Historical breach coverage Patient Protect has published — 1,598 articles indexed and discoverable. Ongoing editorial coverage now lives at hipaapulse.com; this archive preserves the historical record. Each article page may eventually 301-redirect to its HIPAA Pulse counterpart as that publication’s coverage matures.
Earlier
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]
Jaimie Ding reports: Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kits that provided customers information on their ancestry and genetic predispositions for certain health conditions. The lawsuit calls for various civil penalties against 23andMe... Source
Threat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach at Radiology Associates of Richmond appeared first on SecurityWeek.
On July 1, 2025, Radiology Associates of Richmond ("RAR") reported a breach to HHS that had occurred in April 2024 and affected more than 1.4 million patients. By the end of July 2025, the well-known radiology practice had experienced a second breach. The second breach, recently reported to the Maine Attorney General's Office on May... Source
Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
Ben Smith reports: Lawmakers are only now learning that hackers breached a congressional medical contractor more than two months ago. RXNT, a healthcare software company used by the Office of the Attending Physician (OAP) to manage prescription services for Congress, was breached on March 1 and March 3. Hackers obtained copies of patient data stored within the platform. The... Source
Scott McClallen reports: A federal jury in the Eastern District of Michigan convicted a Michigan nurse and home health care agency owner yesterday for operating a $1.6 million scheme to defraud Medicare. Court documents say that Ruby Scott, 55, of Farmington Hills, Michigan, owned and operated Delta Home Health Care LLC. From 2018 through 2021,... Source
The telehealth platform was hacked in January, and users’ personal information was exfiltrated from its systems. The post 716,000 Impacted by OpenLoop Health Data Breach appeared first on SecurityWeek.
From the way-too-slow-learning-curve dept. Steve Alder reports: Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM servers, according to a recent Trend Micro TrendAI analysis. TrendAI identified thousands of internet-facing DICOM servers belonging to hundreds of entities. The lack of security protections puts patient... Source
The Cybersecurity and Infrastructure Security Agency has released new guidance designed to help critical infrastructure sites, including healthcare, operate through a crisis or conflict.The guidance is offered as part of CISA's new CI Fortify initiative to sustain critical infrastructure services during nation-state cyberattacks.
There's an update to the ChipSoft ransomware attack. DigitalShield reports that although ChipSoft hasn't revealed whether it paid Embargo ransom, it did disclose that some negotiations had occurred. One of the most striking elements of the case is the company's claim about the deletion of the stolen data. According to the company, the destruction has been... Source
Sarah Motter reports: Missouri regulators say a major national vendor is stonewalling their investigation into a cybersecurity breach that could affect millions of consumers. The Missouri Department of Commerce and Insurance now says it is escalating its response to the cybersecurity breach at Conduent Business Services. Conduent is a national vendor that handles sensitive insurance... Source
The U.S. Department of Justice announced plans this past week to take aggressive action through coordinated investigation and adjudication of fraudulent schemes, including those perpetrated by digital health companies.The National Fraud Enforcement Division's healthcare fraud section is uniting with the U.S. Attorney Offices for the District of Arizona, District of Nevada and Northern District of California to create the new West Coast Health Care Fraud Strike Force.
Dan Diamond and Clara Ence Morse report: The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found. The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept... Source
Looking for what to do about each story? See HIPAA Response →
Looking for the editorial publication? hipaapulse.com →
