Federal and state enforcement actions involving health data violations, tracked from official government sources.
776
Total Actions
$1.5M
Total Fines
6
Jurisdictions
California Attorney General Rob Bonta sent a letter to the U.S. Department of Health and Human Services opposing a proposed rule that would eliminate model card requirements for AI tools in healthcare, warning that such rollbacks could lead to biased and unsafe healthcare decisions by reducing transparency.
BMG of Kansas, Inc. (Health Plan, KS) reported a HIPAA breach affecting 1,327 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Manhattan Retirement Foundation d/b/a Meadowlark Hills (Healthcare Provider, KS) reported a HIPAA breach affecting 14,442 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Commonwealth Care Alliance (Health Plan, MA) reported a HIPAA breach affecting 634 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group (Business Associate, WA) reported a HIPAA breach affecting 11,795 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Weill Cornell Medicine (Healthcare Provider, NY) reported a HIPAA breach affecting 516 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
QualDerm Partners, LLC (Healthcare Provider, TN) reported a HIPAA breach affecting 3,117,874 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Option Care Health, Inc. (Healthcare Provider, IL) reported a HIPAA breach affecting 2,086 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Center for Advanced Eye Care (Healthcare Provider, ME) reported a HIPAA breach affecting 9,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server, Other.
VNS Behavioral Health Inc. (“VNS Health”) (Healthcare Provider, NY) reported a HIPAA breach affecting 739 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Emanuel Medical Center (Healthcare Provider, GA) reported a HIPAA breach affecting 28,963 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Easterseals Northeast Indiana (Healthcare Provider, IN) reported a HIPAA breach affecting 3,158 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
44North (Business Associate, MI) reported a HIPAA breach affecting 2,158 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
Wee Care Pediatrics, LLC (Healthcare Provider, UT) reported a HIPAA breach affecting 2,127 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cedar Valley Services (Healthcare Provider, MN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Resource Corporation of America (Business Associate, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Communications Workers of America Local 1180 Security Benefits Fund (Health Plan, NY) reported a HIPAA breach affecting 18,550 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Academic Urology & Urogynecology of Arizona (Healthcare Provider, AZ) reported a HIPAA breach affecting 73,281 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VPS Medical PLLC (Healthcare Provider, PA) reported a HIPAA breach affecting 4,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
National Association on Drug Abuse Problems (Healthcare Provider, NY) reported a HIPAA breach affecting 90,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cedar Point Health, LLC (Healthcare Provider, CO) reported a HIPAA breach affecting 23,114 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Alexes Hazen MD, PLLC (Healthcare Provider, NY) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email, Network Server.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC to investigate a data breach that exposed the protected health information of approximately four million Texans. The breach occurred from October 21, 2024, to January 13, 2025, and is considered the largest in U.S. history. The investigation focuses on compliance with Texas data protection laws and potential negligence.
University Spine Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 582 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server, Other.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a massive data breach at Conduent that exposed the protected health information of approximately four million Texans. The breach occurred between October 21, 2024 and January 13, 2025, affecting Texas Medicaid recipients and other residents. The AG's office is investigating the security failures and compliance with Texas law.
First Choice Community Home Care, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 725 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 1,670 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Five Star Home Health, Inc. (Healthcare Provider, OK) reported a HIPAA breach affecting 1,575 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ApolloMD Business Services, LLC (Business Associate, GA) reported a HIPAA breach affecting 626,540 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Houston Health Department (Healthcare Provider, TX) reported a HIPAA breach affecting 7,445 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carolina Foot & Ankle Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wendy Foster OD (Healthcare Provider, KS) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Counseling Center of Wayne & Holmes Counties (Healthcare Provider, OH) reported a HIPAA breach affecting 83,354 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Adapt Integrated Health Care (Healthcare Provider, OR) reported a HIPAA breach affecting 2,908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Marin Cancer Care (Healthcare Provider, CA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cottage Hospital (Healthcare Provider, NH) reported a HIPAA breach affecting 1,005 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriZetto Provider Solutions (Business Associate, MO) reported a HIPAA breach affecting 3,433,965 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Apex Spine & Neurosurgery, LLC (Healthcare Provider, GA) reported a HIPAA breach affecting 2,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Triad Radiology Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 11,011 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
EDGAR A MARTORELL MD LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 1,107 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
WIRX Pharmacy (Healthcare Provider, PA) reported a HIPAA breach affecting 20,047 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Issaqueena Pediatric Dentistry PA (Healthcare Provider, SC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personalis, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 650 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
EyeCare Partners, LLC, including The Ophthalmology Group, Ophthalmology Consultants, and Ophthalmology Associates. (Healthcare Provider, MO) reported a HIPAA breach affecting 17,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Pafford Medical Services (Healthcare Provider, AR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mindoula Health, Inc. (Business Associate, MD) reported a HIPAA breach affecting 626 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Lincoln National Corporation d/b/a/ Lincoln Financial (Health Plan, IN) reported a HIPAA breach affecting 998 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Health and Hospital Corporation of Marion County (Healthcare Provider, IN) reported a HIPAA breach affecting 792 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email, Laptop.
