HIPAA Pulse
LiveHealthcare security intelligence.
Breach alerts, enforcement actions, and compliance intelligence — updated multiple times daily across 1,000+ sources. A live intelligence feed curated for independent healthcare practices — not a wire service reprint, a daily brief organized by what your practice needs to act on.
Hims Breach Exposes the Most Sensitive Kinds of PHI
Threat actors breached the telehealth brand, and now they may know who's bald, overweight, and impotent. What could they do with that information?
Intelligence Brief
The past week has seen a significant surge in ransomware attacks targeting healthcare providers, as evidenced by the Brockton Hospital incident and ChipSoft breach, highlighting the persistent threat to patient care and operational continuity. Concurrently, data breaches continue to expose highly sensitive protected health information (PHI), emphasizing the critical need for robust data security measures. The rapid integration of AI in healthcare presents both opportunities for efficiency and new challenges for security and governance that demand immediate ethical and compliance considerations.
Trending
- 01Ransomware attacks are increasingly disrupting healthcare operations and impacting patient care, as demonstrated by Brockton Hospital's shift to paper records and the ChipSoft ransomware event. These incidents underscore the vulnerability of healthcare infrastructure and the severe consequences of successful attacks.
- 02Breaches of sensitive PHI remain a critical concern, with examples like the Hims breach exposing highly personal patient data, which can lead to significant reputational damage and potential misuse of information. Hong Kong's arrest related to a 56,000 patient data leak further emphasizes ongoing threats.
- 03The acceleration of AI adoption in healthcare is a prominent trend, with applications ranging from autonomous coding to telemedicine, but this technological advancement introduces new security and governance challenges that organizations must proactively address. The emphasis on 'AI security starts with awareness and governance' highlights the need for careful implementation.
Action Required
- Healthcare organizations must immediately review and strengthen their ransomware defenses, including robust backup and recovery strategies, incident response plans, and employee training on identifying and preventing phishing attempts.
- Prioritize securing highly sensitive PHI by implementing advanced encryption, access controls, and regular vulnerability assessments to prevent unauthorized access and potential data misuse by malicious actors.
This Week
Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe
Jones Day wasn't the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group ("SRG").* In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP ("Orrick"). In... Source
Hong Kong police arrest suspect over 56,000 patient data leak
Hong Kong police have arrested a suspect over the unauthorised access and leak of personal data of more than 56,000 patients from the Hospital Authority.In a statement on 4 April, the HA said its monitoring systems detected the breach at around 2 a.m. on 3 April, involving patient records from the Kowloon East Cluster that were later found posted on a third-party platform.The leaked data included patients' names, gender, Hong Kong identity card numbers, hospital file numbers, and details of surg
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data
Isaac Yee reports: A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed... Source
Capita under investigation after workers hit by pensions data breach
Rob White reports: A major pensions administrator is under investigation after admitting its second data breach in three years, the Government has confirmed. Capita, which runs the Civil Service Pension Scheme, confirmed that up to 138 retirees received the wrong annual statement or had theirs accessed by other scheme members during a data breach in... Source
86% of businesses refused to pay cyber ransoms in 2025 — Coalition Insurance
Two firms recently told DataBreaches that about 30% or more of their clients pay ransom after a cyberattack. But you may get a different impression from other findings. The Actuary reports: Initial ransom demands by cyber attackers surged by 47% last year but record numbers of businesses declined to pay up, according to a specialist... Source
Lotte Card given notice of $3M penalty, business suspension over massive data breach
Yonhap News reports: Lotte Card has been notified by the financial watchdog that it is liable for around 5 billion won ($3.38 million) in financial penalties and a business suspension of over four months over a massive data leak, informed sources said Thursday. The Financial Supervisory Service recently sent the notice to the credit card... Source
Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records
I posted the following article this morning over on PogoWasRight.org, but I have had so many people sending me links to stories about this news that I guess I should have posted it here, too, as a future data breach. by Amanda Seitz and Maia Rosenfeld April 8, 2026 The Trump administration is quietly seeking... Source
OCR Releases Risk Management Video
From HHS OCR: This video presentation is intended to raise awareness and provide practical education to HIPAA covered entities and business associates of the HIPAA Security Rule’s Risk Management requirement. Like risk analysis, effective risk management is an essential component of both HIPAA Security Rule compliance and broader cybersecurity preparedness. Risk management is a critical step not only for... Source
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
Upasana Sajeev reports an update to a case previously noted on this site: The Madras High Court has dismissed an appeal filed by cybersecurity specialist Himanshu Pathak against a single judge's order dismissing his plea seeking directions to the Ministry of Electronics and Information Technology, the Ministry of Finance, the Ministry of Home Affairs, the... Source
Q&A: The Slack channels powering CMS' Interoperability Framework
11 of 316 articles
Get HIPAA Pulse delivered.
Curated breach alerts and compliance intelligence — before the workday starts.
No spam. Unsubscribe anytime.