1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Tri Century Eye Care PC (Healthcare Provider, PA) reported a HIPAA breach affecting 200,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Expert MRI (Healthcare Provider, CA) reported a HIPAA breach affecting 209,560 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Northwest Radiologists, Inc./Mount Baker Imaging (Healthcare Provider, WA) reported a HIPAA breach affecting 362,713 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General secured a $1 million multistate settlement with TFG Holding, Inc. for deceptive VIP membership program marketing and billing practices. The company must improve disclosures, obtain explicit consent, provide easy cancellation, and offer restitution to affected consumers.
$1.0M
Modernizing Medicine, Inc. (Business Associate, FL) reported a HIPAA breach affecting 198,795 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Brightstar Global Solutions Corporation (Health Plan, RI) reported a HIPAA breach affecting 103,879 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Harbor (Healthcare Provider, OH) reported a HIPAA breach affecting 216,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.
$1.4M
The FTC and 19 states settled with Kars-R-Us.com, Inc. and its operators for deceptive charity fundraising claims, where only 0.28% of over $45 million raised was used for breast cancer screenings. Operators face permanent fundraising bans and a $3.88 million monetary judgment.
$3.9M
Doctors Imaging Group (Healthcare Provider, FL) reported a HIPAA breach affecting 171,862 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medical Associates of Brevard, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 246,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Retina Group of Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 152,691 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC alleges that Disney violated COPPA by failing to properly label children-directed videos on YouTube as 'Made for Kids,' allowing the collection of personal data from children under 13 without parental consent. Disney will pay a $10 million civil penalty and must implement a program to ensure accurate video designations, potentially incorporating age assurance technologies.
$10.0M
University of Iowa Community Home Care (Healthcare Provider, IA) reported a HIPAA breach affecting 109,029 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
University of Iowa Health Care (Healthcare Provider, IA) reported a HIPAA breach affecting 101,875 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Vital Imaging Medical Diagnostic Centers, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 260,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Highlands Oncology Group PA (Healthcare Provider, AR) reported a HIPAA breach affecting 111,766 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Alera Group, Inc. (Business Associate, IL) reported a HIPAA breach affecting 155,567 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong filed a lawsuit against MAKECTBETTER LLC and individuals for operating a fraudulent scheme selling fake cannabis licenses. The defendants forged state documents and charged businesses up to $50,000 for non-existent licenses. The AG is seeking a $2.5 million prejudgment remedy to freeze the defendants' assets.
$2.5M
New Jersey Attorney General Matthew J. Platkin joined a coalition of 20 attorneys general in filing a lawsuit against the U.S. Department of Agriculture (USDA) for demanding that states turn over sensitive personal information of SNAP recipients, including Social Security numbers and addresses. The lawsuit argues that this demand violates federal privacy laws and the Constitution, as the data is protected and should only be used for program administration. The coalition seeks to block USDA from conditioning SNAP funding on compliance with this demand.
Massachusetts Attorney General Andrea Campbell, joined by a coalition of 21 states and Kentucky, filed a lawsuit challenging the U.S. Department of Agriculture's demand that states turn over sensitive personal data of SNAP recipients. The lawsuit argues that this demand violates federal privacy laws and the Spending Clause, threatening the privacy of millions of low-income families and coercing states by threatening funding cuts.
New York Attorney General Letitia James, joined by 20 other states and Kentucky, filed a lawsuit challenging the Trump administration's policy requiring states to disclose personal information of SNAP recipients to federal agencies. The policy violates privacy laws by demanding sensitive data like Social Security numbers for potential immigration enforcement. The coalition seeks a court injunction to stop the illegal data sharing.
Texas Attorney General Ken Paxton secured a record-setting $1.4 billion settlement with Meta for unlawfully capturing and using the biometric data of millions of Texans, marking one of the largest privacy settlements in U.S. history.
$1.4B
Massachusetts Attorney General settled with Earnest Operations LLC for $2.5 million over allegations that the student loan lender's use of AI underwriting models led to disparate impact on Black, Hispanic, and non-citizen applicants. The company failed to test its AI models for bias, used discriminatory variables like Cohort Default Rate, and sent inaccurate adverse action notices. Earnest must pay the fine, discontinue problematic practices, and implement compliance measures.
$2.5M
Cierant Corporation (Business Associate, CT) reported a HIPAA breach affecting 232,506 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Zumpano Patricios, P.A. (Business Associate, FL) reported a HIPAA breach affecting 279,275 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced a $1.55 million settlement with Healthline Media LLC for CCPA violations. Healthline failed to honor opt-out requests, shared consumer data including health-related article titles with third parties, and used deceptive privacy practices. The settlement includes injunctive relief and a compliance program.
$1.6M
Centers for Medicare & Medicaid Services (Health Plan, MD) reported a HIPAA breach affecting 107,154 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Horizon Healthcare RCM (Healthcare Clearing House, IN) reported a HIPAA breach affecting 210,901 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Heartland Regional Medical Center d/b/a Mosaic Life Care (Healthcare Provider, MO) reported a HIPAA breach affecting 145,269 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.