1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 780 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
York Hospital (Healthcare Provider, ME) reported a HIPAA breach affecting 1,259 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Riverland Community Health (Healthcare Provider, MN) reported a HIPAA breach affecting 940 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
TapestryHealth (Healthcare Provider, CT) reported a HIPAA breach affecting 6,494 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Anesthesiology & Pain Consultants, LLC (Healthcare Provider, LA) reported a HIPAA breach affecting 538 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other Portable Electronic Device.
Texas Attorney General Ken Paxton filed a lawsuit against Sony, Samsung, LG, Hisense, and TCL Technology Group for using Automated Content Recognition (ACR) technology to collect Texans' viewing data without proper consent. A temporary restraining order was secured against Hisense to halt all data collection and sharing. The AG issued a consumer alert with instructions to disable ACR on smart TVs.
Texas Attorney General Ken Paxton obtained a temporary restraining order against Hisense, a Chinese smart TV manufacturer, to halt its collection of Texans' personal data through Automated Content Recognition technology without consent. The technology captures every sound and image on the TVs every 500 milliseconds and sells the data, with access granted to the Chinese Communist Party. The TRO prohibits Hisense from collecting, using, selling, sharing, disclosing, or transferring ACR data about Texans while the case continues.
Texas Attorney General Ken Paxton filed a lawsuit against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for illegally collecting consumers' viewing data through Automated Content Recognition (ACR) technology without knowledge or consent. The companies capture screenshots and monitor TV usage in real-time, then sell the data for targeted advertising, risking sensitive information. The suit seeks to halt these invasive practices and protect Texans' privacy.
Texas Attorney General Ken Paxton has filed lawsuits against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for unlawfully collecting Texans' viewing data using Automated Content Recognition (ACR) technology without their knowledge or consent. The ACR software captures screenshots of TV displays every 500 milliseconds and transmits the data to the companies, which then sell it for targeted advertising. The AG's office alleges these practices violate Texas privacy laws and seeks to enjoin the companies from continuing the surveillance.
FPMCM LLC (Business Associate, TN) reported a HIPAA breach affecting 2,072 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
OCAT, LLC dba Evoke Wellness at Hilliard (Healthcare Provider, OH) reported a HIPAA breach affecting 1,629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Heart of Texas Behavioral Health Network (Healthcare Provider, TX) reported a HIPAA breach affecting 1,309 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
ConvenientMD LLC (Healthcare Provider, NH) reported a HIPAA breach affecting 1,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
California Attorney General Rob Bonta co-led a coalition of 18 attorneys general in submitting a comment letter opposing the Department of Homeland Security's expansion of the Systematic Alien Verification for Entitlements (SAVE) program to include U.S.-born citizens. The coalition argues the expansion violates the Privacy Act of 1974, creates a massive surveillance database, increases data breach risks, and will lead to inaccurate verifications and denial of benefits.
Henry Ford Health (Healthcare Provider, MI) reported a HIPAA breach affecting 1,984 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Connecticut Attorney General William Tong joined a bipartisan coalition of nine states in a $7 million settlement with Greystar Management Services LLC, the largest U.S. landlord, for anticompetitive algorithmic pricing practices. Greystar shared competitively sensitive data with competitors via RealPage's algorithms and discussed pricing strategies, leading to inflated rents. The consent decree prohibits such conduct, requires monitoring if using uncertified algorithms, and bars participation in RealPage competitor meetings.
$7.0M
Marrs Ear, Nose & Throat, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 6,376 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
West Suburban Eye Surgery Center LLC (Business Associate, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Incyte Pathology, P.S. (Healthcare Provider, WA) reported a HIPAA breach affecting 629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Better Vision Eyecare, LLC (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Legacy Health, LLC (Business Associate, TX) reported a HIPAA breach affecting 6,547 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Express Canna Cards, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 5,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
New York Attorney General Letitia James settled with public accounting firm Wojeski & Company over two data breaches in 2023 and 2024 that exposed personal information of over 4,700 New York residents, including social security numbers and medical benefits. The firm failed to implement adequate data security measures, did not encrypt sensitive data, and delayed notifying affected consumers of the breaches for over a year. Wojeski must pay $60,000 in penalties and implement enhanced cybersecurity measures including encryption, incident response plans, and employee training.
$60K
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
The Texas Attorney General opened an investigation into TP-Link Systems Inc. for potentially allowing the Chinese government to access Texans' consumer data through back doors in networking equipment. The investigation will examine whether TP Link violated Texas privacy law by misleading consumers about its independence and improperly collecting or disclosing data. This follows a prior privacy notice violation issued to the company.
Harris County Hospital District d/b/a Harris Health (Healthcare Provider, TX) reported a HIPAA breach affecting 5,357 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
California Attorney General Rob Bonta filed a lawsuit against the City of El Cajon for unlawfully sharing Automated License Plate Reader (ALPR) data with over 100 out-of-state law enforcement agencies, violating state law that restricts such data to California public agencies. The AG is seeking a court order to halt the sharing and compel compliance with state privacy protections.
Arizona Health Care Cost Containment System- State Medicaid Agency (Health Plan, AZ) reported a HIPAA breach affecting 3,177 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Florida Health Sciences Center, Inc (Healthcare Provider, FL) reported a HIPAA breach affecting 896 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
All data sourced from official government enforcement pages.