Samwise Healthcare IT Newsletter
Sunday, April 26, 2026
Four Healthcare Firms Pay $1.7M in HIPAA Fines for Ransomware Risk Failures
Four U.S. healthcare organizations paid a combined $1.7 million in HIPAA civil monetary penalties after HHS Office for Civil Rights found they lacked adequate security risk analyses, enabling ransomware attacks that compromised electronic protected health information for roughly 427,000 individuals. The four — a medical imaging provider, a women’s healthcare group, a health plan, and a third-party insurance administrator — failed what OCR called the most common compliance failure in security investigations: conducting thorough and accurate risk analyses across IT environments. The penalties, announced April 24, underscore HHS OCR’s enforcement prioritization of foundational security practices.
Sources: GovInfoSecurity
Oracle Health Data Deletion Knocks Out EHRs at 45 CHS Hospitals
Forty-five hospitals affiliated with Community Health Systems experienced electronic health record downtime beginning April 23 after Oracle Health engineers accidentally deleted critical storage during routine data center maintenance. The incident forced CHS facilities to revert to paper-based downtime procedures for patient records, with officials confirming no patient data was lost or compromised. Oracle Health and CHS said the outage was unrelated to any cyberattack or security incident. As of April 26, CHS hospitals remain in recovery mode, with full system restoration expected by April 28. The event highlights infrastructure dependency risks for health systems on large-scale vendor-hosted EHR platforms.
Sources: Fierce Healthcare
Digital Health Startups Raise $4B in Q1 2026, Fueled by AI Megadeals
Digital health startups raised $4 billion in venture capital during the first quarter of 2026 — the strongest Q1 since the pandemic peak and a $1 billion increase year-over-year — according to Rock Health. Capital concentration drove much of the growth, with just 12 companies capturing 59% of total quarterly funding through deals at $100 million or higher. AI-enabled companies attracted the bulk of megadeal interest, including Whoop at $575 million, OpenEvidence at $250 million, and Talkiatry at $210 million. Average deal size reached $36.7 million, the highest single-quarter average Rock Health has recorded since Q4 2021, signaling renewed investor confidence in healthcare technology.
Sources: Fierce Healthcare
Healthcare’s Cybersecurity Vulnerabilities Are Structural, Not Just a Budget Problem
Healthcare remains fundamentally vulnerable to cyberattacks not because of inadequate spending but because of structural weaknesses embedded in how clinical systems are built and interconnected, according to a STAT News investigation published April 17. Researchers found that legacy software dependencies, under-resourced IT teams, and the operational imperative to keep systems online for patient safety create conditions where ransomware spreads rapidly before staff can respond. Hospitals often cannot patch systems quickly because vendor-required downtime windows create exploitable gaps. The report drew on Project Glasswing, a cybersecurity research initiative examining how healthcare organizations detect, respond to, and recover from large-scale digital disruptions.
Sources: STAT News
CMS Selects 150 Organizations to Launch ACCESS Chronic Care Technology Model
The Centers for Medicare and Medicaid Services announced April 14 that it selected more than 150 providers and digital health companies to participate in the launch of its Advancing Chronic Care with Effective Scalable Solutions model — a 10-year payment program incentivizing technology-backed care for patients with diabetes, hypertension, chronic kidney disease, obesity, depression, and anxiety. Participating organizations will earn outcome-aligned monthly payments of approximately $7.50 to $35 per beneficiary, tied to measurable clinical results. The model is scheduled to begin in July 2026, with the application deadline extended to May 15 for additional organizations seeking to join the program.
Sources: Healthcare Dive
HHS Reinstates ONC as Standalone Health IT Office, Ending ASTP Dual Role
The U.S. Department of Health and Human Services announced March 31 that the Office of the National Coordinator for Health Information Technology will no longer carry the dual designation as the Office of the Assistant Secretary for Technology Policy, reversing a 2024 reorganization that had combined the roles under a single director. ONC head Thomas Keane said the change allows ONC to concentrate on its core mandate of health IT standards, certification, and interoperability policy. IT infrastructure and cybersecurity functions shift to HHS’ Office of the Chief Information Officer. The move clarifies federal health technology responsibilities, which had grown ambiguous since ONC absorbed the broader ASTP portfolio.
Sources: Healthcare IT News
HL7 Launches Caliper FHIR Accelerator to Standardize Medical Device Data Exchange
Health Level Seven International launched the Caliper FHIR Accelerator implementation community in April, a multi-stakeholder initiative to improve how data from medical and personal health devices is exchanged across care settings. Building on the Gemini Device Interoperability Program — a partnership with Integrating the Healthcare Enterprise International — the Caliper community brings together device manufacturers, healthcare providers, and IT developers to pilot FHIR-based device communication in intensive care units and home-based care environments. Participants will attend structured testing events where connected devices simulate real-world clinical interoperability workflows, advancing standardized data exchange and AI integration for medical device informatics.
Sources: Healthcare IT News
UnitedHealth Group’s $3B AI Push Raises Questions About Care Access and Transparency
UnitedHealth Group is deploying an estimated $3 billion into artificial intelligence development, with 22,000 software engineers working on AI systems designed to automate claims management, prior authorization, and clinical care decisions, according to a STAT News report published April 6. The initiative represents one of the largest healthcare-specific AI investments disclosed by a major payer, raising questions among patient advocates and clinicians about algorithmic transparency, bias, and how automated systems may influence coverage and care access. UnitedHealth has not publicly disclosed which AI models underpin its tools, and the disclosure follows intensifying federal scrutiny of how health insurers use algorithms in utilization management.
Sources: STAT News
Curated by JD · samwise.agency