1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Texas Tech University Health Sciences Center El Paso (Healthcare Provider, TX) reported a HIPAA breach affecting 815,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
American Addiction Centers, Inc. (Business Associate, TN) reported a HIPAA breach affecting 410,747 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
Citadel of Northbrook (Healthcare Provider, IL) reported a HIPAA breach affecting 2,155 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Lubbock County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 1,461,776 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
East Central Missouri Behavioral Health Services, Inc. (Healthcare Provider, MO) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Laboratory Services Cooperative (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York County (Healthcare Provider, PA) reported a HIPAA breach affecting 841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Terrace of Hialeah (Healthcare Provider, FL) reported a HIPAA breach affecting 1,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dolton Nursing & Rehab, LLC (Healthcare Provider, IL) reported a HIPAA breach affecting 1,559 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
HealthFund Solutions, LLC (Business Associate, FL) reported a HIPAA breach affecting 5,198 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maternal Fetal Medicine Associates, PLLC, Carnegie Hill Imaging for Women, and Carnegie Women’s Health (collectively, “the Practices”) (Healthcare Provider, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ASPEN HEALTHCARE SERVICES INC (Healthcare Provider, TX) reported a HIPAA breach affecting 7,195 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
ESHA, Inc. (Business Associate, TX) reported a HIPAA breach affecting 76,922 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a $250,000 settlement with National Amusements, Inc. after an investigation found the movie theater operator failed to implement adequate data security, leading to a breach exposing personal information of over 23,000 New York employees. The company also violated the New York Shield Act by delaying notification to affected individuals for more than a year after the breach. As part of the settlement, National Amusements must pay the penalty and implement enhanced cybersecurity measures including encryption, password policies, and an incident response plan.
$250K
Physicians' Primary Care of Southwest Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rocky Mountain Gastroenterology Associates PLLC (Healthcare Provider, CO) reported a HIPAA breach affecting 366,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Radiologic Medical Services, P.C. (Healthcare Provider, IA) reported a HIPAA breach affecting 56,902 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Humboldt Independent Practice Association (Humboldt IPA) (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
United Seating and Mobility, LLC dba Numotion (Healthcare Provider, TN) reported a HIPAA breach affecting 2,319 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
South West Family Medicine Associates, PA (Healthcare Provider, TX) reported a HIPAA breach affecting 36,959 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Great Plains Regional Medical Center (Healthcare Provider, OK) reported a HIPAA breach affecting 133,149 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Northeast Professional Home Care, Inc. (Healthcare Provider, OH) reported a HIPAA breach affecting 648 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Brain & Eye Connection Vision Clinic, PC (Healthcare Provider, OK) reported a HIPAA breach affecting 2,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rockford Gastroenterology Associates (Healthcare Provider, IL) reported a HIPAA breach affecting 147,253 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a settlement with Albany ENT & Allergy Services (AENT) over two 2023 ransomware attacks that compromised the medical records of over 200,000 New Yorkers. The OAG found AENT failed to maintain reasonable data security safeguards, inadequately oversaw third-party security vendors, and initially failed to disclose all exposed consumer data to the state. AENT will pay $1 million in penalties (with $500,000 suspended pending $2.25 million in security investments) and implement comprehensive data security measures including encryption, multi-factor authentication, and vendor oversight.
$1.0M
Hawaii Radiologic Associates, Ltd. (Healthcare Provider, HI) reported a HIPAA breach affecting 23,205 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Northeast Spine and Sports Medicine, LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 6,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gandara Mental Health Center (Healthcare Provider, MA) reported a HIPAA breach affecting 20,024 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mystic Valley Elder Services - Business Associate (Business Associate, MA) reported a HIPAA breach affecting 2,402 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.