1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
The Connecticut Office of the Attorney General released an updated enforcement report on the Connecticut Data Privacy Act (CTDPA) for 2024, summarizing investigations into companies handling connected vehicles, genetic data, palm recognition, teen messaging apps, and facial recognition. The report outlines expanded enforcement priorities around opt-out practices and dark patterns, and includes legislative recommendations to strengthen the CTDPA.
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
Connecticut Attorney General William Tong urged residents to enroll in free credit monitoring and identity theft protection following the Change Healthcare cyberattack in February 2024, which exposed sensitive health data. The breach potentially impacted up to one-third of Americans, but Change Healthcare has failed to provide individual notice to affected consumers. The AG joined other attorneys general in April 2024 to demand that UnitedHealth Group take more meaningful action to protect those harmed.
Connecticut Attorney General announced a $350 million national settlement with Publicis Health for its role in the opioid epidemic. Publicis will pay the settlement, disclose internal documents, and cease accepting opioid-related client work. Connecticut will receive nearly $4.44 million from the settlement.
$350.0M
Connecticut, Oregon, and the District of Columbia reached a $100,000 settlement with Easy Healthcare Corporation, the operator of the Premom ovulation tracking app, for sharing sensitive user health and location data with third parties without appropriate disclosures or user consent. The settlement requires the company to implement comprehensive privacy and security programs, obtain consent before sharing health or location data, and provide users with a method to delete their personal information.
$100K
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in a letter to congressional leaders urging federal legislation to protect reproductive healthcare access post-Dobbs. The letter proposes measures including requiring insurance plans to cover abortion, eliminating the Hyde Amendment, protecting medication abortion, and strengthening data privacy laws to prevent surveillance of reproductive health data and geofencing near clinics.
Connecticut Attorney General William Tong announced a $601,759 settlement with American Medical Response of Connecticut (AMR-CT) for overbilling the state Medicaid program by billing for Advanced Life Support services when only Basic Life Support was provided, and even when local fire departments had already provided and billed for those services. AMR-CT also entered a consent agreement with the Department of Public Health requiring it to cease improper billing, comply with reporting requirements for one year, and pay a $25,000 civil penalty.
$627K
All data sourced from official government enforcement pages.