HIPAA Laws and Regulations
Advice about HIPAA laws and regulations for healthcare industry professionals
Reid Health Resolves Data Breach Lawsuit Involving Meta Pixel
Reid Hospital & Health Care Services, Inc., also known as Reid Health, in Richmond, Indiana, has made the decision to settle the class action lawsuit linked to the claimed usage of Meta Pixel and other tracking codes on its website. Based on the Jane Doe v. Reid Health litigation, registered in Wayne County Superior Court, Indiana, Reid Health, a HIPAA-covered…
Healthplex Pays NYDFS $2 Million to Settle Its Cybersecurity Failures
Healthplex, a notable dental health insurance program provider in New York, consented to settle with the New York Department of Financial Services (NYDFS) regarding alleged NYDFS Cybersecurity Regulation violations. Healthplex is going to pay $2 million as a financial penalty and implement measures to enhance its cybersecurity. The Cybersecurity Regulation was introduced in 2017 and calls for all financial establishments…
Public Health Emergency in Texas Prompts Limited Waiver of HIPAA Sanctions & Penalties
On July 8, 2025, HHS Secretary Robert F. Kennedy Jr. mentioned the declaration of a Public Health Emergency in Texas due to severe storms, flooding, and straight-line winds starting July 2, 2025. The HHS Secretary also reported a limited waiver of HIPAA sanctions and penalties for HIPAA-covered hospitals in some Texas locations under the PHE for a period. The PHE…
Court Rejects Google’s Motion to Dismiss Healthcare Tracking Technology Lawsuit
Google LLC in California is facing a lawsuit with allegations that the tech company illegally obtained personal health information (PHI) through tracking codes installed on healthcare organizations’ websites. Google filed a motion to dismiss, but the court rejected the request, and so most of the claims were permitted to move forward. Google’s tracking technology consists of Google Analytics code, tracking…
City of Oakland Settles its Class Action Data Breach Lawsuits
The City of Oakland, located in California, has decided to resolve a lawsuit due to a ransomware attack and data security breach that impacted over 13,000 present and past employees. The City discovered the attack in February 2023, and sent breach notification letters to the impacted employees at the beginning of March 2023. The Play ransomware group professed to be…
High Severity Vulnerability Identified in INFINITT PACS
INFINITT Healthcare discovered three vulnerabilities in its INFINITT PACS. There was a high-severity vulnerability with publicly accessible exploits. CISA’s alert states that a threat actor can exploit the vulnerabilities even in a low-level attack. Vulnerability CVE-2025-27721 is a high-severity vulnerability. An unauthorized user who successfully exploits the vulnerability would be able to access the system with no need for authorization…