Penalty Amount
$495,000
Consumers Affected
14,663
The New Jersey Attorney General settled with Diamond Institute for Infertility and Menopause, LLC, following a data breach that exposed the electronic protected health information (ePHI) of 14,663 patients. The investigation found the clinic failed to implement required HIPAA Security Rule safeguards, including risk assessments, encryption, and access controls. The $495,000 settlement includes civil penalties and requires the clinic to implement a comprehensive information security program and corrective actions.
Diamond must pay $495,000 ($412,300 in civil penalties and $82,700 in costs/fees). The settlement mandates the development and implementation of a comprehensive information security program, appointment of a qualified HIPAA Privacy and Security Officer, employee training, a written incident response plan, and specific technical safeguards including encryption, logging, access controls, risk assessments, and password management.
In-house legal teams should review vendor agreements (especially Business Associate Agreements under HIPAA), customer/patient service agreements, and employee access policies. Key clauses to scrutinize include data security requirements (encryption, access controls), breach notification timelines and procedures, audit and monitoring rights, and corrective action plan obligations. Given the settlement's focus on inadequate risk assessments and encryption, contracts should be updated to mandate regular security risk assessments, specify encryption standards for ePHI, require prompt breach reporting consistent with NJ and HIPAA timelines, and include enforceable remedies for security failures.
Entity
Diamond Institute for Infertility and Menopause, LLC
Also known as: Diamond Institute for Infertility and Menopause
Industry
HealthcareOfficial Press Release
https://www.njoag.gov/acting-ag-bruck-announces-settlement-with-fertility-clinic-over-cybersecurity-lapses-and-data-breach/
Diamond Institute
https://www.nj.gov/oag/newsreleases21/Diamond-Institute.pdf
New Jersey Attorney General Enforcement Page
https://www.njoag.gov/about/divisions-and-offices/division-of-consumer-affairs/
"Diamond Institute for Infertility and Menopause, LLC (“Diamond”)"
"The settlement of $495,000 includes $412,300 in civil penalties and $82,700 in investigative costs and attorneys’ fees."
"failing to conduct an accurate and thorough risk assessment of potential risk and vulnerabilities to the confidentiality, integrity and availability of ePHI; failing to implement a mechanism to encrypt ePHI; failing to review and modify security measures as needed to continue reasonable and appropriate protection of ePHI; failing to implement proper procedures for creating, changing, and safeguarding passwords; and failing to implement procedures to verify that the person seeking access to ePHI is who they claim to be."
"compromised the personal information of 14,663 patients, including 11,071 New Jersey residents."
"developing and implementing a comprehensive information security program that includes regular updates to keep pace with changes in technology and security threats; appointing a new HIPAA Privacy and Security Officer... training employees... developing and implementing a written incident response and data breach notification plan... implementing personal information safeguards and controls, including encryption, logging and monitoring, access controls, a risk assessment program, and password management."
"violated the New Jersey Consumer Fraud Act, the federal Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule, and the HIPAA Security Rule"
$100K
New Jersey Attorney General Jennifer Davenport and the Division of Consumer Affairs announced a Consent Order with King Distribution LLC and 17 related retail smoke shops, resolving allegations that the companies illegally sold flavored vapor products in violation of New Jersey’s consumer protection laws. The Consent Order imposes a $100,000 civil penalty, requires reimbursement of $22,279 in investigation costs, and prohibits the companies from selling or distributing flavored vapor products in New Jersey. The enforcement action is part of New Jersey’s ongoing efforts to protect youth from flavored vape products, which have been permanently banned in the state since January 2020.
The New Jersey Bureau of Securities issued a Cease and Desist Order on April 30, 2026, against Titan Macro Finance for operating an investment fraud scheme via WhatsApp and Instagram that defrauded at least one New Jersey investor of $64,000. The scheme involved unregistered broker-dealer activity, fake trading profits, and undisclosed fees to access investor funds. The action was coordinated with the California Department of Financial Protection and Innovation, which issued a similar order against the entity for violating California’s Commodity Code.
New Jersey Attorney General Jennifer Davenport and the Bureau of Securities issued a public warning to state residents about fraudulent investment schemes proliferating on Meta-owned platforms including Facebook, Instagram, and WhatsApp. The alert details common scam tactics such as pump-and-dump schemes, confidence scams, and fraudulent cryptocurrency offerings, and provides tips for residents to avoid victimization. No enforcement action against any entity was announced in this release.
New Jersey Attorney General Jennifer Davenport led a bipartisan coalition of 27 state attorneys general in submitting a comment letter to the Federal Trade Commission urging federal rulemaking to regulate hidden and deceptive rental housing fees. The AG also issued guidance clarifying New Jersey’s new $50 rental application fee cap, effective May 1, 2026, warning that deceptive fee practices may violate the New Jersey Consumer Fraud Act. No specific enforcement action against a named individual entity was announced, with enforcement of the fee cap set to begin May 1, 2026.
$2.0M
New Jersey Attorney General Jennifer Davenport announced a multistate settlement with NCL Bahamas, Ltd. (Norwegian Cruise Line) resolving allegations of deceptive sales practices and unfair cancellation, refund, and future cruise credit policies during the COVID-19 pandemic. The settlement requires NCL to pay $2 million to participating states, implement employee training and management approval processes for sales communications during disasters, and prohibits deceptive sales statements and prioritizing sales over consumer health and safety. NCL has already issued over $3 billion in refunds and future cruise credits to consumers nationwide related to the underlying allegations.
Ibelis Gonzalez, a 46-year-old Jersey City resident, was indicted on charges including second-degree theft by deception, second-degree impersonation/theft of identity, and third-degree false government documents. She is alleged to have used fake identification to obtain debit cards in six victims' names, stealing approximately $86,840 from their bank accounts between May and June 2024. The case is being prosecuted by the New Jersey Division of Criminal Justice, with potential maximum fines of $150,000 for second-degree charges and $15,000 for third-degree charges.