BAYADA Home Health Care, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 9,526 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wakefield & Associates, LLC (Business Associate, TN) reported a HIPAA breach affecting 31,751 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Massachusetts Attorney General secured a $515,000 settlement with Comstar, LLC for a March 2022 data breach that exposed sensitive patient information of over 326,000 Massachusetts residents. Comstar violated Massachusetts Data Security regulations and HIPAA by failing to maintain adequate security measures. The settlement includes monetary payment and mandated security improvements.
$515K
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
Clinic Service Corporation (Business Associate, CO) reported a HIPAA breach affecting 82,331 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
WindRose Health Network (Healthcare Provider, IN) reported a HIPAA breach affecting 691 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pecan Tree Dental, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 13,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Precipio, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jefferson-Blount-St. Clair Mental Health Authority (Healthcare Provider, AL) reported a HIPAA breach affecting 30,434 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
True RCM, a Rapid Care Transcription, Inc., Company (Business Associate, MD) reported a HIPAA breach affecting 1,247 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
AdventHealth Daytona Beach (Healthcare Provider, FL) reported a HIPAA breach affecting 821 individuals. Breach type: Loss. Location of breached information: Paper/Films.
Middlesex Sheriff's Office (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
Central Texas MHMR Center dba Center for Life Resource (Healthcare Provider, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minnesota Department of Human Services (Health Plan, MN) reported a HIPAA breach affecting 303,965 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Benton County Health (Healthcare Provider, OR) reported a HIPAA breach affecting 1,476 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Superior Care Plus LLC d/b/a Supportive Home Health LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 1,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
360 Dental PC (Healthcare Provider, PA) reported a HIPAA breach affecting 11,273 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Administrators of the Tulane Educational Fund d/b/a Tulane University Medical Group (Healthcare Provider, LA) reported a HIPAA breach affecting 6,556 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Southern Immediate Care, LLC (Healthcare Provider, AL) reported a HIPAA breach affecting 7,447 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Florence County Commission on Alcohol & Drug Abuse – dba Circle Park Behavioral Health Services (“Circle Park”) (Healthcare Provider, SC) reported a HIPAA breach affecting 7,020 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
TMG Health, Inc. (Business Associate, TX) reported a HIPAA breach affecting 2,076 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
FullBeauty Brands, Inc. Associate Benefits Plan (Health Plan, NY) reported a HIPAA breach affecting 4,725 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Avosina Healthcare Solutions (Business Associate, VA) reported a HIPAA breach affecting 44,425 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Central Ozarks Medical Center (Healthcare Provider, MO) reported a HIPAA breach affecting 11,818 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Center for Neuropsychology and Learning, PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,722 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Illinois Department of Human Services (Health Plan, IL) reported a HIPAA breach affecting 705,017 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
ABKSW PREFERRED HEALTH PARTNERS, PLLC d/b/a NORTH TEXAS PREFERRED HEALTH PARTNERS (Healthcare Provider, TX) reported a HIPAA breach affecting 2,074 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Devereux Foundation (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pit River Health Service Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Methodist Homes of Alabama and Northwest Florida (Healthcare Provider, AL) reported a HIPAA breach affecting 1,406 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Mid Michigan Medical Billing Service, Inc. (Business Associate, MI) reported a HIPAA breach affecting 28,185 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Advanced Healthcare Professionals (Healthcare Provider, TX) reported a HIPAA breach affecting 800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Andover Eye Associates (Healthcare Provider, MA) reported a HIPAA breach affecting 1,638 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Steel Encounters, Inc. (Healthcare Provider, UT) reported a HIPAA breach affecting 959 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Exact Sciences Laboratories LLC (Healthcare Provider, WI) reported a HIPAA breach affecting 2,658 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Associated Radiologists of the Finger Lakes, P.C. (Business Associate, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Docs Medical Group, Inc. dba Pulse Urgent Care (Healthcare Provider, CA) reported a HIPAA breach affecting 4,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareOregon (Health Plan, OR) reported a HIPAA breach affecting 5,473 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $500,000 settlement from OrthopedicsNY, LLP for failing to implement reasonable data security practices, which led to a cyber-attack stealing sensitive personal and health information of over 650,000 patients and employees. The settlement imposes penalties, requires funding for credit monitoring, and mandates enhanced security measures including multi-factor authentication and encryption.
$500K
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 780 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Glendale Obstetrics & Gynecology PCA (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AllerVie Health (Healthcare Provider, TX) reported a HIPAA breach affecting 80,521 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York Hospital (Healthcare Provider, ME) reported a HIPAA breach affecting 1,259 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Artemis Healthcare Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 45,867 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Riverland Community Health (Healthcare Provider, MN) reported a HIPAA breach affecting 940 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Chicago Cosmetic Surgery and Dermatology (Healthcare Provider, IL) reported a HIPAA breach affecting 700 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HAP (Health Alliance Plan) (Health Plan, MI) reported a HIPAA breach affecting 1,059 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
TapestryHealth (Healthcare Provider, CT) reported a HIPAA breach affecting 6,494 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Howard Brown Health (Healthcare Provider, IL) reported a HIPAA breach affecting 8,357 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Mitchell County Department of Social Services (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.