News
Amazon's One Medical Seniors Hit by ShinyHunters Extortion Group: 8.8TB of Legacy Patient Data at Risk · Data BreachOpenLoop Health Telehealth Infrastructure Vendor Breach Exposes Patient Data Across Multiple Digital Health Clients · Data BreachHealthcare AI Vendor Xsolis Breach Exposes 1.4 Million Records Across Seven Hospital Systems Including Mayo Clinic · Data BreachHHS Breach Portal Backlog: OCR Still Adding March 2026 Breaches in Late June — What the Delay Means for Compliance Teams · AnalysisKettering Health Refused to Pay the Ransom. The Data Leaked Anyway: What 1.7 Million Exposed Records Teach About Ransomware and HIPAA · Data BreachOCR Settles Ransomware Investigation with Employer-Sponsored Health Plan for $450,000 · OCR EnforcementWhy a Third of Healthcare Breaches Now Trace Back to a Vendor: A Mid-Year 2026 Analysis · AnalysisFrom 4 Million to 60+ Million: The Conduent Breach Shows How Far Third-Party Risk Reaches · Data BreachNYC Health + Hospitals Breach: 1.8 Million Records Exposed via Third-Party Vendor, Including Biometric Data · Data BreachWhen Your Vendor Is the Breach: Millions of Patient Records Just Hit the HHS Tracker, and the Common Thread Is Third-Party Risk · Data BreachDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesAmazon's One Medical Seniors Hit by ShinyHunters Extortion Group: 8.8TB of Legacy Patient Data at Risk · Data BreachOpenLoop Health Telehealth Infrastructure Vendor Breach Exposes Patient Data Across Multiple Digital Health Clients · Data BreachHealthcare AI Vendor Xsolis Breach Exposes 1.4 Million Records Across Seven Hospital Systems Including Mayo Clinic · Data BreachHHS Breach Portal Backlog: OCR Still Adding March 2026 Breaches in Late June — What the Delay Means for Compliance Teams · AnalysisKettering Health Refused to Pay the Ransom. The Data Leaked Anyway: What 1.7 Million Exposed Records Teach About Ransomware and HIPAA · Data BreachOCR Settles Ransomware Investigation with Employer-Sponsored Health Plan for $450,000 · OCR EnforcementWhy a Third of Healthcare Breaches Now Trace Back to a Vendor: A Mid-Year 2026 Analysis · AnalysisFrom 4 Million to 60+ Million: The Conduent Breach Shows How Far Third-Party Risk Reaches · Data BreachNYC Health + Hospitals Breach: 1.8 Million Records Exposed via Third-Party Vendor, Including Biometric Data · Data BreachWhen Your Vendor Is the Breach: Millions of Patient Records Just Hit the HHS Tracker, and the Common Thread Is Third-Party Risk · Data BreachDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business Associates
settlement

Read the HHS Press Release: Corrective action / RA

Resolution ,

Penalty

Corrective action / RA

Action type

Settlement

Entity profile

Case number

What went wrong

Read the HHS Press Release

Timeline

  • Resolution,
  • Incident and investigation milestones are not consistently published by OCR in machine-readable form.

Key takeaways for your organization

  • Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
  • Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
  • Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.

Related actions

Source

U.S. Department of Health and Human Services release

Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use, not legal advice.