1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Mayo Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 1,869 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
North Hudson Community Action Corporation (Healthcare Provider, NJ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
SimonMed Imaging (Healthcare Provider, AZ) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton has opened an investigation into Superior Insurance for allegedly using private investigators to spy on lawmakers, journalists, and private citizens with pending insurance claims. The company's CEO admitted to these actions at a legislative hearing, citing concerns about blackmail and leveraging information to secure state contracts and avoid paying legitimate claims, particularly for medical bills.
Western Wayne Family Physicians (Healthcare Provider, MI) reported a HIPAA breach affecting 62,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong leads a multistate coalition in a $39.1 million settlement with Apotex for conspiracy to inflate generic drug prices and limit competition. The settlement resolves allegations of widespread price-fixing and requires Apotex to pay compensation to affected consumers, agree to injunctive relief, and implement internal reforms to ensure antitrust compliance.
$39.1M
Bigfork Valley Hospital (Healthcare Provider, MN) reported a HIPAA breach affecting 8,496 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Concord Orthopaedics (Healthcare Provider, NH) reported a HIPAA breach affecting 72,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
MedRevenu, LLC (Business Associate, CA) reported a HIPAA breach affecting 17,775 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AmeriHealth Caritas Louisiana (Health Plan, LA) reported a HIPAA breach affecting 1,552 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server, Other.
Fyzical Acquisition Holdings, LLC (Business Associate, FL) reported a HIPAA breach affecting 43,045 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
MedicareCompareUSA (Business Associate, WA) reported a HIPAA breach affecting 5,782 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Mid Florida Primary Care, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 16,435 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a $975,000 settlement with Root Insurance Company over a data breach that exposed the personal information of approximately 45,000 New York residents. The breach, discovered in January 2021, stemmed from Root’s inadequate data security measures, including unencrypted driver’s license numbers in quote PDFs and insufficient controls against automated attacks. In addition to the monetary penalty, Root must implement enhanced data security measures including a comprehensive information security program, data inventory, and monitoring systems.
$975K
Millennium Home Health Care (Healthcare Provider, OK) reported a HIPAA breach affecting 4,743 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Pavilion at HealthPark, LLC dba Park Royal Hospital (Healthcare Provider, FL) reported a HIPAA breach affecting 9,349 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Heart to Heart Hospice Holdings, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 19,034 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Presbyterian Health Plan (Health Plan, NM) reported a HIPAA breach affecting 7,100 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Lena Pope Home Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 3,523 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Baylor Scott & White Texas Spine & Joint Hospital (Healthcare Provider, TX) reported a HIPAA breach affecting 1,640 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Columbia Eye Clinic (Healthcare Provider, SC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CDHA Management, LLC and Spark DSO, LLC dba Chord Specialty Dental Partners (Healthcare Provider, TN) reported a HIPAA breach affecting 173,430 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Klickitat Valley Health (Healthcare Provider, WA) reported a HIPAA breach affecting 26,339 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Topy America Inc. (Health Plan, KY) reported a HIPAA breach affecting 1,827 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welts, White, & Fontaine PC (Business Associate, NH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency settled with American Honda Motor Co. for CCPA violations, including making it difficult for consumers to opt-out of data sharing, using dark patterns in its privacy tool, hindering authorized agent requests, and sharing data with ad tech companies without proper contracts. Honda must pay a $632,500 fine, implement new processes for privacy requests, certify compliance, train employees, and ensure appropriate data sharing contracts.
$633K
New York Attorney General Letitia James filed a lawsuit against National General and Allstate Insurance Company for two data breaches in 2020 and 2021 that exposed the driver’s license numbers of over 165,000 New York residents. The AG alleges National General failed to implement reasonable data security measures, did not notify consumers or state agencies of the first breach, and left systems vulnerable to a second larger breach after Allstate took over data security operations. The AG is seeking monetary penalties and an injunction to prevent further violations.
New York Attorney General Letitia James filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for failing to protect personal information and notify consumers of data breaches. The breaches exposed driver's license numbers of over 165,000 New Yorkers due to poor cybersecurity. The AG is seeking monetary penalties and an injunction.
Nice Healthcare Management Company, Inc (Healthcare Provider, MN) reported a HIPAA breach affecting 10,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with Saturn Technologies, developer of the Saturn social networking app for high school students, over failures to protect young users’ privacy. The Office of the Attorney General found the company disabled required email verification for thousands of schools, used inadequate age and identity checks, retained user contact data after access was revoked, and failed to maintain proper privacy records. Saturn will pay $650,000 in penalties and implement enhanced privacy protections for minor users, including mandatory bi-annual privacy setting reviews and data deletion requirements.
$650K
All data sourced from official government enforcement pages.