1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Turning Point of Central California, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 53,737 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pemiscot Memorial Health System (Healthcare Provider, MO) reported a HIPAA breach affecting 33,279 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Gramercy Surgery Center, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 52,372 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pocahontas Medical Clinic, PA (Healthcare Provider, AR) reported a HIPAA breach affecting 31,216 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Surgery Center of Mid Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 48,684 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Counseling of Bristol County, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 44,991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Regional Obstetrical Consultants PC (Healthcare Provider, TN) reported a HIPAA breach affecting 25,650 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Lash Group, LLC (Business Associate, PA) reported a HIPAA breach affecting 15,196 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Neurobehavioral Medicine Consultants, P.C. (Healthcare Provider, OH) reported a HIPAA breach affecting 18,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Alliance Rehabilitation Services (Healthcare Provider, NE) reported a HIPAA breach affecting 10,750 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Insurance ACE/Humana Inc. (Health Plan, KY) reported a HIPAA breach affecting 15,003 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Easterseals Central Illinois (Healthcare Provider, IL) reported a HIPAA breach affecting 14,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Trionfo Solutions, LLC (Business Associate, IL) reported a HIPAA breach affecting 81,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Healthcare Financial Holdings (Business Associate, NC) reported a HIPAA breach affecting 16,852 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Victoria Eye Center/Victoria Surgery Center/Victoria Vision Center (Healthcare Provider, TX) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Hypertension-Nephrology Associates, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 39,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Medical Billing Specialists, Inc. (Business Associate, MA) reported a HIPAA breach affecting 43,673 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gaia Software, LLC (Business Associate, CO) reported a HIPAA breach affecting 56,676 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Strive Holdco, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 51,477 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Refuah Health Center, Inc. failed to implement adequate data security measures, leading to a ransomware attack that compromised the personal and health information of approximately 250,000 New Yorkers. The New York Attorney General reached a settlement requiring Refuah to invest $1.2 million in cybersecurity improvements and pay $450,000 in penalties.
$450K
NewYork-Presbyterian Hospital used third-party tracking tools on its website that collected and shared patients' health information with tech companies without adequate safeguards, violating HIPAA. The hospital agreed to pay $300,000 and implement enhanced privacy policies, data deletion, and regular audits.
$300K
CRI Genetics, LLC was charged by the FTC and California Attorney General for deceptive marketing of DNA testing services, including false accuracy claims, fake reviews, and using dark patterns in billing. The company agreed to a settlement, paying a $700,000 civil penalty, and is prohibited from deceptive practices, must obtain consent for data sharing, and allow data deletion for consumers who requested it.
$700K
US Radiology Specialists, Inc. failed to upgrade its firewall, leading to a ransomware attack that compromised the personal and health data of over 198,000 patients, including 92,000 New Yorkers. The company agreed to pay $450,000 in penalties and implement comprehensive data security measures, including encryption and data deletion policies.
$450K
New York Attorney General Letitia James secured a $350,000 settlement from Personal Touch Holding Corporation for failing to protect patient and employee data. A ransomware attack in January 2021 compromised the personal and medical information of approximately 316,845 New Yorkers due to inadequate security measures. As part of the agreement, Personal Touch must pay penalties, enhance its cybersecurity program, and provide free credit monitoring to affected individuals.
$350K
Connecticut, Oregon, and the District of Columbia reached a $100,000 settlement with Easy Healthcare Corporation, the operator of the Premom ovulation tracking app, for sharing sensitive user health and location data with third parties without appropriate disclosures or user consent. The settlement requires the company to implement comprehensive privacy and security programs, obtain consent before sharing health or location data, and provide users with a method to delete their personal information.
$100K
The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.
$100K
Connecticut Attorney General William Tong announced a $601,759 settlement with American Medical Response of Connecticut (AMR-CT) for overbilling the state Medicaid program by billing for Advanced Life Support services when only Basic Life Support was provided, and even when local fire departments had already provided and billed for those services. AMR-CT also entered a consent agreement with the Department of Public Health requiring it to cease improper billing, comply with reporting requirements for one year, and pay a $25,000 civil penalty.
$627K
The Connecticut Attorney General settled with PCA Pain Care Center and its owner for overbilling Medicaid by using higher billing codes than warranted for services provided. They paid $1 million to resolve allegations under the Connecticut False Claims Act.
$1.0M
The New Jersey Attorney General settled with Diamond Institute for Infertility and Menopause, LLC, following a data breach that exposed the electronic protected health information (ePHI) of 14,663 patients. The investigation found the clinic failed to implement required HIPAA Security Rule safeguards, including risk assessments, encryption, and access controls. The $495,000 settlement includes civil penalties and requires the clinic to implement a comprehensive information security program and corrective actions.
$495K
Connecticut Attorney General William Tong announced a $678,901 settlement with L.A. Vision and optician Lisa Azinheira for overbilling the state Medicaid program. The providers billed for non-medically necessary vision services and extra eyeglasses for children. In addition to restitution, they must comply with a federal Integrity Agreement requiring audits, training, and compliance measures.
$679K
All data sourced from official government enforcement pages.