1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
PET Imaging of Northern Colorado (Healthcare Provider, CO) reported a HIPAA breach affecting 4,824 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Integrated Oncology Network (Business Associate, TN) reported a HIPAA breach affecting 4,174 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Southwest Urology (Healthcare Provider, OH) reported a HIPAA breach affecting 7,214 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Bardmoor Cancer Center (Healthcare Provider, FL) reported a HIPAA breach affecting 991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
PDCM Insurance (Business Associate, IA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jordan Drug, Inc. (Healthcare Provider, KY) reported a HIPAA breach affecting 4,947 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minneapolis VA Medical Center (Healthcare Provider, MN) reported a HIPAA breach affecting 1,099 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 673 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Retina Associates of Cleveland, Inc. (Healthcare Provider, OH) reported a HIPAA breach affecting 3,604 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Harbor (Healthcare Provider, OH) reported a HIPAA breach affecting 2,703 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Skin Care Specialty Physicians (Healthcare Provider, MD) reported a HIPAA breach affecting 1,038 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marquette County Medical Care Facility (Healthcare Provider, OH) reported a HIPAA breach affecting 1,499 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Broadwest Specialty Surgical Center (Healthcare Provider, IN) reported a HIPAA breach affecting 536 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Winkler County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued subpoenas to Contec, a Chinese medical device manufacturer, and Epsimed, a Miami-based reseller, over allegations that their patient monitors contain backdoors and automatically transmit patient data to China without consent. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by omitting material security vulnerabilities andmaking false representations about FDA approval and product quality. The AG may seek damages, civil penalties, and injunctive relief in future enforcement.
Diversified Services Enterprises (Business Associate, FL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 4,530 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Elmore County (Healthcare Provider, ID) reported a HIPAA breach affecting 931 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Kelley Drye & Warren LLP (Business Associate, NY) reported a HIPAA breach affecting 771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit in the 23andMe bankruptcy case to prevent the sale of Texans' genetic data without proper consent. The action seeks to confirm Texans' property rights over their genetic information under the Texas Data Privacy and Security Act and the Texas Direct-to-Consumer Genetic Testing Act. The AG argues that 23andMe's proposed asset sale would violate Texas law requiring separate express consent for disclosure of genetic information.
Attorney General William Tong led a bipartisan coalition of 42 attorneys general in urging Meta Platforms to protect users from fraudulent investment ads on Facebook that facilitate pump-and-dump schemes, causing significant financial losses. The coalition calls for enhanced ad review processes, including human review for investment ads, and suggests ceasing investment ads if scams cannot be curbed.
Clarkston Chiropractic Sports & Wellness (Healthcare Provider, MI) reported a HIPAA breach affecting 2,757 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Repay Management Services, LLC (Health Plan, GA) reported a HIPAA breach affecting 606 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Sharp HealthCare (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NYC Health + Hospitals (Healthcare Provider, NY) reported a HIPAA breach affecting 5,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.