HIPAA Laws and Regulations

Advice about HIPAA laws and regulations for healthcare industry professionals

City of Oakland Settles its Class Action Data Breach Lawsuits

The City of Oakland, located in California, has decided to resolve a lawsuit due to a ransomware attack and data security breach that impacted over 13,000 present and past employees. The City discovered the attack in February 2023, and sent breach notification letters to the impacted employees at the beginning of March 2023. The Play ransomware group professed to be…

High Severity Vulnerability Identified in INFINITT PACS

INFINITT Healthcare discovered three vulnerabilities in its INFINITT PACS. There was a high-severity vulnerability with publicly accessible exploits. CISA’s alert states that a threat actor can exploit the vulnerabilities even in a low-level attack. Vulnerability CVE-2025-27721 is a high-severity vulnerability. An unauthorized user who successfully exploits the vulnerability would be able to access the system with no need for authorization…

Hapy Bear Surgery Center Settle Data Breach Lawsuit

Hapy Bear Surgery Center is facing a class action lawsuit over a December 2023 ransomware attack but it settled for a sum of money that is undisclosed. The pediatric dental clinic in Tulare, California discovered the cyberattack on or about December 27, 2024, and reported on March 19, 2024 the potential access or theft of data including names, addresses, medical…

Does HIPAA apply to community outreach initiatives? 

HIPAA applies to community outreach initiatives when they involve the use, disclosure, or handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, or their business associates, requiring adherence to the HIPAA Privacy Rule and HIPAA Security Rule to protect the confidentiality and integrity of the medical information. When outreach efforts involve sharing PHI for…