1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Fort Wayne Medical Education Program (Healthcare Provider, IN) reported a HIPAA breach affecting 28,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
SCLARC (Business Associate, CA) reported a HIPAA breach affecting 722 individuals. Breach type: Theft. Location of breached information: Laptop, Other Portable Electronic Device, Paper/Films.
Madison County, MS (Health Plan, MS) reported a HIPAA breach affecting 6,082 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Liberty Resources, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 103,711 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Hillcrest Convalescent Center, Inc. (Healthcare Provider, NC) reported a HIPAA breach affecting 106,194 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Manchester Rehabilitation and Healthcare Center (Healthcare Provider, CT) reported a HIPAA breach affecting 5,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Care Alliance (Healthcare Provider, RI) reported a HIPAA breach affecting 114,975 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CEI Vision Partners, LLC (Business Associate, MO) reported a HIPAA breach affecting 10,841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Total Medical Imaging (Healthcare Provider, FL) reported a HIPAA breach affecting 27,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and Rehab (Healthcare Provider, HI) reported a HIPAA breach affecting 8,472 individuals. Breach type: Theft. Location of breached information: Other, Other Portable Electronic Device, Paper/Films.
Southeast Series of Lockton Companies, LLC (Lockton) (Business Associate, GA) reported a HIPAA breach affecting 1,124,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gaylord Hospital, Inc (Healthcare Provider, CT) reported a HIPAA breach affecting 62,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kronick Moskovitz Tiedemann & Girard (Business Associate, CA) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a $5 million settlement with Stone Academy and its owners for unfair and deceptive conduct. The defunct for-profit nursing school misrepresented its programs and failed to provide promised education, abruptly closing in February 2023. The settlement provides cash compensation to harmed students and bars the owners from higher education employment.
$5.0M
Carolina Arthritis Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 36,961 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palmetto Operating LLC d/b/a Palmetto Subacute Care Center (‘Palmetto’) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,746 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
Lake Washington Vascular (Healthcare Provider, WA) reported a HIPAA breach affecting 21,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James led a 19-state coalition to secure a preliminary injunction blocking the Trump administration from granting Elon Musk and the Department of Government Efficiency (DOGE) unauthorized access to the Treasury Department’s central payment system and Americans’ sensitive personal information, including Social Security numbers and bank account details. A prior temporary restraining order required immediate destruction of all records already obtained by DOGE and Musk. The lawsuit remains ongoing to permanently prevent unauthorized access to private consumer data.
New York Attorney General Letitia James led a multistate coalition to sue the Trump administration for allowing Elon Musk and DOGE unauthorized access to the Treasury Department's central payment system, exposing Americans' sensitive personal information. A federal court granted a preliminary injunction blocking this access and ordering the destruction of any obtained records.
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
Consultants in Pain Medicine (Healthcare Provider, TX) reported a HIPAA breach affecting 1,124 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring Management OK, LLC (Business Associate, OK) reported a HIPAA breach affecting 2,494 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Restorix Health, Inc. (Business Associate, LA) reported a HIPAA breach affecting 38,553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
Children's Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX) (Healthcare Provider, TN) reported a HIPAA breach affecting 1,690 individuals. Breach type: Theft. Location of breached information: Laptop.
Cornerstones of Care (Healthcare Provider, MO) reported a HIPAA breach affecting 2,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Somnia, Inc. (Business Associate, NY) reported a HIPAA breach affecting 19,069 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
All data sourced from official government enforcement pages.