1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
siParadigm LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wayne Memorial Hospital (Healthcare Provider, GA) reported a HIPAA breach affecting 2,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Calibrated Healthcare, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,890 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Frilot L.L.C. (Business Associate, LA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Roseland Community Hospital Association (Healthcare Provider, IL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sutton Dental Arts (Healthcare Provider, OR) reported a HIPAA breach affecting 4,109 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
EMS Department for the Kansas City, Kansas Fire Department (Healthcare Provider, KS) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sun City Pediatrics, PA (Healthcare Provider, TX) reported a HIPAA breach affecting 4,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fairfax Radiological Consultants (Healthcare Provider, VA) reported a HIPAA breach affecting 3,512 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong urged residents to enroll in free credit monitoring and identity theft protection following the Change Healthcare cyberattack in February 2024, which exposed sensitive health data. The breach potentially impacted up to one-third of Americans, but Change Healthcare has failed to provide individual notice to affected consumers. The AG joined other attorneys general in April 2024 to demand that UnitedHealth Group take more meaningful action to protect those harmed.
School Employees' Benefit Trust (Health Plan, IN) reported a HIPAA breach affecting 1,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Atlanta Perinatal Consultants, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 1,508 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Georgia Kidney Associates, Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 9,940 individuals. Breach type: Theft. Location of breached information: Other.
IBEW LOCAL 236 WELFARE FUND (Health Plan, CT) reported a HIPAA breach affecting 3,217 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ASBESTOS WORKERS LOCAL 42 WELFARE PLAN (Health Plan, GA) reported a HIPAA breach affecting 520 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AmerisourceBergen Specialty Group, LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 3,102 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pope & Conner Consulting, Inc. (Business Associate, WI) reported a HIPAA breach affecting 1,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Kenneth Young Center (Healthcare Provider, IL) reported a HIPAA breach affecting 6,842 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AMERICAN RENAL MANAGEMENT (Business Associate, TN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Empath-Stratum Inc. doing business as Empath Health (Healthcare Provider, FL) reported a HIPAA breach affecting 5,545 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Therapeutic Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cumberland Heights Foundation, Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 5,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
UNC Hospitals (Healthcare Provider, NC) reported a HIPAA breach affecting 3,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.
The New Jersey Board of Pharmacy temporarily suspended the license of Christina Bekhit, owner of AllCare Pharmacy, after her arrest for selling falsified COVID-19 vaccination cards and entering false information into the state's immunization database. Under a consent order filed on July 5, 2022, Bekhit agreed to cease pharmacy operations and surrender her permit, addressing grave public health risks from fraudulent vaccination records.
The New Jersey Attorney General announced the arrest of Christina Bekhit, a pharmacist operating AllCare Pharmacy, for selling fake COVID-19 vaccination record cards and entering false information into the state's immunization database. She faces criminal charges for computer criminal activity, tampering with public information, and falsification of medical records.
All data sourced from official government enforcement pages.