Europol Takes Down Illegal Crypto Mixing Laundering Service Used by Ransomware Actors
A cryptocurrency mixing service used by criminals to launder the proceeds from their illegal activities has been shut down by Europol, Eurojust, and law enforcement agencies in Switzerland and Germany. Cybercriminals, such as ransomware actors, typically receive payment for their attacks in cryptocurrency. Cryptocurrency transactions are not anonymous, as all transactions are recorded on the public blockchain and can be traced to the wallets receiving the funds. That means the proceeds from cybercrime can be traced to individuals if the wallet address is linked to a real-world identity. Cybercriminals use cryptocurrency mixing services to launder the proceeds from their attacks, then redirect their anonymized funds to cryptocurrency exchanges to cash out. The law enforcement operation was a week-long effort – Operation Olympia – between November 24 and November 26, targeting Cryptomixer, an illegal cryptocurrency mixing service that law enforcement agencies have been trying to shut down since its creation in 2016. According to Europol, Cryptomixer was the mixing service of...
Texas Attorney General Dismisses Complaint Against HHS Seeking Vacatur of HHS Final Rules
Texas Attorney General Ken Paxton has filed a joint stipulation of dismissal without prejudice, seeking to dismiss all claims in a September 2024 complaint against the U.S. Department of Health and Human Services (HHS), former HHS Secretary Xavier Becerra, and former Office for Civil Rights (OCR) Director Melanie Fontes Rainer. On November 24, 2025, the court granted Paxton’s request and dismissed the lawsuit. The complaint was filed in response to the HIPAA Privacy Rule to Support Reproductive Healthcare Privacy Final Rule issued by the Biden Administration and added to the Federal Register in April 2024. The complaint sought declaratory and injunctive relief against the enforcement of the rule by the HHS, and to vacate another final rule, the HIPAA Privacy Rule of 2000. AG Paxton alleged that the HHS had overstepped its authority when issuing both final rules. The decision to dismiss the lawsuit was likely influenced by a ruling in a separate lawsuit, filed in Texas last year by Dr. Carmen Purl, who runs Dr. Purl’s Fast Care Walk-in Clinic in Dumas, Texas. The lawsuit, Carmen...
OCR Requests HIPAA Risk Management Questions for Upcoming Video Presentation
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is working on a video presentation to explain the requirements of the risk management process of the HIPAA Security Rule and has requested risk management questions from HIPAA-regulated entities. The risk analysis is a foundational element of the HIPAA Security Rule that requires risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) to be identified. OCR frequently identifies risk analysis failures in its investigations of data breaches, complaints, and through its HIPAA compliance audit program, including incomplete and nonexistent risk analyses. It is the most commonly identified HIPAA Security Rule violation, and a frequent reason for imposing a financial penalty. OCR has released guidance to help HIPAA-regulated entities conduct a risk analysis, and a downloadable risk assessment tool for small- and medium-sized regulated entities to guide them through the process. After conducting a risk analysis, all identified risks and...
Can Doctors Share Patient Information with Other Doctors?
Doctors can share patient information with other doctors provided the disclosure complies with the HIPAA Privacy Rule – and a Business Associate Agreement is entered into when required – and provided the patient information is not restricted by the patient or subject to HIPAA’s authorization requirements. When asked the question can doctors share patient information with other doctors, many sources refer to §164.506 of the HIPAA Privacy Rule – “Uses or disclosures to carry out treatment, payment, or health care operations”. The section states doctors can share patient information with other doctors for treatment purposes, even if the two doctors are – or work for – different covered entities. If patient information is shared for any other purpose (i.e., health care operations), the two doctors either have to be working for the same covered entity or there must a relationship between the two covered entities relating to the individual who is the subject of the information being shared. In such circumstances, the sharing of patient information may be subject to the...
Kaiser Foundation Health Plan Settles Unwanted Text Message Lawsuit
The risk of sending unwanted marketing communications to consumers has been highlighted by a $10.5 million settlement with Kaiser Foundation Health Plan, which is alleged to have continued sending marketing text messages to individuals who opted out of receiving marketing communications. Legal action was taken against Kaiser Foundation Health Plan, doing business as Kaiser Permanente, by Jonathan Fried, who alleged that the defendant violated federal and Florida state law by continuing to send marketing text messages after he had submitted an opt-out request to stop receiving the communications. The lawsuit, Jonathan Fried v. Kaiser Foundation Health Plan, Inc., d/b/a Kaiser Permanente, was filed individually and on behalf of similarly situated individuals over the alleged sending of unwanted text messages marketing Kaiser Permanente’s products and services. According to the lawsuit, the defendant sent or failed to stop further messages from being sent after consumers replied with the word STOP or performed a similar opt-out instruction. According to the lawsuit, the failure...



