Singing River Health System Investigating Cyberattack
Singing River Health System, the largest health system on the Mississippi Gulf Coast, has announced that action has been taken to address a cyber incident, which was identified in the early stages of the attack. Per its incident response procedures, internet access was cut while the incident was investigated, and access to the MyChart patient portal was temporarily blocked. The threat was determined to have been mitigated, as access to the MyChart portal has now been restored. The investigation into the incident is ongoing, and it has yet to be determined if the attack was blocked in time to prevent unauthorized access to patient records. This is the second known attack on the health system in the past two years. In 2023, the health system experienced a Rhysida ransomware attack that involved unauthorized access to the protected health information of 895,000 individuals. Update: Almost 54,000 individuals were affected by the incident. Consonus Healthcare Services, Oregon Consonus Healthcare Services in Milwaukie, OR, part of the senior living chain Marquis Companies, has...
AllerVie Health Patients Affected by Ransomware Attack
AllerVie Health, a Frisco, TX-based provider of allergy and immunology services, has announced a security incident that exposed personally identifiable information. Unusual network activity was identified on November 2, 2025, and an investigation was launched to determine the cause of the activity. The investigation confirmed unauthorized access to its network between October 24, 2025, and November 3, 2025, and during that time, “a limited amount of information was subject to unauthorized access.” The file review revealed on November 24, 2025, that names, Social Security numbers, driver’s license numbers, and state identification numbers were involved. The affected individuals were notified by mail on December 22, 2025, and have been offered complimentary credit monitoring and identity theft protection services. Allervie Health said it has reviewed its policies and procedures related to data protection. The number of affected individuals has yet to be confirmed. While not stated by Allervie Health in its notification letters, this appears to have been a ransomware attack by the...
Artemis Healthcare Falls Victim to Ransomware Attack
Tennessee-based Artemis Healthcare has experienced a ransomware attack involving data theft, and email account breaches have been announced by Greater St. Louis Oral & Maxillofacial Surgery in Missouri and St. John’s Riverside Hospital in New York. Artemis Healthcare, Tennessee Artemis Healthcare in Nashville, Tennessee, has recently announced a data security incident that was identified on May 31, 2025. According to the notification sent to the Vermont Attorney General, Artemis Healthcare confirmed that it was the target of a ransomware group, which accessed its network from May 5, 2025, to May 31, 2025. The investigation confirmed on September 12, 2025, that the ransomware group accessed personally identifiable and protected health information, including names, addresses, dates of birth, Social Security numbers, and health information. The Crypto24 ransomware group took responsibility for the attack and claimed on its dark web data leak site to have exfiltrated 1 terabyte of data, including image files for millions of patients. The stolen data has been leaked, indicating the...
New HIPAA Regulations in 2026
New HIPAA regulations may be implemented in 2026, such as the proposed update to the HIPAA Privacy Rule, a final rule for which is long overdue. An update to the HIPAA Security Rule was proposed in January 2025, and OCR has pencilled in a May 2026 date for issuing a final rule implementing the HIPAA Security Rule updates, although it is up to the current administration to determine whether a final rule will be issued. New HIPAA regulations were implemented in 2024 when a final rule was published updating the HIPAA Privacy Rule to strengthen reproductive health care privacy, and a final rule was published aligning the Part 2 regulations more closely with HIPAA, although in June 2025, the HIPAA Privacy Rule to strengthen reproductive health care privacy was vacated nationally by a Texas judge. This article explains the implemented and proposed new HIPAA regulations and can be used in conjunction with our HIPAA compliance checklist to help better understand how the HIPAA updates for 2026 may impact HIPAA compliance. Please use the form on this page to request your free copy of the...
New Liberty Hospital; New York Blood Center; Memorial Blood Centers Settle Data Breach Lawsuits
New Liberty Hospital in Missouri, Memorial Blood Centers in Minnesota, and the New York Blood Center have settled class action lawsuits over cyberattacks that exposed patient data. New Liberty Hospital Corporation A $1,500,000 settlement has received preliminary approval from the court to resolve a class action lawsuit against Liberty Hospital in Missouri over a 2023 data breach involving the protected health information of 264,541 individuals. Liberty Hospital experienced a cyberattack on or around December 19, 2023. While it is unclear if data was encrypted in the attack, a ransom note was received, and the attacker claimed to have downloaded sensitive data from its network. The investigation confirmed that protected health information had been accessed and potentially obtained in the attack, including names, addresses, email addresses, telephone numbers, dates of birth, medical records, medical treatment information, diagnoses, Social Security numbers, and health insurance information. The affected individuals were notified on or around February 8, 2024. The first class action...



