1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
North Los Angeles County Regional Center (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Healthcare Provider, MN) reported a HIPAA breach affecting 41,792 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DentaQuest (Health Plan, WI) reported a HIPAA breach affecting 868 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Ingham County Medical Care Facility, d/b/a Dobie Road (Healthcare Provider, MI) reported a HIPAA breach affecting 3,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Buffalo Surgery Center (Healthcare Provider, NY) reported a HIPAA breach affecting 64,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Plastic Surgery Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 64,813 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Attorney General William Tong announced that starting January 1, 2025, businesses covered by the Connecticut Data Privacy Act must honor global opt-out preference signals, allowing consumers to opt out of targeted advertising and data sales via tools like Global Privacy Control. The advisory explains requirements, notes exemptions for HIPAA-covered entities, and provides resources for compliance.
Legacy Treatment Services, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 29,898 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watsonville Community Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 30,312 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omaha Surgical Center (Healthcare Provider, NE) reported a HIPAA breach affecting 1,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Tycon Medical Systems, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 112,847 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dragonfly Health (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Polaris Endeavors (Healthcare Provider, FL) reported a HIPAA breach affecting 4,552 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Khalil Foundation (DBA Khalil Center) (Healthcare Provider, IL) reported a HIPAA breach affecting 1,153 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC finalized an order against Marriott International and Starwood Hotels for failing to implement reasonable data security, which led to three data breaches affecting over 344 million customers. The companies must implement a comprehensive security program, delete unnecessary personal information, allow U.S. customers to request deletion, and restore stolen loyalty points. They are also prohibited from misrepresenting their data security practices.
Effortless Office Enterprises, LLC (Business Associate, NV) reported a HIPAA breach affecting 3,112 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 1,549 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond University Medical Center (Healthcare Provider, NY) reported a HIPAA breach affecting 674,033 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with auto insurance company Noblr for $500,000 over a data breach that exposed personal information of approximately 80,000 New York residents. The breach, discovered in January 2021, was caused by Noblr’s failure to implement reasonable data security safeguards, including exposing plaintext driver’s license numbers and failing to monitor site traffic for malicious activity. In addition to the monetary penalty, Noblr must enhance its data security program, implement monitoring systems, and maintain a data inventory of private information.
$500K
The California Privacy Protection Agency (CPPA) settled with two data brokers, Infillion and The Data Group, for failing to register and pay annual fees as required by the Delete Act. Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms. This is part of a broader enforcement effort against non-compliant data brokers.
$101K
The California Privacy Protection Agency (CPPA) settled with two data brokers, PayDae, Inc. (Infillion) and The Data Group, LLC, for failing to register as required by Senate Bill 362 (the Delete Act). Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms to ensure future compliance with registration requirements.
California Correctional Health Care Services (Healthcare Provider, CA) reported a HIPAA breach affecting 1,416 individuals. Breach type: Loss. Location of breached information: Paper/Films.
Regional Care, Inc. (Healthcare Clearing House, NE) reported a HIPAA breach affecting 225,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
PracticeSuite, Inc. (Business Associate, FL) reported a HIPAA breach affecting 13,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kitsap Mental Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Teton Orthopaedics (Healthcare Provider, PA) reported a HIPAA breach affecting 13,409 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Medical Group, PLLC (Healthcare Provider, TN) reported a HIPAA breach affecting 464,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton launched investigations into Character.AI and 14 other companies, including Reddit, Instagram, and Discord, over potential violations of children’s privacy and safety laws. The investigations focus on compliance with the SCOPE Act and Texas Data Privacy and Security Act (TDPSA), which require parental consent for sharing minors’ data and mandate notice and consent requirements for children’s personal information. No fines or remedies have been imposed as the investigations are ongoing.
Connecticut Attorney General William Tong announced a multistate coalition of 16 attorneys general to use civil enforcement against irresponsible members of the firearms industry. The coalition will enforce state consumer protection and liability laws to reduce gun violence, with past actions including lawsuits against Glock for machine gun conversions and ghost gun dealers.
Northwest Asthma and Allergy Center (Healthcare Provider, WA) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.