Photo of Kristina Abdalla

Kristina Abdalla

Kristina advises clients on healthcare regulatory compliance. Her passion for healthcare law was solidified during her time in law school, particularly through a transactional drafting course that highlighted the importance of clarity in legal agreements and a seminar that ignited her interest in the Health Insurance Portability and Accountability Act (HIPAA) and medical privacy.

Follow:Read more about Kristina AbdallaKristina's Linkedin Profile
dataLocks148650499

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

The healthcare sector continues to grapple with an unrelenting wave of cyberattacks, with a notable shift in 2024 and 2025 toward targeting third-party vendors and business associates entrusted with sensitive protected health information (“PHI”). This trend has led to a surge in data breaches, affecting tens of millions of Americans and prompted heightened regulatory scrutiny over how healthcare providers manage and oversee their vendor relationships. 

Judge's gavel on table in office

A federal judge has issued a preliminary injunction halting the Department of Health and Human Services’ (HHS) 340B Rebate Model Pilot Program, which was scheduled to take effect on January 1, 2026. The December 29, 2025 ruling temporarily prevents implementation of the rebate program that would have fundamentally changed how safety-net hospitals and clinics purchase discounted drugs under the 340B Drug Pricing Program.

Judge's gavel on table in office

The Wyoming Supreme Court began the year 2026 with a landmark decision in State v. Johnson, 2026 WY 1, delivering a ruling with implications that extend far beyond its immediate outcome. While headlines will focus on the Court’s decision to strike down Wyoming’s comprehensive abortion restrictions—the Life is a Human Right Act (“Life Act”)[1] and the Medication Ban[2]—as unconstitutional, the true significance lies elsewhere. The Court held that Wyoming’s constitutional amendment guaranteeing adults the right to make their own healthcare decisions is a fundamental right protected by the highest level of judicial scrutiny.

This holding may ultimately have more far-reaching consequences, setting the stage for future challenges to a wide range of healthcare regulations across Wyoming.

On March 19, 2025, Wyoming passed a new law, SF 107, broadly circumscribing employers’ use of noncompete agreements. Generally, SF 107 broadly prohibits covenants that restrict the right of “any person” to receive compensation for performance of skilled or unskilled labor. The law will take effect on July 1, 2025, and only impacts