HIPAA Pulse
HIPAA Breach News & Alerts
Track the latest HIPAA breaches affecting healthcare providers. Real-time breach alerts, incident analysis, and lessons for independent practices.
This Week
Hims Breach Exposes the Most Sensitive Kinds of PHI
Threat actors breached the telehealth brand, and now they may know who's bald, overweight, and impotent. What could they do with that information?
Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe
Jones Day wasn't the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group ("SRG").* In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP ("Orrick"). In... Source
Hong Kong police arrest suspect over 56,000 patient data leak
Hong Kong police have arrested a suspect over the unauthorised access and leak of personal data of more than 56,000 patients from the Hospital Authority.In a statement on 4 April, the HA said its monitoring systems detected the breach at around 2 a.m. on 3 April, involving patient records from the Kowloon East Cluster that were later found posted on a third-party platform.The leaked data included patients' names, gender, Hong Kong identity card numbers, hospital file numbers, and details of surg
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data
Isaac Yee reports: A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed... Source
Capita under investigation after workers hit by pensions data breach
Rob White reports: A major pensions administrator is under investigation after admitting its second data breach in three years, the Government has confirmed. Capita, which runs the Civil Service Pension Scheme, confirmed that up to 138 retirees received the wrong annual statement or had theirs accessed by other scheme members during a data breach in... Source
86% of businesses refused to pay cyber ransoms in 2025 — Coalition Insurance
Two firms recently told DataBreaches that about 30% or more of their clients pay ransom after a cyberattack. But you may get a different impression from other findings. The Actuary reports: Initial ransom demands by cyber attackers surged by 47% last year but record numbers of businesses declined to pay up, according to a specialist... Source
Lotte Card given notice of $3M penalty, business suspension over massive data breach
Yonhap News reports: Lotte Card has been notified by the financial watchdog that it is liable for around 5 billion won ($3.38 million) in financial penalties and a business suspension of over four months over a massive data leak, informed sources said Thursday. The Financial Supervisory Service recently sent the notice to the credit card... Source
Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records
I posted the following article this morning over on PogoWasRight.org, but I have had so many people sending me links to stories about this news that I guess I should have posted it here, too, as a future data breach. by Amanda Seitz and Maia Rosenfeld April 8, 2026 The Trump administration is quietly seeking... Source
Iowa AG files lawsuit against Change Healthcare over 2024 data breach
Naomi Diaz reports: Iowa Attorney General Brenna Bird has filed a lawsuit against Change Healthcare, alleging the company violated state consumer protection and data security laws in connection with a 2024 data breach that affected nearly 2.2 million Iowa residents. Filed March 31, the lawsuit claims the breach exposed sensitive personal and medical information and caused widespread... Source
HK: Man arrested over stolen patient personal data
RTHK reports: Police said they have arrested a man working for a contractor commissioned by the Hospital Authority for allegedly stealing the personal data of tens of thousands of patients. The data breach resulted in details of more than 56,000 patients from the Kowloon East cluster being taken without authorisation and leaked on a third-party... Source
Jones Day confirms limited breach after phishing attack by Silent Ransom Group
One of the top-ranked law firms in the country confirmed today that it has suffered a data breach. Jones Day disclosed the breach after hackers known as Silent Ransom Group (SRG) posted the data to their dark web leak site on March 30. A spokesperson for the firm said that limited files for 10 clients... Source
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
On January 12, Valley Family Health Care (VFHC) notified HHS after learning that the TriZetto Provider Solutions (TPS) breach had affected 4,300 of their patients. The TPS breach, which began in November 2024, involved their patients' names, addresses, dates of birth, Social Security numbers, health insurance member numbers (including Medicare beneficiary identifiers), health insurer names,... Source
12 of 66 articles
Want to take action? Track breaches in real time→
Get HIPAA Pulse delivered.
Curated breach alerts and compliance intelligence — before the workday starts.
No spam. Unsubscribe anytime.