1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
New York Attorney General Letitia James secured a $500,000 settlement with orthopedics practice OrthopedicsNY, LLP for failing to implement adequate data security measures, leading to a 2023 cyberattack that exposed personal and health information of approximately 656,000 patients and employees. The settlement requires OrthopedicsNY to pay the penalty, fund one year of free credit monitoring for affected individuals, and adopt enhanced data security practices including multifactor authentication, encryption, and annual risk assessments.
$500K
AllerVie Health (Healthcare Provider, TX) reported a HIPAA breach affecting 80,521 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Artemis Healthcare Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 45,867 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medical Center, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 32,090 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
North East Medical Services (Healthcare Provider, CA) reported a HIPAA breach affecting 91,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excellent Home Care Services, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 16,278 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
West Texas Health, PLLC (Business Associate, TX) reported a HIPAA breach affecting 73,720 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong led a multistate coalition in sending inquiry letters to six major BNPL providers—Affirm, Afterpay, Klarna, PayPal, Sezzle, and Zip—seeking detailed information on their pricing, fees, disclosures, and consumer assessment practices to evaluate compliance with consumer protection laws, following the rescission of federal Truth in Lending Act rules for BNPL.
Spindletop Center (Healthcare Provider, TX) reported a HIPAA breach affecting 88,863 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consumer protection and advertising enforcement action. Oregon Attorney General secured a settlement with meal-kit company HelloFresh for misleading consumers with deceptive 'free meal,' 'free shipping,' and 'free gift' offers that required hundreds of dollars in purchases to obtain. The company must pay $106,000 and implement comprehensive advertising reforms.
$106K
Davies, McFarland & Carroll LLC (Business Associate, PA) reported a HIPAA breach affecting 54,712 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Millcreek Pediatrics (Healthcare Provider, DE) reported a HIPAA breach affecting 14,095 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NS Support, LLC (Healthcare Provider, ID) reported a HIPAA breach affecting 92,845 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NAHGA Claim Services (Health Plan, ME) reported a HIPAA breach affecting 26,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anchorage Neighborhood Health Center (Healthcare Provider, AK) reported a HIPAA breach affecting 70,555 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personic Management Company LLC (Business Associate, VA) reported a HIPAA breach affecting 10,929 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Morton Drug Company (Healthcare Provider, WI) reported a HIPAA breach affecting 40,051 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Steven J. Pearlman MD PC (Healthcare Provider, NY) reported a HIPAA breach affecting 10,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Therapy Services, Inc. (Healthcare Provider, IN) reported a HIPAA breach affecting 15,027 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marshfield Clinic Health System (Healthcare Provider, WI) reported a HIPAA breach affecting 35,952 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Loving and Living Center, PC dba Awakenings Center (Healthcare Provider, NC) reported a HIPAA breach affecting 17,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Motorola Solutions (Health Plan, IL) reported a HIPAA breach affecting 22,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Beverly Hills Oncology Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 57,655 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta secured a $530,000 settlement with Sling TV LLC and Dish Media Sales LLC, resolving allegations that the streaming service violated the CCPA by failing to provide an easy-to-use opt-out mechanism for the sale of personal information and insufficient privacy protections for children. The settlement, subject to court approval, requires Sling TV to implement streamlined opt-out processes across all devices, stop redirecting users to cookie preferences for CCPA opt-outs, and add kid-specific profiles with default opt-out of data sales and targeted advertising. This is the first enforcement action from the DOJ's 2024 investigative sweep of streaming services.
$530K
California Attorney General Rob Bonta settled with Sling TV for $530,000 over CCPA violations. Sling TV failed to provide an easy-to-use opt-out mechanism for the sale of personal information and lacked adequate privacy protections for children's data. The settlement requires Sling TV to implement changes to ensure CCPA compliance, including improved opt-out processes and children's privacy safeguards.
$530K
Heartland Health Center (Healthcare Provider, NE) reported a HIPAA breach affecting 43,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Visiting Nurse Association of Texas, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 28,515 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Conduent Business Services LLC (Business Associate, NJ) reported a HIPAA breach affecting 42,616 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
OB-GYN Associates, Ltd. dba OBGYN Associates (Healthcare Provider, NV) reported a HIPAA breach affecting 62,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Space Coast Vascular (Healthcare Provider, FL) reported a HIPAA breach affecting 18,819 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.