1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Los Angeles County Developmental Services Fdn., Inc. dba Frank D. Lanterman Regional Ctr. (Healthcare Provider, CA) reported a HIPAA breach affecting 19,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Skin Care Specialty Physicians (Healthcare Provider, MD) reported a HIPAA breach affecting 1,038 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marquette County Medical Care Facility (Healthcare Provider, OH) reported a HIPAA breach affecting 1,499 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
TRG, LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 70,434 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Iron County Medical Center (Healthcare Provider, MO) reported a HIPAA breach affecting 10,239 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Broadwest Specialty Surgical Center (Healthcare Provider, IN) reported a HIPAA breach affecting 536 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Winkler County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued subpoenas to Contec, a Chinese medical device manufacturer, and Epsimed, a Miami-based reseller, over allegations that their patient monitors contain backdoors and automatically transmit patient data to China without consent. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by omitting material security vulnerabilities andmaking false representations about FDA approval and product quality. The AG may seek damages, civil penalties, and injunctive relief in future enforcement.
Florida Attorney General James Uthmeier issued subpoenas to Contec and Epsimed for selling medical devices that transmit patient data to China without adequate security. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by misrepresenting FDA approval and concealing cybersecurity vulnerabilities. The AG seeks damages, civil penalties, and injunctive relief to protect consumers.
Diversified Services Enterprises (Business Associate, FL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Central Kentucky Radiology (Healthcare Provider, KY) reported a HIPAA breach affecting 166,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 4,530 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Elmore County (Healthcare Provider, ID) reported a HIPAA breach affecting 931 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Mount Rogers Community Services (Healthcare Provider, VA) reported a HIPAA breach affecting 38,191 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Decisely Insurance Services, LLC (Business Associate, GA) reported a HIPAA breach affecting 537,603 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server, Other.
Kelley Drye & Warren LLP (Business Associate, NY) reported a HIPAA breach affecting 771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit in the 23andMe bankruptcy case to prevent the sale of Texans' genetic data without proper consent. The action seeks to confirm Texans' property rights over their genetic information under the Texas Data Privacy and Security Act and the Texas Direct-to-Consumer Genetic Testing Act. The AG argues that 23andMe's proposed asset sale would violate Texas law requiring separate express consent for disclosure of genetic information.
Imperial Beach Community Clinic (Healthcare Provider, CA) reported a HIPAA breach affecting 10,358 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rural Health Services (Healthcare Provider, SC) reported a HIPAA breach affecting 36,542 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Clarkston Chiropractic Sports & Wellness (Healthcare Provider, MI) reported a HIPAA breach affecting 2,757 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Repay Management Services, LLC (Health Plan, GA) reported a HIPAA breach affecting 606 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Southern Connecticut Vascular Center, LLC (Healthcare Provider, CT) reported a HIPAA breach affecting 154,417 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Episource, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,725,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sharp Community Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 26,976 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Sharp HealthCare (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.