1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Keystone Alliance, Inc. (Business Associate, IL) reported a HIPAA breach affecting 1,021 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Consumer protection and advertising enforcement action. Oregon Attorney General secured a settlement with meal-kit company HelloFresh for misleading consumers with deceptive 'free meal,' 'free shipping,' and 'free gift' offers that required hundreds of dollars in purchases to obtain. The company must pay $106,000 and implement comprehensive advertising reforms.
$106K
California Attorney General Rob Bonta joined a bipartisan coalition of 36 state attorneys general in sending a letter to Congress opposing a proposed provision in the National Defense Authorization Act that would preempt state laws addressing AI risks. The coalition argues that states must retain authority to mitigate AI harms, particularly to children, and that state-level enforcement is critical for protecting residents from emerging threats like deepfakes and harmful AI interactions.
Civil rights and housing policy enforcement action where Oregon Attorney General Dan Rayfield, with a coalition of 20 states and two governors, sued HUD for unlawfully changing Continuum of Care grant requirements that would slash permanent housing funding by ~70% and impose barriers like gender recognition restrictions, threatening housing stability for tens of thousands.
Civil rights enforcement action where Oregon Attorney General and three local District Attorneys issued a formal demand letter to federal agencies, citing a pattern of excessive and unlawful force by DHS officers during immigration operations that endangered residents and other law enforcement, and threatening investigations and potential prosecutions if conduct does not change.
Attorney General William Tong and a bipartisan coalition of 36 attorneys general sent a letter to Congress opposing efforts to ban state AI laws. They argue that state laws are necessary to protect residents from AI harms in the absence of federal protections. The coalition urges Congress to work with them on federal AI protections instead.
Davies, McFarland & Carroll LLC (Business Associate, PA) reported a HIPAA breach affecting 54,712 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VITAS Hospice Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 319,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Millcreek Pediatrics (Healthcare Provider, DE) reported a HIPAA breach affecting 14,095 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. for violating the CCPA. The mobile gaming company failed to provide opt-out methods for the sale or sharing of personal information across its 21 apps and sold or shared data of children aged 13-16 without required affirmative consent. Jam City must now implement in-app opt-out mechanisms and obtain affirmative consent for minors' data.
$1.4M
Delta Dental of Virginia (Health Plan, VA) reported a HIPAA breach affecting 126,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Med Atlantic, Inc. (Business Associate, VA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NS Support, LLC (Healthcare Provider, ID) reported a HIPAA breach affecting 92,845 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nura PLLC (Healthcare Provider, MN) reported a HIPAA breach affecting 5,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (Healthcare Provider, NY) reported a HIPAA breach affecting 3,426 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 238,615 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong joined a bipartisan coalition of nine states in a $7 million settlement with Greystar Management Services LLC, the largest U.S. landlord, for anticompetitive algorithmic pricing practices. Greystar shared competitively sensitive data with competitors via RealPage's algorithms and discussed pricing strategies, leading to inflated rents. The consent decree prohibits such conduct, requires monitoring if using uncertified algorithms, and bars participation in RealPage competitor meetings.
$7.0M
NAHGA Claim Services (Health Plan, ME) reported a HIPAA breach affecting 26,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
Anchorage Neighborhood Health Center (Healthcare Provider, AK) reported a HIPAA breach affecting 70,555 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personic Management Company LLC (Business Associate, VA) reported a HIPAA breach affecting 10,929 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers under the CCPA and Delete Act. The strike force will focus on compliance with registration requirements and other obligations, building on previous enforcement actions to increase accountability.
County of Catawba (Health Plan, NC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced a $7 million settlement with Greystar Management Services LLC for using RealPage's algorithmic software to illegally align rent prices with competitors by sharing confidential pricing information, violating antitrust laws. Greystar must cease using such anticompetitive algorithms, refrain from data sharing, accept monitoring, and cooperate in the ongoing case against RealPage.
$7.0M
The U.S. Bankruptcy Court confirmed a $7.4 billion settlement between Purdue Pharma, the Sackler Family, and 55 attorneys general to resolve claims over the opioid crisis. Connecticut will receive up to $64 million for treatment, prevention, and victim support. The settlement bars the Sacklers from selling opioids and requires public disclosure of documents.
$7.4B
Dermatology Associates of Concord (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Marrs Ear, Nose & Throat, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 6,376 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
St. John’s Riverside Hospital (Healthcare Provider, NY) reported a HIPAA breach affecting 2,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
West Suburban Eye Surgery Center LLC (Business Associate, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Morton Drug Company (Healthcare Provider, WI) reported a HIPAA breach affecting 40,051 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.