1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 780 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Glendale Obstetrics & Gynecology PCA (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York Hospital (Healthcare Provider, ME) reported a HIPAA breach affecting 1,259 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Riverland Community Health (Healthcare Provider, MN) reported a HIPAA breach affecting 940 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HAP (Health Alliance Plan) (Health Plan, MI) reported a HIPAA breach affecting 1,059 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Chicago Cosmetic Surgery and Dermatology (Healthcare Provider, IL) reported a HIPAA breach affecting 700 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TapestryHealth (Healthcare Provider, CT) reported a HIPAA breach affecting 6,494 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Howard Brown Health (Healthcare Provider, IL) reported a HIPAA breach affecting 8,357 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Mitchell County Department of Social Services (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Reproductive Medicine Associates of Michigan (Healthcare Provider, MI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anesthesiology & Pain Consultants, LLC (Healthcare Provider, LA) reported a HIPAA breach affecting 538 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other Portable Electronic Device.
FPMCM LLC (Business Associate, TN) reported a HIPAA breach affecting 2,072 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Baltimore Medical System, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
OCAT, LLC dba Evoke Wellness at Hilliard (Healthcare Provider, OH) reported a HIPAA breach affecting 1,629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (Healthcare Provider, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
Centric Health (Healthcare Provider, CA) reported a HIPAA breach affecting 6,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Heart of Texas Behavioral Health Network (Healthcare Provider, TX) reported a HIPAA breach affecting 1,309 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Southern Oregon Neurosurgical and Spine Associates, PC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Ochsner LSU Health – Regional Urology (Healthcare Provider, LA) reported a HIPAA breach affecting 4,519 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriCity Family Services (Healthcare Provider, IL) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Columbia Medical Practice (Healthcare Provider, MD) reported a HIPAA breach affecting 3,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NCH Corporation Employee Benefits Plan (Health Plan, TX) reported a HIPAA breach affecting 3,098 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
Greater St. Louis Oral & Maxillofacial Surgery PC (Healthcare Provider, MO) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 5,901 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Madison Healthcare Services (Healthcare Provider, MN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ConvenientMD LLC (Healthcare Provider, NH) reported a HIPAA breach affecting 1,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
FedEx Corporation Group Health Plan (Health Plan, TN) reported a HIPAA breach affecting 1,066 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.