HIPAA Laws and Regulations
Advice about HIPAA laws and regulations for healthcare industry professionals
High Severity Vulnerability Identified in INFINITT PACS
INFINITT Healthcare discovered three vulnerabilities in its INFINITT PACS. There was a high-severity vulnerability with publicly accessible exploits. CISA’s alert states that a threat actor can exploit the vulnerabilities even in a low-level attack. Vulnerability CVE-2025-27721 is a high-severity vulnerability. An unauthorized user who successfully exploits the vulnerability would be able to access the system with no need for authorization…
Columbus Regional Healthcare to Pay $1,175,000 to Resolve Data Breach
Columbus Regional Healthcare has decided to pay $1,175,000 to settle litigation associated with a data breach in May 2023. The breach was discovered on May 21, 2023, and based on forensic investigation, hackers got access to areas of its system from May 19, 2023 to May 21, 2024, which included systems containing the personal data and protected health information (PHI)…
Judge Okays $7 Million Settlement with Brightline Data Breach
Virtual mental health service provider Brightline is to pay $7 million to settle a lawsuit associated with a hacking incident involving the Clop threat group in 2023 that led to the stealing of the protected health information (PHI) of about 1 million people. The Clop threat group stole data from 130 companies in January 2023 and Brightline was one of…
Hapy Bear Surgery Center Settle Data Breach Lawsuit
Hapy Bear Surgery Center is facing a class action lawsuit over a December 2023 ransomware attack but it settled for a sum of money that is undisclosed. The pediatric dental clinic in Tulare, California discovered the cyberattack on or about December 27, 2024, and reported on March 19, 2024 the potential access or theft of data including names, addresses, medical…
Does HIPAA apply to community outreach initiatives?
HIPAA applies to community outreach initiatives when they involve the use, disclosure, or handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, or their business associates, requiring adherence to the HIPAA Privacy Rule and HIPAA Security Rule to protect the confidentiality and integrity of the medical information. When outreach efforts involve sharing PHI for…
Does HIPAA allow email marketing in healthcare?
Yes, HIPAA allows email marketing in healthcare only if the emails comply with the Privacy and Security Rules, which require obtaining prior authorization from patients when protected health information (PHI) is used, ensuring the emails are encrypted to safeguard PHI during transmission, and adhering to strict limitations on the content to prevent unauthorized disclosure of sensitive information. The HIPAA Privacy…