1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Easterseals Central Illinois (Healthcare Provider, IL) reported a HIPAA breach affecting 14,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A&A Services d/b/a Sav-Rx (Business Associate, NE) reported a HIPAA breach affecting 2,812,336 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AmerisourceBergen Specialty Group, LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 252,214 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tri-City Healthcare District (Healthcare Provider, CA) reported a HIPAA breach affecting 108,149 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Trionfo Solutions, LLC (Business Associate, IL) reported a HIPAA breach affecting 81,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Healthcare Financial Holdings (Business Associate, NC) reported a HIPAA breach affecting 16,852 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Victoria Eye Center/Victoria Surgery Center/Victoria Vision Center (Healthcare Provider, TX) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pope & Conner Consulting, Inc. (Business Associate, WI) reported a HIPAA breach affecting 1,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Hypertension-Nephrology Associates, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 39,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Superior Air-Ground Ambulance Service, Inc. (Healthcare Provider, IL) reported a HIPAA breach affecting 1,039,972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
WebTPA Employer Services, LLC (“WebTPA”) (Business Associate, TX) reported a HIPAA breach affecting 2,518,533 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watson Clinic (Healthcare Provider, FL) reported a HIPAA breach affecting 280,278 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kenneth Young Center (Healthcare Provider, IL) reported a HIPAA breach affecting 6,842 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medical Express Ambulance Inc. D/B/A Medex Ambulance (Healthcare Provider, IL) reported a HIPAA breach affecting 121,190 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
United Seating and Mobility, L.L.C., d/b/a Numotion (Healthcare Provider, TN) reported a HIPAA breach affecting 602,265 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AMERICAN RENAL MANAGEMENT (Business Associate, TN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Therapeutic Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Empath-Stratum Inc. doing business as Empath Health (Healthcare Provider, FL) reported a HIPAA breach affecting 5,545 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Medical Billing Specialists, Inc. (Business Associate, MA) reported a HIPAA breach affecting 43,673 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kootenai Health (Healthcare Provider, ID) reported a HIPAA breach affecting 464,088 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NorthBay Healthcare Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 569,012 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cumberland Heights Foundation, Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 5,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
Kaiser Foundation Health Plan, Inc. (Health Plan, CA) reported a HIPAA breach affecting 13,400,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Monument, Inc., an alcohol addiction treatment firm, shared consumers' health data with third-party advertising platforms like Meta and Google without consent, despite promising confidentiality. The FTC settled with a consent order that bans Monument from disclosing health data for advertising, requires affirmative consent for other sharing, imposes a $2.5 million suspended fine, and mandates data deletion, consumer notification, and a privacy program.
$2.5M
Gaia Software, LLC (Business Associate, CO) reported a HIPAA breach affecting 56,676 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
UNC Hospitals (Healthcare Provider, NC) reported a HIPAA breach affecting 3,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Delta Health System (Healthcare Provider, MS) reported a HIPAA breach affecting 216,532 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Strive Holdco, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 51,477 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Refuah Health Center, Inc. failed to implement adequate data security measures, leading to a ransomware attack that compromised the personal and health information of approximately 250,000 New Yorkers. The New York Attorney General reached a settlement requiring Refuah to invest $1.2 million in cybersecurity improvements and pay $450,000 in penalties.
$450K
All data sourced from official government enforcement pages.