Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack

In December, DataBreaches reported that the Indiana Attorney General’s Office had brought charges against Westend Dental for a number of HIPAA violations.  The state had started investigating the dental practice after a patient complained about t… Continue reading Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack

HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000

Settlement with Northeast Surgical Group marks OCR’s 10th ransomware enforcement action and 4th enforcement action in OCR’s Risk Analysis Initiative. Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced … Continue reading HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000

HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000

In 2019, DataBreaches reported that Solara Medical Supplies in California was notifying more than 110,000 patients after an attacker gained access to some employees’ email accounts via phishing. Solara was subsequently sued and settled claims for… Continue reading HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000

Nine months after discovering a ransomware attack, Teton Orthopaedics notifies patients

On March 25, DataBreaches entered Teton Orthopaedics’ name on a monthly worksheet this site uses for tracking breaches in the healthcare sector. The entry wasn’t based on any report by Teton Orthopaedics or media, and DataBreaches had been … Continue reading Nine months after discovering a ransomware attack, Teton Orthopaedics notifies patients

HHS Office for Civil Rights Settles 9th Ransomware Investigation with Virtual Private Network Solutions

HHS OCR announced another settlement that is their ninth ransomware investigation and their third settlement as part of their Risk Analysis Initiative. This one stems from a breach by VPN Solutions that was previously reported on this site: Today, the … Continue reading HHS Office for Civil Rights Settles 9th Ransomware Investigation with Virtual Private Network Solutions

HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information

Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach?  The following is HHS OCR’s press release today.  Settleme… Continue reading HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information

HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support ser… Continue reading HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems

Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations

TechCrunch recently did its annual write-up of badly handled data security incidents.  The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from… Continue reading Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations