Search

Deer Oaks HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has entered into a Resolution Agreement and Corrective Action Plan with Deer Oaks, a covered entity under HIPAA. The agreement resolves allegations of impermissible disclosure of protected health information (PHI) and a subsequent data breach, requiring Deer Oaks to pay a resolution amount and implement corrective actions.

Comstar, LLC HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) has entered into a resolution agreement with Comstar, LLC, a business associate under HIPAA. Comstar will pay $75,000 and comply with a corrective action plan to resolve alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a ransomware attack affecting 585,621 individuals.

HHS - Syracuse ASC Pays $250,000 for HIPAA Violations

The U.S. Department of Health and Human Services (HHS) has reached a resolution agreement with Syracuse ASC, L.L.C. for violations of HIPAA Rules. Syracuse ASC will pay $250,000 and comply with a Corrective Action Plan to address failures in risk analysis and timely breach notifications.

PCAOB Censure and $50,000 Fine for Fruci & Associates II, PLLC

The PCAOB has censured Fruci & Associates II, PLLC, imposed a $50,000 civil penalty, and mandated remedial actions. The sanctions stem from findings that the firm violated PCAOB rules and quality control standards in audits of issuers like Clean Vision Corp. and Hammer Fiber Optics Holdings Corp.

PCAOB Censure and Registration Revocation of Zwick CPA, PLLC

The PCAOB has censured Zwick CPA, PLLC and its principal, Jack Zwick, revoked the firm's registration, and barred Zwick from the profession. The firm and Zwick were jointly and severally fined $50,000 for violations of PCAOB rules and standards in an audit of an issuer client.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.

ISO 20022 Payments Standard Deadline Approaching

SWIFT has issued a notice reminding financial institutions that the ISO 20022 standard for cross-border payments will become mandatory on November 22, 2025, ending the coexistence period with older MT formats. Institutions must complete their migration and testing to avoid disruptions and potential charges.

NCSC Alert: Cisco SD-WAN Exploited Globally

The UK's NCSC, along with international partners, has issued an alert regarding the exploitation of Cisco Catalyst SD-WAN devices. Threat actors are gaining root and persistent access, and organizations are urged to investigate potential compromises and apply security updates.

CISA Advisory: Trane Tracer SC/SC+/Concierge Vulnerabilities

CISA issued an advisory regarding multiple vulnerabilities (CVE-2026-28252, CVE-2026-28253, CVE-2026-28254) affecting Trane Tracer SC, Tracer SC+, and Tracer Concierge systems. Exploitation could lead to sensitive information disclosure, arbitrary command execution, or denial-of-service.

Class 2 Medicines Recall: Curaleaf Oil

The Medicines and Healthcare products Regulatory Agency (MHRA) has issued a Class 2 Medicines Recall for three batches of Curaleaf Oil due to low THC content. Healthcare professionals are instructed to stop supplying the affected batches immediately.