1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Mid America Physician Services (Healthcare Provider, KS) reported a HIPAA breach affecting 104,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Newport Harbor Pathology Medical Group, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 119,341 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medusind Inc. (Business Associate, FL) reported a HIPAA breach affecting 701,475 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tycon Medical Systems, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 112,847 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond University Medical Center (Healthcare Provider, NY) reported a HIPAA breach affecting 674,033 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Regional Care, Inc. (Healthcare Clearing House, NE) reported a HIPAA breach affecting 225,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Medical Group, PLLC (Healthcare Provider, TN) reported a HIPAA breach affecting 464,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 585,959 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Texas Tech University Health Sciences Center El Paso (Healthcare Provider, TX) reported a HIPAA breach affecting 815,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Tech University Health Sciences Center (Healthcare Provider, TX) reported a HIPAA breach affecting 650,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
American Addiction Centers, Inc. (Business Associate, TN) reported a HIPAA breach affecting 410,747 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rocky Mountain Gastroenterology Associates PLLC (Healthcare Provider, CO) reported a HIPAA breach affecting 366,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Great Plains Regional Medical Center (Healthcare Provider, OK) reported a HIPAA breach affecting 133,149 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rockford Gastroenterology Associates (Healthcare Provider, IL) reported a HIPAA breach affecting 147,253 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
RRCA Accounts Management Inc. (Business Associate, IL) reported a HIPAA breach affecting 115,837 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer, Network Server.
Ciox Health LLC, d/b/a Datavant Group (Business Associate, AZ) reported a HIPAA breach affecting 320,702 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
ATSG, Inc (Business Associate, NY) reported a HIPAA breach affecting 909,469 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Family Health (Healthcare Provider, CA) reported a HIPAA breach affecting 468,344 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Muskogee City County Enhanced 911 Trust Authority (Business Associate, OK) reported a HIPAA breach affecting 180,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
EngageMED, Inc (Business Associate, AR) reported a HIPAA breach affecting 249,297 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excelsior Orthopaedics, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 292,913 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VeriSource Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 112,726 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kerber, Eck & Braeckel LLP (Business Associate, IL) reported a HIPAA breach affecting 134,918 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Specialty Networks, Inc. (Business Associate, TN) reported a HIPAA breach affecting 411,037 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James, along with the Attorneys General of Connecticut and New Jersey, settled with Enzo Biochem, Inc. for $4.5 million over a 2023 ransomware attack that exposed health and personal data of 2.4 million patients, including 1.4 million New York residents. The investigation found Enzo had inadequate data security practices, including shared employee login credentials, lack of multi-factor authentication, no suspicious activity monitoring, and unencrypted personal information. As part of the settlement, Enzo will pay the penalty and implement enhanced cybersecurity measures including MFA, encryption, risk assessments, and an incident response plan.
$4.5M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
Alabama Cardiovascular Group (Healthcare Provider, AL) reported a HIPAA breach affecting 280,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Deer Oaks Behavioral Health (Healthcare Provider, TX) reported a HIPAA breach affecting 171,871 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.