HIPAA Laws and Regulations

Advice about HIPAA laws and regulations for healthcare industry professionals

Healthplex Pays NYDFS $2 Million to Settle Its Cybersecurity Failures

Healthplex, a notable dental health insurance program provider in New York, consented to settle with the New York Department of Financial Services (NYDFS) regarding alleged NYDFS Cybersecurity Regulation violations. Healthplex is going to pay $2 million as a financial penalty and implement measures to enhance its cybersecurity. The Cybersecurity Regulation was introduced in 2017 and calls for all financial establishments…

Court Rejects Google’s Motion to Dismiss Healthcare Tracking Technology Lawsuit

Google LLC in California is facing a lawsuit with allegations that the tech company illegally obtained personal health information (PHI) through tracking codes installed on healthcare organizations’ websites. Google filed a motion to dismiss, but the court rejected the request, and so most of the claims were permitted to move forward. Google’s tracking technology consists of Google Analytics code, tracking…

City of Oakland Settles its Class Action Data Breach Lawsuits

The City of Oakland, located in California, has decided to resolve a lawsuit due to a ransomware attack and data security breach that impacted over 13,000 present and past employees. The City discovered the attack in February 2023, and sent breach notification letters to the impacted employees at the beginning of March 2023. The Play ransomware group professed to be…

High Severity Vulnerability Identified in INFINITT PACS

INFINITT Healthcare discovered three vulnerabilities in its INFINITT PACS. There was a high-severity vulnerability with publicly accessible exploits. CISA’s alert states that a threat actor can exploit the vulnerabilities even in a low-level attack. Vulnerability CVE-2025-27721 is a high-severity vulnerability. An unauthorized user who successfully exploits the vulnerability would be able to access the system with no need for authorization…