1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Columbia Eye Clinic (Healthcare Provider, SC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CDHA Management, LLC and Spark DSO, LLC dba Chord Specialty Dental Partners (Healthcare Provider, TN) reported a HIPAA breach affecting 173,430 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Klickitat Valley Health (Healthcare Provider, WA) reported a HIPAA breach affecting 26,339 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Topy America Inc. (Health Plan, KY) reported a HIPAA breach affecting 1,827 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welts, White, & Fontaine PC (Business Associate, NH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James filed a lawsuit against National General and Allstate Insurance Company for two data breaches in 2020 and 2021 that exposed the driver’s license numbers of over 165,000 New York residents. The AG alleges National General failed to implement reasonable data security measures, did not notify consumers or state agencies of the first breach, and left systems vulnerable to a second larger breach after Allstate took over data security operations. The AG is seeking monetary penalties and an injunction to prevent further violations.
New York Attorney General Letitia James filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for failing to protect personal information and notify consumers of data breaches. The breaches exposed driver's license numbers of over 165,000 New Yorkers due to poor cybersecurity. The AG is seeking monetary penalties and an injunction.
Nice Healthcare Management Company, Inc (Healthcare Provider, MN) reported a HIPAA breach affecting 10,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with Saturn Technologies, developer of the Saturn social networking app for high school students, over failures to protect young users’ privacy. The Office of the Attorney General found the company disabled required email verification for thousands of schools, used inadequate age and identity checks, retained user contact data after access was revoked, and failed to maintain proper privacy records. Saturn will pay $650,000 in penalties and implement enhanced privacy protections for minor users, including mandatory bi-annual privacy setting reviews and data deletion requirements.
$650K
Fort Wayne Medical Education Program (Healthcare Provider, IN) reported a HIPAA breach affecting 28,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Madison County, MS (Health Plan, MS) reported a HIPAA breach affecting 6,082 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Liberty Resources, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 103,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Hillcrest Convalescent Center, Inc. (Healthcare Provider, NC) reported a HIPAA breach affecting 106,194 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Manchester Rehabilitation and Healthcare Center (Healthcare Provider, CT) reported a HIPAA breach affecting 5,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Care Alliance (Healthcare Provider, RI) reported a HIPAA breach affecting 114,975 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CEI Vision Partners, LLC (Business Associate, MO) reported a HIPAA breach affecting 10,841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southeast Series of Lockton Companies, LLC (Lockton) (Business Associate, GA) reported a HIPAA breach affecting 1,124,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gaylord Hospital, Inc (Healthcare Provider, CT) reported a HIPAA breach affecting 62,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kronick Moskovitz Tiedemann & Girard (Business Associate, CA) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carolina Arthritis Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 36,961 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Lake Washington Vascular (Healthcare Provider, WA) reported a HIPAA breach affecting 21,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consultants in Pain Medicine (Healthcare Provider, TX) reported a HIPAA breach affecting 1,124 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring Management OK, LLC (Business Associate, OK) reported a HIPAA breach affecting 2,494 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
Cornerstones of Care (Healthcare Provider, MO) reported a HIPAA breach affecting 2,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Somnia, Inc. (Business Associate, NY) reported a HIPAA breach affecting 19,069 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
UNITED BACKCARE PS dba Pacific Rehabilitation Centers (Healthcare Provider, WA) reported a HIPAA breach affecting 18,900 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Columbus Division of Fire (Healthcare Provider, OH) reported a HIPAA breach affecting 736 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CPS Solutions, LLC (Business Associate, OH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.