1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Docs Medical Group, Inc. dba Pulse Urgent Care (Healthcare Provider, CA) reported a HIPAA breach affecting 4,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareOregon (Health Plan, OR) reported a HIPAA breach affecting 5,473 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $500,000 settlement with orthopedics practice OrthopedicsNY, LLP for failing to implement adequate data security measures, leading to a 2023 cyberattack that exposed personal and health information of approximately 656,000 patients and employees. The settlement requires OrthopedicsNY to pay the penalty, fund one year of free credit monitoring for affected individuals, and adopt enhanced data security practices including multifactor authentication, encryption, and annual risk assessments.
$500K
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 780 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Glendale Obstetrics & Gynecology PCA (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Health and civil rights enforcement action. Oregon Attorney General Dan Rayfield led a coalition of 19 states and the District of Columbia in filing a lawsuit against the U.S. Department of Health and Human Services (HHS). The suit challenges a December 18, 2025 HHS 'declaration' that claims certain gender-affirming care is 'unsafe and ineffective' and threatens to exclude providers from Medicare/Medicaid for offering such care. The attorneys general argue HHS violated federal administrative law by implementing a major policy change without required notice-and-comment rulemaking, creating fear for patients and providers and threatening state Medicaid programs.
AllerVie Health (Healthcare Provider, TX) reported a HIPAA breach affecting 80,521 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York Hospital (Healthcare Provider, ME) reported a HIPAA breach affecting 1,259 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Artemis Healthcare Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 45,867 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Riverland Community Health (Healthcare Provider, MN) reported a HIPAA breach affecting 940 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HAP (Health Alliance Plan) (Health Plan, MI) reported a HIPAA breach affecting 1,059 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Chicago Cosmetic Surgery and Dermatology (Healthcare Provider, IL) reported a HIPAA breach affecting 700 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TapestryHealth (Healthcare Provider, CT) reported a HIPAA breach affecting 6,494 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Howard Brown Health (Healthcare Provider, IL) reported a HIPAA breach affecting 8,357 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Mitchell County Department of Social Services (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Reproductive Medicine Associates of Michigan (Healthcare Provider, MI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anesthesiology & Pain Consultants, LLC (Healthcare Provider, LA) reported a HIPAA breach affecting 538 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other Portable Electronic Device.
Medical Center, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 32,090 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
North East Medical Services (Healthcare Provider, CA) reported a HIPAA breach affecting 91,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excellent Home Care Services, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 16,278 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
FPMCM LLC (Business Associate, TN) reported a HIPAA breach affecting 2,072 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 104,071 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Baltimore Medical System, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
OCAT, LLC dba Evoke Wellness at Hilliard (Healthcare Provider, OH) reported a HIPAA breach affecting 1,629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (Healthcare Provider, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Centric Health (Healthcare Provider, CA) reported a HIPAA breach affecting 6,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Heart of Texas Behavioral Health Network (Healthcare Provider, TX) reported a HIPAA breach affecting 1,309 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Southern Oregon Neurosurgical and Spine Associates, PC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Ochsner LSU Health – Regional Urology (Healthcare Provider, LA) reported a HIPAA breach affecting 4,519 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriCity Family Services (Healthcare Provider, IL) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.