA),…
No need to hack when it’s leaking: SavantCare edition
Today’s concerning leak is brought to you by SavantCare. The leak was discovered by an independent researcher who first reported it on his blog yesterday. In his report, @JayeLTee states that he found exposed data that included data from SavantCare employee chats. “Over two-thirds of the 308 users on the chat were for SavantCare, a…
16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected
In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
HHS’ Office for Civil Rights Settles HIPAA Security Rule Investigation with Health Fitness Corporation; $227k monetary penalty plus corrective action plan
From HHS’s press release today: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Health Fitness Corporation (Health Fitness), located in Illinois, that provides wellness plans to clients across the country, resolving a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…