1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
QualDerm Partners, LLC (Healthcare Provider, TN) reported a HIPAA breach affecting 3,117,874 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriZetto Provider Solutions (Business Associate, MO) reported a HIPAA breach affecting 3,433,965 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consumer protection case: Oregon Attorney General filed a lawsuit against six major drug companies and pharmacy benefit managers for allegedly coordinating to inflate insulin prices, seeking $900 million in damages under the Unlawful Trade Practices Act.
$900.0M
Aflac Incorporated (“Aflac”) (Health Plan, GA) reported a HIPAA breach affecting 13,924,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DaVita Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 2,689,826 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel Dermatology (Healthcare Provider, MD) reported a HIPAA breach affecting 1,905,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Radiology Associates of Richmond, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 1,419,091 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Episource, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,725,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Absolute Dental Group, LLC (Business Associate, NV) reported a HIPAA breach affecting 1,223,635 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 4,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southeast Series of Lockton Companies, LLC (Lockton) (Business Associate, GA) reported a HIPAA breach affecting 1,124,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Health Center, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 1,060,936 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Lubbock County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 1,461,776 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Pathology and Summit Pathology Laboratories, Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 1,813,538 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Acadian Ambulance Service, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 2,896,985 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 4,300,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Change Healthcare, Inc. (Business Associate, MN) reported a HIPAA breach affecting 192,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ascension Health (Healthcare Provider, MO) reported a HIPAA breach affecting 5,466,931 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palomar Health Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 1,140,221 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A&A Services d/b/a Sav-Rx (Business Associate, NE) reported a HIPAA breach affecting 2,812,336 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Superior Air-Ground Ambulance Service, Inc. (Healthcare Provider, IL) reported a HIPAA breach affecting 1,039,972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
WebTPA Employer Services, LLC (“WebTPA”) (Business Associate, TX) reported a HIPAA breach affecting 2,518,533 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected health information at Kaiser’s California facilities. Undercover inspections of 16 Kaiser facilities found hundreds of hazardous and medical waste items, plus over 10,000 paper records containing personal information of more than 7,700 patients in unsecured, publicly accessible dumpsters. The settlement requires Kaiser to pay $49 million total, implement enhanced compliance measures, and retain an independent auditor for five years to conduct regular waste and programmatic compliance audits.
$49.0M
AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.
$21.0M
New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.
$39.5M
All data sourced from official government enforcement pages.