Tech »  Topic »  Fitness Firm Pays Feds $228K in Misconfiguration Breach

Fitness Firm Pays Feds $228K in Misconfiguration Breach

2 days, 20 hours ago   bankinfosecurity

Settlement Is 5th HIPAA Enforcement Action Under HHS's OCR Risk Analysis Initiative Marianne Kolbasuk McGee (HealthInfoSec) • March 25, 2025

Official crest of the Office for Civil Rights. (Image: HHS OCR)

An Illinois-based firm that provides fitness and wellness plans to clients throughout the U.S. has agreed to pay federal regulators a settlement of nearly $228,000 and implement a corrective action plan following an IT misconfiguration incident caused several breaches in late 2018 and early 2019.

See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience

The settlement resolves a U.S. Department of Health and Human Services' Office for Civil Rights investigation into Health Fitness, which the agency initiated after receiving four breach reports from the company - filed as a business associate on behalf of multiple covered organizations - between Oct. 15, 2018 and Jan. 25, 2019.

The settlement with Health Fitness is HHS OCR's fifth enforcement action involving ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE