1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
QualDerm Partners, LLC (Healthcare Provider, TN) reported a HIPAA breach affecting 3,117,874 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriZetto Provider Solutions (Business Associate, MO) reported a HIPAA breach affecting 3,433,965 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Aflac Incorporated (“Aflac”) (Health Plan, GA) reported a HIPAA breach affecting 13,924,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DaVita Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 2,689,826 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel Dermatology (Healthcare Provider, MD) reported a HIPAA breach affecting 1,905,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Radiology Associates of Richmond, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 1,419,091 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Episource, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,725,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Absolute Dental Group, LLC (Business Associate, NV) reported a HIPAA breach affecting 1,223,635 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 4,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southeast Series of Lockton Companies, LLC (Lockton) (Business Associate, GA) reported a HIPAA breach affecting 1,124,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Health Center, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 1,060,936 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Lubbock County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 1,461,776 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Pathology and Summit Pathology Laboratories, Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 1,813,538 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Acadian Ambulance Service, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 2,896,985 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 4,300,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Change Healthcare, Inc. (Business Associate, MN) reported a HIPAA breach affecting 192,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ascension Health (Healthcare Provider, MO) reported a HIPAA breach affecting 5,466,931 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palomar Health Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 1,140,221 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Geisinger (Healthcare Provider, PA) reported a HIPAA breach affecting 1,276,026 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
A&A Services d/b/a Sav-Rx (Business Associate, NE) reported a HIPAA breach affecting 2,812,336 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Superior Air-Ground Ambulance Service, Inc. (Healthcare Provider, IL) reported a HIPAA breach affecting 1,039,972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
WebTPA Employer Services, LLC (“WebTPA”) (Business Associate, TX) reported a HIPAA breach affecting 2,518,533 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kaiser Foundation Health Plan, Inc. (Health Plan, CA) reported a HIPAA breach affecting 13,400,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected patient health information. Investigations of 16 Kaiser facilities found hundreds of hazardous and medical waste items and over 10,000 paper records containing data of more than 7,700 patients in unsecured dumpsters. The settlement requires Kaiser to pay up to $49 million in penalties and compliance costs, retain an independent auditor for five years of regular audits, and implement enhanced waste and data disposal procedures.
$49.0M
AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.
$21.0M
New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.
$39.5M
All data sourced from official government enforcement pages.