1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 607 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
VIVA Health (Health Plan, AL) reported a HIPAA breach affecting 4,945 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Gainwell Technologies LLC (Business Associate, TX) reported a HIPAA breach affecting 912 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Health & Palliative Services of the Treasure Coast, Inc d/b/a Treasure Coast Hospice (“Treasure Health ”) (Healthcare Provider, FL) reported a HIPAA breach affecting 13,230 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Munson Healthcare (Healthcare Provider, MI) reported a HIPAA breach affecting 1,186 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Western Skies Wellness LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,700 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Prime Therapeutics LLC (Business Associate, MN) reported a HIPAA breach affecting 2,266 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop.
Independent Health Association, Inc. (Health Plan, NY) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Bevel Health Medical Group (Healthcare Provider, PA) reported a HIPAA breach affecting 510 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
UnitedHealthcare (Health Plan, CT) reported a HIPAA breach affecting 3,215 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Zelis Healthcare LLC (Business Associate, MA) reported a HIPAA breach affecting 4,289 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Berkshire Health Systems, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 1,421 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
University of Miami (Healthcare Provider, FL) reported a HIPAA breach affecting 2,928 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Blue Shield of California (Health Plan, CA) reported a HIPAA breach affecting 783 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop, Network Server, Other.
Clinical Practices of the University of Pennsylvania (Healthcare Provider, PA) reported a HIPAA breach affecting 1,432 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Minneapolis VA Medical Center (Healthcare Provider, MN) reported a HIPAA breach affecting 1,099 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 673 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Winkler County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued subpoenas to Contec and Epsimed for selling medical devices that transmit patient data to China without adequate security. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by misrepresenting FDA approval and concealing cybersecurity vulnerabilities. The AG seeks damages, civil penalties, and injunctive relief to protect consumers.
Florida Attorney General James Uthmeier issued subpoenas to Contec, a Chinese medical device manufacturer, and Epsimed, a Miami-based reseller, over allegations that their patient monitors contain backdoors and automatically transmit patient data to China without consent. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by omitting material security vulnerabilities andmaking false representations about FDA approval and product quality. The AG may seek damages, civil penalties, and injunctive relief in future enforcement.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 4,530 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a lawsuit in the 23andMe bankruptcy case to prevent the sale of Texans' genetic data without proper consent. The action seeks to confirm Texans' property rights over their genetic information under the Texas Data Privacy and Security Act and the Texas Direct-to-Consumer Genetic Testing Act. The AG argues that 23andMe's proposed asset sale would violate Texas law requiring separate express consent for disclosure of genetic information.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
All data sourced from official government enforcement pages.