1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Saint Anthony Hospital (Healthcare Provider, IL) reported a HIPAA breach affecting 6,679 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Franklin Dermatology Group, PLC (Healthcare Provider, TN) reported a HIPAA breach affecting 2,457 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Western Skies Wellness LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,700 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
Texas Center for Infectious Disease Associates (Healthcare Provider, TX) reported a HIPAA breach affecting 1,236 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut, California, and Colorado attorneys general, along with the California Privacy Protection Agency, announced a joint investigative sweep targeting businesses that fail to honor Global Privacy Control (GPC) signals, which allow consumers to opt-out of the sale of their personal information. The coalition sent letters to non-compliant businesses demanding immediate compliance with state privacy laws requiring respect for consumer opt-out preferences.
The California Privacy Protection Agency, together with the Attorneys General of California, Colorado, and Connecticut, announced an investigative sweep targeting businesses that fail to honor Global Privacy Control (GPC) signals, which automatically communicate consumers' opt-out requests. The coalition is contacting identified businesses and demanding immediate compliance with state privacy laws. This coordinated effort highlights the states' commitment to enforcing consumers' right to opt-out of the sale of their personal information.
Somerset County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 2,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Coos County Family Health Services (Healthcare Provider, NH) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Twin Cities Pain Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 3,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
North Oaks Health System (Healthcare Provider, LA) reported a HIPAA breach affecting 6,243 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
La Perouse, LLC (Business Associate, NV) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carrollton Ear, Nose and Throat, PC (Healthcare Provider, GA) reported a HIPAA breach affecting 3,569 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anthony L. Jordan Health Corporation (Healthcare Provider, NY) reported a HIPAA breach affecting 2,974 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Florida Attorney General James Uthmeier issued a subpoena to Lorex as part of an ongoing consumer protection and data privacy investigation. The probe examines Lorex’s ties to Dahua Technology and potential foreign spying risks, including unauthorized access to children’s data, and whether the company misled consumers about the privacy and security of its camera products and apps. The subpoena seeks documents related to corporate structure, third-party contracts, software update origins, data center locations, security vulnerabilities, and marketing claims about privacy and security.
Reimagine Network (Healthcare Provider, CA) reported a HIPAA breach affecting 4,799 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Prime Therapeutics LLC (Business Associate, MN) reported a HIPAA breach affecting 2,266 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop.
College Parkside Pharmacy (Healthcare Provider, NY) reported a HIPAA breach affecting 5,736 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Assisted Living Pharmacy Service, LLC (Healthcare Provider, WI) reported a HIPAA breach affecting 5,590 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
College Hometown Pharmacy (Healthcare Provider, NY) reported a HIPAA breach affecting 9,742 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Department of Social Services for Vance County, North Carolina (Business Associate, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Independent Health Association, Inc. (Health Plan, NY) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
zizzl llc (Business Associate, WI) reported a HIPAA breach affecting 2,416 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
FTC Chairman Andrew Ferguson sent warning letters to major technology companies, urging them not to weaken data security or censor American consumers' speech in response to foreign government demands. He reminded them that such actions could violate the FTC Act's prohibition on unfair and deceptive practices, particularly if companies break promises about encryption and security. The letters cite foreign laws like the EU's Digital Services Act and UK's Investigatory Powers Act as pressures that might lead to non-compliance.
McEwen & Associates (Business Associate, TX) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
FTC Chairman Andrew Ferguson sent warning letters to over a dozen major technology companies, reminding them of their obligations under the FTC Act to protect American consumers' data security and privacy, even when facing pressure from foreign governments to weaken encryption or censor content. The letters warn that weakening security measures or censoring speech in response to foreign demands could constitute deceptive practices under the FTC Act.
Arkansas Primary Care Clinic (Healthcare Provider, AR) reported a HIPAA breach affecting 2,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Revere Health PC (Healthcare Provider, UT) reported a HIPAA breach affecting 605 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
CareTracker, Inc. (Business Associate, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.