The healthcare industry has seen a dramatic rise in cyberattacks in recent years, many of which have directly impacted patient information and even disrupted the delivery of care. In response, the Office for Civil Rights (OCR) introduced a proposed update to the HIPAA Security Rule in 2024, with changes expected to be finalized by May 2026—the first major overhaul since the 2013 HIPAA Omnibus Rule.

A major focus of the 2026 update is the removal of the term “addressable” from implementation specifications—a clarification intended to eliminate the misconception that “addressable” safeguards were optional. Under the proposal, controls such as multi‑factor authentication (MFA), encryption of data in transit and at rest, and technology asset inventory management would be mandatory, alongside a stronger emphasis on proactive risk analysis and ongoing vulnerability assessments aligned to modern security practices.

Notable requirements emphasized in the proposed update include: comprehensive technology asset inventory and network mapping; formal, repeatable risk analysis; contingency planning and security incident response; routine Security Rule compliance audits and testing of security measures; periodic vulnerability scans and penetration tests; mandatory encryption of all ePHI (at rest and in transit); organization‑wide MFA; network segmentation; anti‑malware protections; technical safeguards for portable devices; robust patch management and removal of unnecessary software; disabling unused network ports; data backups; and strengthened business associate cybersecurity oversight. (Alder, 2026.)

What are the potential fines for violations in 2026 (with OCR enforcement‑discretion caps)?

Below are the four HIPAA civil penalty tiers with per‑violation ranges and the reduced annual caps that OCR has applied under its 2019 Notice of Enforcement Discretion. These inflation‑adjusted amounts are effective for penalties assessed on or after January 28, 2026.

• Tier 1 — Lack of Knowledge: minimum $145 and maximum $36,505.50 per violation; annual cap $36,505.50 for identical provisions. [hipaajournal.com], [mercer.com]
• Tier 2 — Reasonable Cause (not willful neglect): minimum $1,461 and maximum $73,011 per violation; annual cap $146,053 for identical provisions. [hipaajournal.com], [mercer.com]
• Tier 3 — Willful Neglect (corrected within 30 days): minimum $14,602 and maximum $73,011 per violation; annual cap $365,052 for identical provisions. [hipaajournal.com], [mercer.com]
• Tier 4 — Willful Neglect (not corrected within 30 days): minimum $73,011 and maximum $2,190,294 per violation; annual cap $2,190,294 for identical provisions. [hipaajournal.com], [mercer.com]

Note: While HHS publishes the official, inflation‑indexed per‑violation minimums and maximums annually, the lower annual caps for Tiers 1–3 shown here reflect OCR’s enforcement discretion, which multiple compliance sources indicate remains in effect.

Additional references for penalty indexing and caps:

• [HIPAA Journal — HIPAA Violation Fines – Updated for 2026] [hipaajournal.com]
• [Mercer Law & Policy — HHS adjusts 2026 HIPAA monetary penalties] [mercer.com]
• [HIPAA Journal — HHS Updates Civil Monetary Penalty Amounts for HIPAA Violations (Aug. 8, 2024)] [hipaajournal.com]

How RinTech Solutions can help you prepare

These upcoming changes underscore the need for healthcare organizations—and their business associates—to establish more mature, proactive security programs. This is where RinTech Solutions can help bridge the gap. We provide hands‑on support with risk assessments, vulnerability scanning, asset inventory creation, encryption strategies, network segmentation planning, security incident response preparation, and more. By partnering with you, we help uncover your pain points, remediate gaps before they become compliance issues, and build security practices that align fully with the upcoming 2026 requirements.

Now is the time to prepare. If you want to strengthen your organization’s security posture before the new rule takes effect, reach out today. Let’s build a safer, compliant, and resilient environment together.

Reference

Alder, S. (2026). HIPAA Updates and HIPAA Changes in 2026. The HIPAA Journal. https://www.hipaajournal.com/hipaa-updates-hipaa-changes/

Please enable JavaScript in your browser to complete this form.

contact Provide for

Name *

First

Last

Email *

Provide contact details for out team to contact you at.

Submit

When it comes to protecting your business, trust matters. Many small and medium-sized businesses (SMBs) assume that partnering with a large, nationwide cybersecurity corporation guarantees better security. But in reality, this approach introduces risks that local providers like RinTech Solutions are uniquely positioned to avoid.

The Risks of Centralized Cybersecurity

Large Managed Security Service Providers (MSSPs) operate at a massive scale, monitoring thousands of networks across the country. While this sounds impressive, it creates several vulnerabilities:

• Single Point of Failure: If a major provider suffers a breach, thousands of clients are exposed simultaneously.
• Global Distractions: When a nationwide incident occurs, resources shift to high-profile cases, leaving smaller clients with slower response times.
• Data Aggregation Risks: Many large MSSPs centralize client data for analysis. If their data center is compromised, your sensitive information could be part of a massive breach.

Why Local Matters

At RinTech Solutions, we focus exclusively on SMBs in the Tucson area. This local-first approach offers key advantages:

• Dedicated Attention: We’re not juggling thousands of clients across multiple states. Our team is committed to a smaller client base, ensuring faster response and personalized service.
• Isolated Monitoring: Your network is monitored independently, reducing exposure to nationwide or global incidents that affect centralized systems.
• Data Stays Local: We never pull your business data into a centralized location. Only security alerts are sent to RinTech—your sensitive information remains inside your network.

