1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Columbus Division of Fire (Healthcare Provider, OH) reported a HIPAA breach affecting 736 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James led a coalition of 11 other attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the Treasury Department’s central payment system, exposing Social Security numbers, bank account information, and other private data of tens of millions of Americans. A federal judge granted a temporary restraining order on February 8, 2025, blocking access and ordering destruction of all obtained records, with the coalition seeking a preliminary injunction to continue the bar on unauthorized access.
New York Attorney General Letitia James led a coalition of 19 state attorneys general in filing a lawsuit against the Trump administration and U.S. Department of the Treasury over unauthorized access to Americans’ sensitive personal data. The lawsuit alleges the Treasury Department illegally granted Elon Musk and the Department of Government Efficiency (DOGE) access to its central payment system containing bank account details, Social Security numbers, and other private information, violating federal law and the U.S. Constitution. The coalition seeks an injunction to halt the policy and a declaration that the access expansion is unlawful and unconstitutional.
Connecticut Attorney General William Tong joined a coalition of 12 attorneys general to announce they will file a lawsuit against the U.S. Department of the Treasury and DOGE for unlawfully granting Elon Musk and DOGE staff access to sensitive personal information and payment systems. The AGs argue this unauthorized access threatens privacy rights and essential payments for millions of Americans. The lawsuit seeks to revoke access and prevent further interference.
ARC Community Services, Inc. (Healthcare Provider, WI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Methodist Homes of Alabama and Northwest Florida (Healthcare Provider, AL) reported a HIPAA breach affecting 908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Benefits Management Group, Inc. (Business Associate, IL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring River Mental Health & Wellness (Healthcare Provider, KS) reported a HIPAA breach affecting 3,250 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Inlet Health dba Communicare (Healthcare Provider, KY) reported a HIPAA breach affecting 3,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Apex Custom Software (Business Associate, TX) reported a HIPAA breach affecting 1,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Holdrege Memorial Homes, Inc. (Healthcare Provider, NE) reported a HIPAA breach affecting 1,446 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Treatment Solutions (Healthcare Provider, NJ) reported a HIPAA breach affecting 950 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
Samaritan Counseling Center of the Fox Valley (Healthcare Provider, WI) reported a HIPAA breach affecting 956 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
BayMark Health Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 3,170 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
North Los Angeles County Regional Center (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ingham County Medical Care Facility, d/b/a Dobie Road (Healthcare Provider, MI) reported a HIPAA breach affecting 3,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Omaha Surgical Center (Healthcare Provider, NE) reported a HIPAA breach affecting 1,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dragonfly Health (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Polaris Endeavors (Healthcare Provider, FL) reported a HIPAA breach affecting 4,552 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC finalized an order against Marriott International and Starwood Hotels for failing to implement reasonable data security, which led to three data breaches affecting over 344 million customers. The companies must implement a comprehensive security program, delete unnecessary personal information, allow U.S. customers to request deletion, and restore stolen loyalty points. They are also prohibited from misrepresenting their data security practices.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 1,549 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Effortless Office Enterprises, LLC (Business Associate, NV) reported a HIPAA breach affecting 3,112 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kitsap Mental Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Northwest Asthma and Allergy Center (Healthcare Provider, WA) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Citadel of Northbrook (Healthcare Provider, IL) reported a HIPAA breach affecting 2,155 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
York County (Healthcare Provider, PA) reported a HIPAA breach affecting 841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Laboratory Services Cooperative (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dolton Nursing & Rehab, LLC (Healthcare Provider, IL) reported a HIPAA breach affecting 1,559 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Terrace of Hialeah (Healthcare Provider, FL) reported a HIPAA breach affecting 1,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.