1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Ciox Health LLC, d/b/a Datavant Group (Business Associate, AZ) reported a HIPAA breach affecting 320,702 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Schneider Regional Medical Center (Healthcare Provider, ) reported a HIPAA breach affecting 1,570 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ATSG, Inc (Business Associate, NY) reported a HIPAA breach affecting 909,469 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Family Health (Healthcare Provider, CA) reported a HIPAA breach affecting 468,344 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dr. Daniel J. Leeman, M.D. (Healthcare Provider, TX) reported a HIPAA breach affecting 50,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Spine Consultants, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 8,048 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Asheville Arthritis and Osteoporosis Center, P.A. (Healthcare Provider, NC) reported a HIPAA breach affecting 58,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jacobsen Construction Co., Inc. Health Plan (Health Plan, UT) reported a HIPAA breach affecting 2,127 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Muskogee City County Enhanced 911 Trust Authority (Business Associate, OK) reported a HIPAA breach affecting 180,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southern Bone & Joint Specialists, PA (“Southern Bone”) (Healthcare Provider, MS) reported a HIPAA breach affecting 7,162 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 32,120 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maryville Academy (Healthcare Provider, IL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nationwide Recovery Services, Inc. (Business Associate, GA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welcome Health (Healthcare Provider, CA) reported a HIPAA breach affecting 597 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Minnesota Department of Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 4,329 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
EngageMED, Inc (Business Associate, AR) reported a HIPAA breach affecting 249,297 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CODAC Inc dba CODAC Behavioral Health and CODAC Healthcare, LLC (Healthcare Provider, RI) reported a HIPAA breach affecting 9,592 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Cross and Blue Shield of North Carolina (Business Associate, NC) reported a HIPAA breach affecting 972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excelsior Orthopaedics, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 292,913 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pomona Community Health Center dba ParkTree Community Health Center (Healthcare Provider, CA) reported a HIPAA breach affecting 40,964 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VeriSource Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 112,726 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Acadian Ambulance Service, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 2,896,985 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Contents Trader, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 27,329 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Kerber, Eck & Braeckel LLP (Business Associate, IL) reported a HIPAA breach affecting 134,918 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Specialty Networks, Inc. (Business Associate, TN) reported a HIPAA breach affecting 411,037 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
New York Attorney General Letitia James, along with the Attorneys General of Connecticut and New Jersey, settled with Enzo Biochem, Inc. for $4.5 million over a 2023 ransomware attack that exposed health and personal data of 2.4 million patients, including 1.4 million New York residents. The investigation found Enzo had inadequate data security practices, including shared employee login credentials, lack of multi-factor authentication, no suspicious activity monitoring, and unencrypted personal information. As part of the settlement, Enzo will pay the penalty and implement enhanced cybersecurity measures including MFA, encryption, risk assessments, and an incident response plan.
$4.5M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
Turning Point of Central California, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 53,737 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
siParadigm LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.