1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Anesthesia Associates of Morristown, P.A. (Healthcare Provider, NJ) reported a HIPAA breach affecting 34,675 individuals. Breach type: Improper Disposal. Location of breached information: Paper/Films.
DermCare Management (Business Associate, FL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Attorney General William Tong obtained a $4.93 million judgment against Planet Zaza of East Haven and its owner for persistent illegal cannabis sales in violation of a court order. The court imposed penalties of $5,000 per day for each day of violation and $25,000 per day for violating the temporary injunction, totaling $4.93 million.
$4.9M
Berkeley Research Group, LLC (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Family Christian Health Center (Healthcare Provider, IL) reported a HIPAA breach affecting 12,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Canby Clinic (Healthcare Provider, OR) reported a HIPAA breach affecting 549 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Physician Wound Solutions, LLC dba Apollo Medical Supply (Healthcare Provider, FL) reported a HIPAA breach affecting 3,561 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Ascension Health (Healthcare Provider, MO) reported a HIPAA breach affecting 437,329 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carlton County Public Health and Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 3,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maximus, Inc. (Business Associate, VA) reported a HIPAA breach affecting 4,955 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Palo Verde Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 594 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cache Valley Ear Nose & Throat (Healthcare Provider, UT) reported a HIPAA breach affecting 26,469 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Brainard Surgery Center LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 1,820 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Drug and Alcohol Treatment Services, Inc. (Healthcare Provider, PA) reported a HIPAA breach affecting 22,215 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Orthopaedic Specialists of Connecticut (Healthcare Provider, CT) reported a HIPAA breach affecting 22,541 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Icon Family Healthcare LLC (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier filed a lawsuit against Snap, Inc., operator of Snapchat, for violating Florida’s HB3 child social media protection law and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The suit alleges Snap knowingly allowed children under 13 to create accounts, failed to obtain parental consent for 14-15 year old users, deployed addictive dark pattern design features to children, and deceived parents about platform risks including predator access, drug sales, and harmful content. The legal action seeks to hold Snap accountable for noncompliance with Florida child safety and privacy laws.
Onsite Mammography (Business Associate, MA) reported a HIPAA breach affecting 357,265 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a motion to appoint a Consumer Privacy Ombudsman in the Chapter 11 bankruptcy case of 23andMe to protect the sensitive genetic and personal data of Texans. The genetic testing company seeks to sell assets that may include genetic data, health information, and personally identifiable information. The AG's office is also informing Texans of their rights under Texas law to request deletion of their data and genetic samples.
90 Degree Benefits, Inc. – St. Paul (Business Associate, WI) reported a HIPAA breach affecting 1,268 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Connecticut Office of the Attorney General released an updated enforcement report on the Connecticut Data Privacy Act (CTDPA) for 2024, summarizing investigations into companies handling connected vehicles, genetic data, palm recognition, teen messaging apps, and facial recognition. The report outlines expanded enforcement priorities around opt-out practices and dark patterns, and includes legislative recommendations to strengthen the CTDPA.
The New Jersey Attorney General filed a lawsuit against Discord, Inc. for deceptive business practices under the Consumer Fraud Act. Discord misrepresented its Safe Direct Messaging and age verification features, failing to protect children from
Florida Attorney General James Uthmeier issued a subpoena to Roblox on April 16, 2025, as part of an investigation into the gaming platform’s child-protection policies and children’s data practices. The subpoena demands documents related to Roblox’s marketing to children, age-verification procedures, chat moderation, and processing of minors’ personal data, following reports of children being exposed to harmful content and predatory actors on the platform. No fines or remedies have been imposed yet, as the investigation is ongoing.
Recovery Epicenter Foundation (Healthcare Provider, FL) reported a HIPAA breach affecting 800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HEALTH AND WELLNESS OF TEXAS (Healthcare Provider, TX) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Email.
Magnolia Manor Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 960 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Bell Ambulance, Inc. (Healthcare Provider, WI) reported a HIPAA breach affecting 237,830 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The City of Long Beach, CA (Healthcare Provider, CA) reported a HIPAA breach affecting 258,191 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AHS Sherman LLC dba AHS Sherman Medical Center (Healthcare Provider, TX) reported a HIPAA breach affecting 908 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Health Care Service Corporation (Health Plan, IL) reported a HIPAA breach affecting 2,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
All data sourced from official government enforcement pages.