1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
BayMark Health Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 3,170 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medusind Inc. (Business Associate, FL) reported a HIPAA breach affecting 701,475 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
North Los Angeles County Regional Center (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Healthcare Provider, MN) reported a HIPAA breach affecting 41,792 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ingham County Medical Care Facility, d/b/a Dobie Road (Healthcare Provider, MI) reported a HIPAA breach affecting 3,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Buffalo Surgery Center (Healthcare Provider, NY) reported a HIPAA breach affecting 64,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Plastic Surgery Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 64,813 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Legacy Treatment Services, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 29,898 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watsonville Community Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 30,312 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omaha Surgical Center (Healthcare Provider, NE) reported a HIPAA breach affecting 1,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Tycon Medical Systems, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 112,847 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dragonfly Health (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Polaris Endeavors (Healthcare Provider, FL) reported a HIPAA breach affecting 4,552 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC finalized an order against Marriott International and Starwood Hotels for failing to implement reasonable data security, which led to three data breaches affecting over 344 million customers. The companies must implement a comprehensive security program, delete unnecessary personal information, allow U.S. customers to request deletion, and restore stolen loyalty points. They are also prohibited from misrepresenting their data security practices.
Effortless Office Enterprises, LLC (Business Associate, NV) reported a HIPAA breach affecting 3,112 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 1,549 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond University Medical Center (Healthcare Provider, NY) reported a HIPAA breach affecting 674,033 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with auto insurance company Noblr for $500,000 over a data breach that exposed personal information of approximately 80,000 New York residents. The breach, discovered in January 2021, was caused by Noblr’s failure to implement reasonable data security safeguards, including exposing plaintext driver’s license numbers and failing to monitor site traffic for malicious activity. In addition to the monetary penalty, Noblr must enhance its data security program, implement monitoring systems, and maintain a data inventory of private information.
$500K
Regional Care, Inc. (Healthcare Clearing House, NE) reported a HIPAA breach affecting 225,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
PracticeSuite, Inc. (Business Associate, FL) reported a HIPAA breach affecting 13,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kitsap Mental Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Teton Orthopaedics (Healthcare Provider, PA) reported a HIPAA breach affecting 13,409 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Medical Group, PLLC (Healthcare Provider, TN) reported a HIPAA breach affecting 464,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Northwest Asthma and Allergy Center (Healthcare Provider, WA) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
River Region Cardiology (Healthcare Provider, AL) reported a HIPAA breach affecting 48,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Connections (Healthcare Provider, DC) reported a HIPAA breach affecting 18,949 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $550,000 settlement from Hudson Valley health care operator HealthAlliance over a 2023 data breach that compromised the personal and medical information of 242,641 New Yorkers. The breach occurred after HealthAlliance failed to patch a known vulnerability in its web application system, allowing cyberattackers to exfiltrate patient and employee data. As part of the settlement, HealthAlliance must pay the penalty and implement enhanced cybersecurity measures including a comprehensive security program, patch management policy, and data inventory requirements.
$550K
Texas Tech University Health Sciences Center (Healthcare Provider, TX) reported a HIPAA breach affecting 650,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne Harris settled with auto insurers GEICO and Travelers for $11.3 million combined over data breaches that exposed over 120,000 New Yorkers’ personal information, including driver’s license numbers and dates of birth. The breaches stemmed from insufficient data security controls, allowing hackers to steal information and file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including comprehensive information security programs, data inventories, and improved access controls.
$11.3M
Conceptions Reproductive Associates of Colorado (Healthcare Provider, CO) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.