Mt. Spokane Pediatrics Data Breach Affects 32,000 Patients
A cyberattack on Mt. Spokane Pediatrics exposed the data of more than 32,000 patients. Data breaches have also been announced by Cornerstone Care Center in California and Michigan Medicine. Mt. Spokane Pediatrics Mt. Spokane Pediatrics in Washington state has started notifying 32,021 individuals about the theft of some of their personal and protected health information in a January 2026 cyberattack. According to its website breach notice, the attack occurred on or around January 1, 2026, and the threat actor was found to have exfiltrated files containing patients’ protected health information. The forensic investigation determined on April 22, 2026, that the data exfiltrated in the attack included full names, dates of birth, Social Security numbers, diagnoses, treatment information, patient numbers, medical record numbers, health plan beneficiary numbers, and dates of service. Mt. Spokane Pediatrics said it is unaware of any actual or attempted fraud as a result of the data breach. Complementary single-bureau credit monitoring services have been offered to the affected individuals...
Rhode Island Finalizes $12 Million Settlement With Deloitte Consulting Over RIBridges Cyberattack
An agreement has been reached between the state of Rhode Island and Deloitte Consulting LLP that will see the professional services firm pay an additional $7 million in financial support to the state following the 2024 cyberattack on the state’s benefits administration system – RIBridges. RIBRidges is Rhode Island’s one-stop shop for public benefits for state residents, including applications and management of Medicaid, food stamps, and other benefits. In November 2024, Deloitte Consulting identified the intrusion and took steps to secure the system. The state was notified about the hack in early December. The investigation confirmed that hackers had access to the system for around 5 months, during which time they gained access to around 28 of the 338 backend environments of the system and exfiltrated sensitive data, including the data of almost 650,000 Rhode Island benefits applicants and recipients – around 59% of the population of the state. The Brain Cipher ransomware group claimed responsibility for the attack, boasting that access was gained by cracking an 8-character...
OCR Reports to Congress on HIPAA Compliance and Data Breaches in 2023
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has submitted a pair of reports to Congress on the state of compliance with the Health Insurance Portability and Accountability (HIPAA) Privacy, Security, and Breach Notification Rules, and breaches of unsecured protected health information for calendar year 2023, as required by Section 13424(a) of the Health Information Technology for Economic and Clinical Health (HITECH) Act. OCR maintains a data breach portal, through which HIPAA-regulated entities must submit their reports of breaches of unsecured protected health information, and a web page through which individuals may submit a health information privacy complaint. There has been a general trend of increasing data breaches and complaints, which is placing greater pressure on OCR’s limited resources; however, OCR made progress in decreasing the backlog of complaint and data breach investigations in 2023. The reports show data breaches affecting fewer than 500 individuals increased by 7% year-over-year, data breaches affecting 500 or more...
March 2026 Healthcare Data Breach Report
In March 2026, 66 healthcare data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil Rights (OCR). More than 8.7 million individuals had their personal and protected health information exposed, stolen, or otherwise impermissibly disclosed. Under the HITECH Act of 2009, OCR is required to publish a summary of large healthcare data breaches – incidents involving the exposure, theft, or impermissible disclosure of the electronic protected health information of 500 or more individuals. OCR checks all breach reports submitted through its data breach portal, then adds the data breaches to the public-facing section of the portal. Typically, there is a delay of up to 2 weeks from the receipt of a breach report to its addition to the breach portal. During the month of March, no data breaches were added to the portal for March. March data breaches started to be added to the portal in mid-April, hence the delay in publication of this breach report. Since this breach report was first published on May 11, 2026, a further 22 data breaches were added to the...
5 HIPAA Compliance Tips for Medical Office Managers
Article Summary What HIPAA requires from medical office managers spans the Privacy Rule, Security Rule, and Breach Notification Rule. Tip 1 treats policies as living documents reviewed on a recurring schedule rather than left unchanged after they are written. Tip 2 builds HIPAA training into the practice calendar as a recurring event with documented completion records. Tip 3 reviews access permissions on a periodic schedule in addition to reviews triggered by a role change. Tip 4 establishes a written security incident procedure before an incident occurs. Tip 5 tracks Business Associate Agreements with the same discipline used to track staff credentials. HIPAA compliance software for office managers centralizes policy, risk analysis, training, and vendor agreement documentation. Medical Office Manager’s Central Role Medical office managers sit at the center of every operational workflow in a small or mid-sized practice. They are the people who translate HIPAA’s legal requirements into the daily routines that keep patient information protected, staff aligned with the...



