Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
Serviceaide Pays $1.8 Million to Settle Data Breach Litigation
Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million to settle a lawsuit stemming from a 2024 data breach that exposed the protected health information of patients of its client, Catholic Health. Catholic Health is a Buffalo, NY-based non-profit healthcare system serving patients in Western New
Greater Rochester Independent Practice Association Settles MOVEit Data Breach Litigation
A settlement has been agreed to resolve claims against Greater Rochester Independent Practice Association (GRIPA) arising from the May 2023 data breach involving Progress Software’s MOVEit file transfer solution. In May 2023, the Russian-speaking hacking group CL0p mass exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution. Cl0p exploi

Verizon Releases Inaugural Breach Impact Study
Verizon Business has released the findings from its inaugural Breach Impact Study , which focuses on the financial impact of data breaches. The BIS report is from the same authoring team as the Verizon Data Breach Investigations Report and was produced in partnership with CyberAcuView. The report is based on an analysis of around 70,000 U.S. cyber insurance claims, including 38
Take the Guesswork out of HIPAA Compliance for Small Practices
Removing guesswork from HIPAA compliance means replacing assumptions about what a practice has covered with a documented process that maps directly to the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, and the HIPAA Breach Notification Rule. Small practices frequently operate on inherited assumptions: a predecessor set up a policy years ago, a staff member att
HHS Provides Update on its Artificial Intelligence RFI
The Department of Health and Human Services (HHS) has provided an update on how it plans to accelerate the adoption of artificial intelligence (AI) in clinical care settings. AI has tremendous potential for improving efficiency in healthcare, achieving better patient outcomes, and lowering healthcare costs for Americans; however, there are risks associated with AI implementatio
DOJ’s Using Advanced Data Analytics and AI Tools to Combat Healthcare Fraud Before Payment
The U.S. government has announced record-breaking Medicaid fraud charges as part of its 2026 National Health Care Fraud Takedown, with the enforcement action resulting in charges for 455 defendants, including more than 90 doctors and other licensed medical professionals, in connection with more than $6.5 billion in healthcare fraud and opioid abuse claims. The enforcement actio
Allina Health System to Pay $12.5 Million to Settle Pixel Litigation
Allina Health System, a nonprofit health system based in Minneapolis, Minnesota, that serves patients in Minnesota and Western Wisconsin, has agreed to pay $12,500,000 to resolve litigation over its use of website tracking technologies such as pixels. Those tools were alleged to have resulted in the disclosure of personally identifiable information (PII) and protected health in
Data Breaches Reported by Amicus Solutions: Huntsville Hospital Health System
Amicus Solutions (Fedora Solutions) has been affected by a cybersecurity incident, and Huntsville Hospital has confirmed it was affected by a January 2025 breach at Cerner (Oracle Health). Amicus Solutions Amicus Solutions, Inc., doing business as Fedora Solutions, a provider of managed IT and revenue cycle management services, has experienced a cybersecurity incident involving
Washington Dept. Health & Social Services Insider Breach Affects 8,600 Individuals
The Washington Department of Social and Health Services (DSHS) has identified an insider data breach involving unauthorized access to the protected health information of approximately 8,600 individuals. Insider threats are a major problem in healthcare, more so than in other sectors. While most insider incidents are unintentional, and snooping on medical records is a common cau
Remote Desktop Tools are the Front Door in Healthcare, and Hackers are Walking Through
There is some positive news from the data collected by cybersecurity firm SonicWall, as cyberattacks have declined by up to 57% in some sectors; however, the healthcare industry has seen the smallest decline out of all tracked verticals, registering just a 17% year-over-year decline, compared to -23% for professional services, -42% for education, -46% for retail and -57% for ma
South Florida Injury Centers; Chickasaw Nation Department of Health Report Data Breaches
A hacking incident has been reported by South Florida Injury Centers, and Chickasaw Nation Department of Health has discovered that an employee accessed patient data without authorization. South Florida Injury Centers South Florida Injury Centers, Inc., a medical practice with locations in Tamarac and Port Saint Lucie that specializes in treating patients injured in automobile
High-Severity Vulnerability Identified in OHIF Viewers DICOM
A high-severity vulnerability has been identified in OHIF (Open Health Imaging Foundation) Viewers DICOM, which could be exploited to steal an authenticated clinician’s token via a crafted link. The Server-Side Request Forgery (SSRF) vulnerability is tracked as CVE-2026-12473 and has a CVSS base score of 8.2 (v3.1) and 8.3 (v4.0). The vulnerability is due to two data sources –
Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit
Okanogan Behavioral Healthcare, a provider of holistic behavioral health services in Okanogan County, Washington, has agreed to settle a class action lawsuit stemming from a May 2024 data breach that affected 26,429 individuals. A network intrusion was identified on May 15, 2024, and the forensic investigation determined that an unauthorized third party had access to its networ
Minnesota Epilepsy Group; Campbell University; City of Middletown Announce Data Breaches
Data breaches have been announced by Minnesota Epilepsy Group, Campbell University, and the City of Middletown, Ohio. Minnesota Epilepsy Group Minnesota Epilepsy Group, the largest epilepsy center in the Midwest, has started notifying current and former patients about a recent cybersecurity incident that may have resulted in unauthorized access to the protected health informati
Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches
Data security incidents have been announced by the Colorado Health Network and Kentucky Mountain Health Alliance. In both cases, only limited information has been released about the nature of the incidents. Colorado Health Network Colorado Health Network Inc., a nonprofit organization that provides health and support services to individuals with HIV/AIDS across Colorado, has re
HIPAA Security Rule Training for Business Associates
HIPAA Business Associates that create, receive, maintain, or transmit electronic Protected Health Information on behalf of HIPAA-covered entities are directly subject to the HIPAA Security Rule and must provide security awareness training to their entire workforce, not only to staff who work on healthcare-specific accounts or handle patient data as part of their primary functio
Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness
Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being implemented without the secure infrastructure to support them. Most healthcare practices have meaningful gaps in cyberattack recovery readiness, face ongoing and regular third-party vendor disruptions, and there is growing concern that a c
Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit
Bradford Health Services, LLC, and Bradford Health Partners, LLC, were sued over a December 2023 cybersecurity incident that exposed the personal and protected health information of current and former patients. The lawsuit states 32,425 individuals were affected by the incident. The data breach was reported to the HHS’ Office for Civil Rights as involving the protected health i
Hillcrest Convalescent Center Settles Class Action Data Breach Litigation
Hillcrest Convalescent Center, a short-term inpatient rehabilitation and skilled nursing facility in Durham, North Carolina, has agreed to settle class action litigation over a June 2024 cyberattack. Hackers breached its network, resulting in unauthorized access to and the potential theft of patients’ personal and protected health information. The hackers had access to informat