Specific Insights for Tucson SMBs

Local providers understand local challenges:

• Compliance requirements for healthcare, legal, and small medical offices.
• Regional threat trends that national providers might overlook.
• On-site support when needed—something remote-only providers can’t match.

The Bottom Line

Cybersecurity isn’t one-size-fits-all. By trusting a local MSSP like RinTech Solutions, you gain:

• Better security through isolation
• Faster, more attentive service
• Peace of mind knowing your data never leaves your network

Don’t let your business become just another number in a nationwide queue. Choose local. Choose RinTech Solutions.

In early 2025, a sophisticated cyberattack targeted Salesloft, a sales engagement platform, and Drift, a conversational marketing company. The attackers began by compromising Salesloft’s GitHub account, where they downloaded source code and created rogue CI/CD workflows. This allowed them to escalate privileges and pivot into Drift’s AWS environment, where they discovered and exfiltrated OAuth tokens used to integrate with platforms like Salesforce, Slack, and Google.

These stolen tokens were then used to access Salesforce support cases across dozens of companies, including Cloudflare, Zscaler, Palo Alto Networks, and Proofpoint. In some cases, attackers accessed sensitive credentials like API keys, AWS secrets, and Snowflake tokens, leading to a widespread supply chain compromise.

🚨 The Impact

• Over 20 major companies affected
• OAuth tokens stolen and reused to access sensitive data
• Salesforce instances compromised via legitimate-looking API calls
• GitHub and AWS environments abused for lateral movement

🛡️ How RinTech Protects Your Business

At RinTech, we help businesses proactively secure their development environments through tailored consulting and project-based engagements. Here’s how we help prevent attacks like this:

🔄 Migrate Away from GitHub

We assist in migrating your code repositories from GitHub to self-hosted solutions, customized to your infrastructure. This reduces your exposure to public attack surfaces and gives you full control over access and auditing.

🔐 In-House DevOps Security

By managing your DevOps tools in-house:

• You avoid the inherent vulnerabilities of public platforms.
• You gain visibility into every user, commit, and workflow.
• You can enforce VPN-only access to all DevOps tools.

👁️ Endpoint & Network Monitoring

We implement:

• Endpoint monitoring to detect unauthorized repository changes or the creation of new users.
• Network monitoring to flag unusual outbound traffic or API calls to unknown devices — a key indicator of token abuse or data exfiltration.

🧩 Tailored Security Projects

Every client’s infrastructure is different. That’s why RinTech offers custom security project management to:

• Design and deploy secure DevOps pipelines
• Harden cloud and on-prem environments
• Implement secrets management and access controls
• Integrate monitoring tools like Wazuh, Suricata, and Checkmk

Want to know if your current DevOps setup could survive a breach like this?
Contact RinTech Solutions for a security consultation.

In March 2025, DaVita—a major dialysis provider—suffered a ransomware attack that lasted nearly three weeks, from March 24 to April 12, according to Reuters. During this time, attackers gained access to DaVita’s internal lab database, exposing sensitive information including names, addresses, birth dates, medical records, and Social Security numbers of up to 2.7 million patients and users.

The breach was costly—$13.5 million just to restore encrypted data—and devastating in scope. The hacker group Interlock claimed responsibility, stating they exfiltrated over 1.5 terabytes of patient data. According to Fox News, the attackers specifically targeted DaVita’s lab systems, which held highly sensitive patient records.

How Did It Happen?

Based on Interlock’s previous tactics, it’s likely the attackers used phishing emails or compromised websites to trick users into installing a Remote Access Trojan (RAT)—a type of malware that gives attackers full control over the victim’s system. This method, known as a drive-by download attack, often involves a user clicking a seemingly harmless button or link on a compromised site, unknowingly triggering the RAT installation.

Once installed, the RAT enables attackers to:

• Move laterally across the network
• Exfiltrate data silently
• Deploy ransomware payloads

Why Was It Not Detected?

Attacks like this often go unnoticed due to:

• Lack of properly configured SIEM/XDR tools
• Alert fatigue or poor triage in the Security Operations Center (SOC)
• Flat network architecture with no segmentation
• Inadequate user training on phishing and social engineering

How RinTech Solutions Can Help?

At RinTech Solutions, we specialize in defending small businesses against exactly these kinds of threats. Our infrastructure includes enterprise-grade SIEM/XDR and IDS/IPS tools that:

• Monitor system changes in real time
• Detect malicious activity in network traffic
• Alert security personnel to suspicious behavior
• Automatically implement defensive playbooks—like isolating infected devices

We combine this with user training and proactive threat hunting to ensure your business is protected from both known and emerging threats.

Cybersecurity isn’t just for large enterprises. If DaVita—with its resources and scale—can fall victim to a preventable attack, small businesses must be even more vigilant. RinTech Solutions is here to help you stay ahead of the threat curve.

References:
Reuters. (2025). Ransomware attack at DaVita impacted 2.7 million people, US health dept website shows. https://www.reuters.com/business/healthcare-pharmaceuticals/ransomware-attack-davita-impacted-27-million-people-us-health-dept-website-shows-2025-08-21/
Knutsson, K. (2025). Nearly a million patients hit by DaVita dialysis ransomware attack. Fox News. https://www.reuters.com/business/healthcare-pharmaceuticals/ransomware-attack-davita-impacted-27-million-people-us-health-dept-website-shows-2025-08-21/