1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Clarkston Chiropractic Sports & Wellness (Healthcare Provider, MI) reported a HIPAA breach affecting 2,757 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Repay Management Services, LLC (Health Plan, GA) reported a HIPAA breach affecting 606 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Sharp HealthCare (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NYC Health + Hospitals (Healthcare Provider, NY) reported a HIPAA breach affecting 5,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Connecticut passed House Bill No. 7181 to strengthen enforcement against illegal cannabis and tobacco sales by increasing penalties, allowing municipalities to retain civil penalties, and creating a task force. The law also expands bans on online sales of e-cigarettes and improves age verification to prevent youth access to addictive products.
Horizon Blue Cross Blue Shield NJ (Health Plan, NJ) reported a HIPAA breach affecting 781 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Upper Dublin Family Dentistry (Healthcare Provider, PA) reported a HIPAA breach affecting 5,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mary B. Toporcer, MD, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Erlanger Health (Healthcare Provider, TN) reported a HIPAA breach affecting 3,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cahaba Center for Mental Health (Healthcare Provider, AL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
NHPP Physical Medicine and Rehabilitation (Healthcare Provider, NY) reported a HIPAA breach affecting 1,353 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Access2Day Health (Business Associate, LA) reported a HIPAA breach affecting 4,908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connections for Kids (Healthcare Provider, ME) reported a HIPAA breach affecting 938 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut Attorney General William Tong filed a lawsuit against Triggered Brand for selling unapproved 'research grade' GLP-1 weight loss drugs directly to consumers without prescriptions or medical oversight, violating the Connecticut Unfair Trade Practices Act and pharmacy licensing laws. The AG also issued a Civil Investigative Demand to Made In China for similar sales and sent warning letters to weight loss clinics about compounded GLP-1 drugs.
The FTC finalized an order with GoDaddy for failing to implement adequate data security measures and misleading consumers about its security and Privacy Shield compliance. The order prohibits misrepresentations, requires a comprehensive security program, and mandates independent assessments.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company allegedly did not implement reasonable security measures, leaving customer websites vulnerable to attacks that could harm both the customers and visitors to those sites. The case resulted in a consent order requiring GoDaddy to improve its security practices.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company's security failures left customers' and website visitors' data vulnerable to attacks. The final order requires GoDaddy to implement comprehensive data security measures.
Insulet Corporation (Healthcare Provider, MA) reported a HIPAA breach affecting 841 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mercy Surgical Dressing Group, Inc. (Business Associate, PA) reported a HIPAA breach affecting 4,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Doctors Hospital at Renaissance, LTD (Healthcare Provider, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareNexa, LLC, doing business as Molecular Testing Labs (Healthcare Provider, WA) reported a HIPAA breach affecting 7,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel County Department of Health (Healthcare Provider, MD) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.