1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Connecticut passed House Bill No. 7181 to strengthen enforcement against illegal cannabis and tobacco sales by increasing penalties, allowing municipalities to retain civil penalties, and creating a task force. The law also expands bans on online sales of e-cigarettes and improves age verification to prevent youth access to addictive products.
Horizon Blue Cross Blue Shield NJ (Health Plan, NJ) reported a HIPAA breach affecting 781 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Upper Dublin Family Dentistry (Healthcare Provider, PA) reported a HIPAA breach affecting 5,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mary B. Toporcer, MD, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Erlanger Health (Healthcare Provider, TN) reported a HIPAA breach affecting 3,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cahaba Center for Mental Health (Healthcare Provider, AL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
NHPP Physical Medicine and Rehabilitation (Healthcare Provider, NY) reported a HIPAA breach affecting 1,353 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Access2Day Health (Business Associate, LA) reported a HIPAA breach affecting 4,908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connections for Kids (Healthcare Provider, ME) reported a HIPAA breach affecting 938 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut Attorney General William Tong filed a lawsuit against Triggered Brand for selling unapproved 'research grade' GLP-1 weight loss drugs directly to consumers without prescriptions or medical oversight, violating the Connecticut Unfair Trade Practices Act and pharmacy licensing laws. The AG also issued a Civil Investigative Demand to Made In China for similar sales and sent warning letters to weight loss clinics about compounded GLP-1 drugs.
The FTC finalized an order with GoDaddy for failing to implement adequate data security measures and misleading consumers about its security and Privacy Shield compliance. The order prohibits misrepresentations, requires a comprehensive security program, and mandates independent assessments.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company allegedly did not implement reasonable security measures, leaving customer websites vulnerable to attacks that could harm both the customers and visitors to those sites. The case resulted in a consent order requiring GoDaddy to improve its security practices.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company's security failures left customers' and website visitors' data vulnerable to attacks. The final order requires GoDaddy to implement comprehensive data security measures.
Insulet Corporation (Healthcare Provider, MA) reported a HIPAA breach affecting 841 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mercy Surgical Dressing Group, Inc. (Business Associate, PA) reported a HIPAA breach affecting 4,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Doctors Hospital at Renaissance, LTD (Healthcare Provider, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareNexa, LLC, doing business as Molecular Testing Labs (Healthcare Provider, WA) reported a HIPAA breach affecting 7,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel County Department of Health (Healthcare Provider, MD) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HopeHealth, Inc. (Healthcare Provider, SC) reported a HIPAA breach affecting 5,823 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Union County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CVS Caremark (Business Associate, RI) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Washington Gastroenterology (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Cross Blue Shield of Texas (Business Associate, IL) reported a HIPAA breach affecting 593 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The California Privacy Protection Agency ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under the Delete Act. The order was issued by default after the company did not contest the allegations, highlighting CPPA's enforcement of data broker registration requirements.
$46K
The California Privacy Protection Agency (CPPA) ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under California's Delete Act. The order was issued by default after the company did not contest the allegations. This enforcement action highlights the CPPA's efforts to ensure data broker compliance with registration laws.
$46K
Allied Services Division Welfare Fund (Health Plan, IL) reported a HIPAA breach affecting 5,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton issued a 30-day compliance notice to TP-Link, Alibaba, CapCut, and other CCP-affiliated Chinese companies for violating the Texas Data Privacy and Security Act (TDPSA). The companies are accused of failing to disclose consumer data processing activities, allow opt-out of data collection, and enable consumer data deletion as required by Texas law. If the companies do not comply within 30 days, the Attorney General's office will pursue additional legal action.
All data sourced from official government enforcement pages.