1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Manchester Rehabilitation and Healthcare Center (Healthcare Provider, CT) reported a HIPAA breach affecting 5,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and Rehab (Healthcare Provider, HI) reported a HIPAA breach affecting 8,472 individuals. Breach type: Theft. Location of breached information: Other, Other Portable Electronic Device, Paper/Films.
Kronick Moskovitz Tiedemann & Girard (Business Associate, CA) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palmetto Operating LLC d/b/a Palmetto Subacute Care Center (‘Palmetto’) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,746 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
New York Attorney General Letitia James led a 19-state coalition to secure a preliminary injunction blocking the Trump administration from granting Elon Musk and the Department of Government Efficiency (DOGE) unauthorized access to the Treasury Department’s central payment system and Americans’ sensitive personal information, including Social Security numbers and bank account details. A prior temporary restraining order required immediate destruction of all records already obtained by DOGE and Musk. The lawsuit remains ongoing to permanently prevent unauthorized access to private consumer data.
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
Consultants in Pain Medicine (Healthcare Provider, TX) reported a HIPAA breach affecting 1,124 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring Management OK, LLC (Business Associate, OK) reported a HIPAA breach affecting 2,494 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
Children's Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX) (Healthcare Provider, TN) reported a HIPAA breach affecting 1,690 individuals. Breach type: Theft. Location of breached information: Laptop.
Cornerstones of Care (Healthcare Provider, MO) reported a HIPAA breach affecting 2,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
Connecticut Attorney General William Tong announced proposed legislation to protect minors from addictive social media features. The bill would prohibit exposing minors to harmful algorithms without parental consent, set default usage limits and notification restrictions, and require annual reporting by social media companies. This follows ongoing legal actions against Meta and TikTok for youth addiction concerns.
Columbus Division of Fire (Healthcare Provider, OH) reported a HIPAA breach affecting 736 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CPS Solutions, LLC (Business Associate, OH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
New York Attorney General Letitia James led a coalition of 18 other state attorneys general in suing the Trump administration and Department of Government Efficiency (DOGE) to stop unauthorized access to Americans' sensitive personal data held in U.S. Treasury payment systems. A federal judge granted a temporary restraining order blocking DOGE from accessing the data and requiring immediate destruction of any copies already obtained. A hearing on a motion for preliminary injunction is scheduled for February 14, 2025.
New York Attorney General Letitia James led a coalition of 11 other attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the Treasury Department’s central payment system, exposing Social Security numbers, bank account information, and other private data of tens of millions of Americans. A federal judge granted a temporary restraining order on February 8, 2025, blocking access and ordering destruction of all obtained records, with the coalition seeking a preliminary injunction to continue the bar on unauthorized access.
New York Attorney General Letitia James led a coalition of 19 state attorneys general in filing a lawsuit against the Trump administration and U.S. Department of the Treasury over unauthorized access to Americans’ sensitive personal data. The lawsuit alleges the Treasury Department illegally granted Elon Musk and the Department of Government Efficiency (DOGE) access to its central payment system containing bank account details, Social Security numbers, and other private information, violating federal law and the U.S. Constitution. The coalition seeks an injunction to halt the policy and a declaration that the access expansion is unlawful and unconstitutional.
New York Attorney General Letitia James led a coalition of 19 states in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE access to the Treasury's payment system, exposing Americans' sensitive personal information. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
A coalition of 18 state attorneys general, led by Illinois AG Kwame Raoul, filed a lawsuit against the Trump administration to stop a policy that grants Elon Musk and DOGE unauthorized access to the Treasury Department's payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the policy is unlawful, arguing it violates federal law and jeopardizes data security.
Connecticut Attorney General William Tong joined a coalition of 12 attorneys general to announce they will file a lawsuit against the U.S. Department of the Treasury and DOGE for unlawfully granting Elon Musk and DOGE staff access to sensitive personal information and payment systems. The AGs argue this unauthorized access threatens privacy rights and essential payments for millions of Americans. The lawsuit seeks to revoke access and prevent further interference.
ARC Community Services, Inc. (Healthcare Provider, WI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ZI NEUROSCIENCES (Healthcare Provider, NJ) reported a HIPAA breach affecting 1,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other, Paper/Films.
Methodist Homes of Alabama and Northwest Florida (Healthcare Provider, AL) reported a HIPAA breach affecting 908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Benefits Management Group, Inc. (Business Associate, IL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring River Mental Health & Wellness (Healthcare Provider, KS) reported a HIPAA breach affecting 3,250 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Aprendamos Intervention Team, P.A. (Healthcare Provider, NM) reported a HIPAA breach affecting 1,916 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Inlet Health dba Communicare (Healthcare Provider, KY) reported a HIPAA breach affecting 3,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.