HIPAA Training for Clearinghouse Staff
HIPAA training for clearinghouse staff is mandatory workforce training on the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule that prepares personnel who create, transmit, process, or store electronic protected health information in standard transactions to prevent impermissible uses and disclosures, apply administrative and technical safeguards, and recognize and report security incidents and potential breaches during routine clearinghouse operations. Healthcare clearinghouses support electronic healthcare transactions and related data handling that can include eligibility inquiries, claim status requests, claims submission, remittance advice, enrollment transactions, coordination of benefits, and companion administrative processes that transform or route data between entities. Clearinghouse staff may interact with protected health information through intake validation, transaction editing, error correction, exception queues, customer support tickets, file transfers, portal access, and reporting functions. Operational...
Notifications Issued About MedStar Health Data Breach
MedStar Health, a non-profit health system that operates 10 hospitals in the Baltimore-Washington metropolitan area, has recently disclosed a cyberattack and data breach that was first identified on October 4, 2025. The forensic investigation confirmed that an unauthorized third party gained access to certain internal systems that contained patient data between September 12, 2025, and September 16, 2025. The files accessed in the attack were reviewed, and on November 12, 2025, MedStar Health confirmed that the compromised files contained patient data, including names, dates of birth, Social Security numbers, and potentially diagnoses, medications, test results, images, health insurance, and treatment information. MedStar Health said that prior to the attack, physical, technical, and administrative safeguards had been implemented to safeguard patient data. On this occasion, they failed to detect and block the attack. MedStar Health said it continuously evaluates its cybersecurity measures and will continue to do so in the future. On December 3, 2025, notification letters started to...
Brevard Skin and Cancer Center Announces September Cyberattack
Brevard Skin and Cancer Center, a dermatology practice in Brevard, Florida, has fallen victim to a cyberattack that was first identified on October 14, 2025. Immediate action was taken to secure its systems, and third-party cybersecurity experts were engaged to investigate the nature and scope of the unauthorized activity. The forensic investigation confirmed that an unauthorized third party first gained access to its network on September 28, 2025, and accessed and exfiltrated certain files from its network. Brevard Skin and Cancer Center has been reviewing the affected files to determine the types of data involved and the individuals affected, and can now confirm that the personal and protected health information of current and former patients was involved. The affected data varies from individual to individual and may include names in combination with one or more of the following: date of birth, home address, Social Security number, phone number, diagnosis and clinical information, e-mail address, and billing and claims information. Employee data was also compromised in the...
Henry Ford Health Notifies 2,000 Patients About Insider Data Breach
An insider data breach has been reported by Henry Ford Health in Michigan, and Wilmington Community Clinic has notified patients about an August cybersecurity incident. Henry Ford Health, Michigan Detroit, MI-based Henry Ford Health, one of the leading non-profit academic health systems in the country, has recently reported a data breach to the HHS’ Office for Civil Rights that has affected 1,984 patients. Few details have been released about the data breach, other than that it involved unauthorized access to a desktop computer. This appears to have been an insider incident, as Henry Ford Health issued a statement confirming that it takes data privacy seriously and has terminated the employee responsible. The nature of the unauthorized access was not disclosed, nor the types of information that may have been accessed. Notification letters have been sent to the affected individuals, who have been offered complimentary credit monitoring services. Wilmington Community Clinic, California Wilmington Community Clinic, a community health center in Los Angeles, California, has started...
High-severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software
A patch has been released to fix a high-severity vulnerability in AJAT Panoramic Dental Imaging software. The bug, tracked as CVE-2024-22774, affects the AJAT Panoramic Dental Imaging Software SDK and makes it vulnerable to DLL hijacking, potentially allowing an attacker to obtain NT Authority/SYSTEM as a standard user. The vulnerability was identified by security researcher Damian Semon Jr. of Blue Team Alpha Inc. and affects AJAT Panoramic Dental Imaging Software versions prior to 6.6.1.490. The vulnerability is due to an uncontrolled search path element, and allows an attacker to escalate privileges via the ccsservice.exe component. The vulnerability is rated high-severity, with a CVSS v4 base score of 8.5 and a CVSS v3.1 base score of 7.8. The software is owned by Varex Imaging, after it acquired Direct Conversion Lt (formerly Oh AJAT Ltd). Varex Imaging has released a patch to fix the vulnerability, and all users have been advised to install it as soon as possible. Users should follow the patching instructions, which require the installation executable to be run on each...



