1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Trusteed Plan Services Corporation (Business Associate, WA) reported a HIPAA breach affecting 7,977 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Munson Healthcare (Healthcare Provider, MI) reported a HIPAA breach affecting 1,186 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Florida Attorney General James Uthmeier filed complaints against multiple pornography websites for violating Florida's age-verification law by not verifying users' ages, allowing children access to harmful material. The law requires such sites to implement age verification, and violations can result in fines up to $50,000 per violation. The complaints seek injunctions, civil penalties, and compliance with the law.
North Penn Comprehensive Health Services d.b.a Laurel Health Centers (Healthcare Provider, PA) reported a HIPAA breach affecting 991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Cookeville Regional Medical Center (Healthcare Provider, TN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Saint Anthony Hospital (Healthcare Provider, IL) reported a HIPAA breach affecting 6,679 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Franklin Dermatology Group, PLC (Healthcare Provider, TN) reported a HIPAA breach affecting 2,457 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Western Skies Wellness LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,700 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
Texas Center for Infectious Disease Associates (Healthcare Provider, TX) reported a HIPAA breach affecting 1,236 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
PGA Development, Inc. (Healthcare Provider, PA) reported a HIPAA breach affecting 23,899 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut, California, and Colorado attorneys general, along with the California Privacy Protection Agency, announced a joint investigative sweep targeting businesses that fail to honor Global Privacy Control (GPC) signals, which allow consumers to opt-out of the sale of their personal information. The coalition sent letters to non-compliant businesses demanding immediate compliance with state privacy laws requiring respect for consumer opt-out preferences.
The California Privacy Protection Agency, together with the Attorneys General of California, Colorado, and Connecticut, announced an investigative sweep targeting businesses that fail to honor Global Privacy Control (GPC) signals, which automatically communicate consumers' opt-out requests. The coalition is contacting identified businesses and demanding immediate compliance with state privacy laws. This coordinated effort highlights the states' commitment to enforcing consumers' right to opt-out of the sale of their personal information.
Medical Associates of Brevard, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 246,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Somerset County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 2,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Coos County Family Health Services (Healthcare Provider, NH) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Twin Cities Pain Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 3,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Retina Group of Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 152,691 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
Teamsters Union 25 Health Services & Insurance Plan (Health Plan, MA) reported a HIPAA breach affecting 19,231 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC released a statement by Chairman Ferguson, joined by Commissioners Holyoak and Meador, regarding the enforcement action against Disney Worldwide Services for alleged violations of the Children's Online Privacy Protection Act (COPPA). The statement addresses the case involving children's privacy protections.
North Oaks Health System (Healthcare Provider, LA) reported a HIPAA breach affecting 6,243 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC alleges that Disney violated COPPA by failing to properly label children-directed videos on YouTube as 'Made for Kids,' allowing the collection of personal data from children under 13 without parental consent. Disney will pay a $10 million civil penalty and must implement a program to ensure accurate video designations, potentially incorporating age assurance technologies.
$10.0M
La Perouse, LLC (Business Associate, NV) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC distributed refunds to consumers who purchased deceptively marketed treatment plans from Golden Sunrise Nutraceutical. The company and its medical director were barred from making unsupported health claims about curing COVID-19, cancer, and Parkinson's disease after a court order in September 2025. Over $40,700 was sent to 578 consumers, with additional claims possible until May 2026.
$103K
University of Iowa Community Home Care (Healthcare Provider, IA) reported a HIPAA breach affecting 109,029 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
University of Iowa Health Care (Healthcare Provider, IA) reported a HIPAA breach affecting 101,875 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carrollton Ear, Nose and Throat, PC (Healthcare Provider, GA) reported a HIPAA breach affecting 3,569 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anthony L. Jordan Health Corporation (Healthcare Provider, NY) reported a HIPAA breach affecting 2,974 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.