1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Western Skies Wellness LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,700 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Florida Attorney General James Uthmeier issued a subpoena to Lorex as part of an ongoing consumer protection and data privacy investigation. The probe examines Lorex’s ties to Dahua Technology and potential foreign spying risks, including unauthorized access to children’s data, and whether the company misled consumers about the privacy and security of its camera products and apps. The subpoena seeks documents related to corporate structure, third-party contracts, software update origins, data center locations, security vulnerabilities, and marketing claims about privacy and security.
Prime Therapeutics LLC (Business Associate, MN) reported a HIPAA breach affecting 2,266 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop.
Independent Health Association, Inc. (Health Plan, NY) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Texas Attorney General Ken Paxton has opened an investigation into Meta AI Studio and Character.AI for deceptive practices in marketing AI chatbots as mental health services to children. The platforms are accused of impersonating licensed professionals, fabricating qualifications, and exploiting user data for advertising without proper disclosure. Civil Investigative Demands have been issued to examine violations of Texas consumer protection laws and the SCOPE Act.
Attorney General William Tong is seeking a preliminary injunction to block the U.S. Department of Agriculture from forcing states to share private data of SNAP participants, including social security numbers and shopping history. USDA is threatening to cut off administrative funding if states do not comply, which AG Tong argues violates federal privacy laws and the Constitution.
Bevel Health Medical Group (Healthcare Provider, PA) reported a HIPAA breach affecting 510 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Zelis Healthcare LLC (Business Associate, MA) reported a HIPAA breach affecting 4,289 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
UnitedHealthcare (Health Plan, CT) reported a HIPAA breach affecting 3,215 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Berkshire Health Systems, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 1,421 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Attorney General William Tong, leading a coalition of 22 states, filed a lawsuit against the U.S. Department of Agriculture for demanding that states disclose sensitive personal data of SNAP recipients. The demand violates federal privacy laws and the Constitution, and threatens to withhold critical funding. The lawsuit seeks to block USDA from conditioning SNAP administrative funds on data disclosure.
University of Miami (Healthcare Provider, FL) reported a HIPAA breach affecting 2,928 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Blue Shield of California (Health Plan, CA) reported a HIPAA breach affecting 783 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop, Network Server, Other.
Clinical Practices of the University of Pennsylvania (Healthcare Provider, PA) reported a HIPAA breach affecting 1,432 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Minneapolis VA Medical Center (Healthcare Provider, MN) reported a HIPAA breach affecting 1,099 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 673 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Winkler County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued subpoenas to Contec, a Chinese medical device manufacturer, and Epsimed, a Miami-based reseller, over allegations that their patient monitors contain backdoors and automatically transmit patient data to China without consent. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by omitting material security vulnerabilities andmaking false representations about FDA approval and product quality. The AG may seek damages, civil penalties, and injunctive relief in future enforcement.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 4,530 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a lawsuit in the 23andMe bankruptcy case to prevent the sale of Texans' genetic data without proper consent. The action seeks to confirm Texans' property rights over their genetic information under the Texas Data Privacy and Security Act and the Texas Direct-to-Consumer Genetic Testing Act. The AG argues that 23andMe's proposed asset sale would violate Texas law requiring separate express consent for disclosure of genetic information.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
NHPP Physical Medicine and Rehabilitation (Healthcare Provider, NY) reported a HIPAA breach affecting 1,353 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Insulet Corporation (Healthcare Provider, MA) reported a HIPAA breach affecting 841 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
All data sourced from official government enforcement pages.