HIPAA Pulse
HIPAA Enforcement Actions & OCR Settlements
Follow OCR enforcement actions, HIPAA settlements, and compliance penalties. Updated daily for independent healthcare providers.
This Week
OCR Releases Risk Management Video
From HHS OCR: This video presentation is intended to raise awareness and provide practical education to HIPAA covered entities and business associates of the HIPAA Security Rule’s Risk Management requirement. Like risk analysis, effective risk management is an essential component of both HIPAA Security Rule compliance and broader cybersecurity preparedness. Risk management is a critical step not only for... Source
Act-of-War Clauses Cloud Cyber Insurance Coverage
Angus Loten reports: From Europe to the Middle East, geopolitical conflicts have companies rereading the fine print on insurance policies that deny coverage for wartime cyberattacks. Act-of-war exclusions—a common provision in homeowners, life and travel insurance—are largely untested in the cyber market, where the line between cybercrime and nation-state warfare is unclear. That can leave... Source
Maine House advances McCabe bill to strengthen cybersecurity at Maine hospitals
A press release on April 6, 2026 from Maine House Democrats: On Thursday, the Maine House voted unanimously to advance a bill from Rep. Julie McCabe, D-Lewiston, that would help prevent cybersecurity attacks on Maine hospitals and ensure continuity of patient care when future cyberattacks occur. As amended, LD 2103 would require Maine hospitals to adopt a... Source
Earlier
How often do threat actors default on promises to delete data?
We have probably all read recommendations that cyberattack victims should not pay ransom demands because it encourages more crime, and because criminals can't be trusted to delete data they promise to delete. But what evidence have we seen supporting a claim that criminals default on data deletion? Law enforcement made a point of reporting that... Source
First FHIR standard for diagnostic requesting in Australia
HL7 Australia has released the country's first national FHIR standard for structured electronic ordering of pathology and radiology tests in community-based care.According to a media release, AU eRequesting Release 1.0 is the first FHIR standard in Australia to define a complete digital health service. WHY IT MATTERS
LeakBase's "Chucky" detained in Russia
TASS reports: Police have detained a Taganrog resident suspected of administering LeakBase, one of the largest hacker platforms. Law enforcement officials told TASS. The detained Taganrog resident is suspected of administering "one of the largest international hacker platforms, LeakBase," the agency's source said. According to him, the liquidated platform operated a credit system and user... Source
Former VA EHR modernization director charged with accepting contractor cash, gifts
The U.S. Department of Justice has indicted John H. Windom, former executive director of the Department of Veterans Affairs Office of Electronic Health Record Modernization, on three counts of concealing facts, making false statements and falsifying documents in his failure to report vendor gifts, the law enforcement agency said.The DOJ said Windom was receiving "and sometimes demanding, extravagant gifts from a group of contractors and subcontractors" who worked on the $16 billion Cerner EHR co
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.
Florida senator sues Booz Allen over his leaked tax returns
Gary Fineout reports: Sen. Rick Scott is suing a major government contractor for damages after his tax returns were leaked along with other prominent and wealthy figures, including President Donald Trump. The Florida Republican on Monday filed a lawsuit against Booz Allen Hamilton, a management and technology consulting company, and a former employee of the contractor who... Source
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
Emma Woollacott reports: While much emphasis has been placed on the rise of youth cyber crime over the last two years, new research shows hacker activity peaks much later. Orange Cyberdefense looked at the numbers and found that it's actually thirty- and forty-somethings that are the greatest threat. The company’s intelligence team analyzed 418 publicly announced law enforcement activities... Source
Police Scotland fined £66k for extracting and sharing mobile phone data
Scottish Legal News reports: The Information Commissioner’s Office (ICO) issued the fine and reprimand after finding that a series of data protection failures resulted in the excessive collection, handling and unlawful disclosure of sensitive personal information. The data protection authority says the case highlights key data protection practices that all police services and criminal justice... Source
Lotte Card fined 9.6 billion won for leaking users' social registration numbers
Korea JoongAng Daily reports: Lotte Card was fined 9.6 billion won ($6.5 million) by the Personal Information Protection Commission (PIPC) after 450,000 users' social registration numbers were leaked. The PIPC decided to impose an administrative fine of 9.62 billion won and a penalty of 4.8 million won on Lotte Card for violations of the Personal Information... Source
12 of 13 articles
Want to take action? Check your compliance readiness→
Get HIPAA Pulse delivered.
Curated breach alerts and compliance intelligence — before the workday starts.
No spam. Unsubscribe anytime.