1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Clarkston Chiropractic Sports & Wellness (Healthcare Provider, MI) reported a HIPAA breach affecting 2,757 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Repay Management Services, LLC (Health Plan, GA) reported a HIPAA breach affecting 606 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Sharp HealthCare (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NYC Health + Hospitals (Healthcare Provider, NY) reported a HIPAA breach affecting 5,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Horizon Blue Cross Blue Shield NJ (Health Plan, NJ) reported a HIPAA breach affecting 781 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Upper Dublin Family Dentistry (Healthcare Provider, PA) reported a HIPAA breach affecting 5,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mary B. Toporcer, MD, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Erlanger Health (Healthcare Provider, TN) reported a HIPAA breach affecting 3,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cahaba Center for Mental Health (Healthcare Provider, AL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
NHPP Physical Medicine and Rehabilitation (Healthcare Provider, NY) reported a HIPAA breach affecting 1,353 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Access2Day Health (Business Associate, LA) reported a HIPAA breach affecting 4,908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connections for Kids (Healthcare Provider, ME) reported a HIPAA breach affecting 938 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut Attorney General William Tong filed a lawsuit against Triggered Brand for selling unapproved 'research grade' GLP-1 weight loss drugs directly to consumers without prescriptions or medical oversight, violating the Connecticut Unfair Trade Practices Act and pharmacy licensing laws. The AG also issued a Civil Investigative Demand to Made In China for similar sales and sent warning letters to weight loss clinics about compounded GLP-1 drugs.
Insulet Corporation (Healthcare Provider, MA) reported a HIPAA breach affecting 841 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mercy Surgical Dressing Group, Inc. (Business Associate, PA) reported a HIPAA breach affecting 4,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Doctors Hospital at Renaissance, LTD (Healthcare Provider, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareNexa, LLC, doing business as Molecular Testing Labs (Healthcare Provider, WA) reported a HIPAA breach affecting 7,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel County Department of Health (Healthcare Provider, MD) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HopeHealth, Inc. (Healthcare Provider, SC) reported a HIPAA breach affecting 5,823 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Union County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CVS Caremark (Business Associate, RI) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Washington Gastroenterology (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.