1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
EngageMED, Inc (Business Associate, AR) reported a HIPAA breach affecting 249,297 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minnesota Department of Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 4,329 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
The FTC is distributing over $10.9 million in refunds to 443,048 consumers harmed by Financial Education Services (FES), a credit repair pyramid scheme that defrauded consumers through false promises of credit score fixes and illegal pyramid recruitment. The refunds follow a 2024 settlement with FES and its owners that banned them from fraudulent practices and required turnover of funds for consumer restitution.
CODAC Inc dba CODAC Behavioral Health and CODAC Healthcare, LLC (Healthcare Provider, RI) reported a HIPAA breach affecting 9,592 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Cross and Blue Shield of North Carolina (Business Associate, NC) reported a HIPAA breach affecting 972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong reached an agreement with Northwell Health and Nuvance Health to resolve an antitrust investigation into their proposed affiliation. The agreement preserves labor and delivery services at Sharon Hospital and strengthens healthcare access in Western Connecticut. Northwell committed to maintaining women's health services, investing in IT and cybersecurity, and complying with Connecticut's anti-steering statute for five years.
Attorney General William Tong, along with the U.S. Department of Justice and eight other state attorneys general, filed a civil antitrust lawsuit against RealPage Inc. for allegedly using its algorithmic pricing software to facilitate price fixing among landlords and monopolize the market for revenue management software. The complaint alleges that RealPage collects competitively sensitive rental data from landlords to train its algorithm, which then recommends prices, harming renters by reducing competition. The lawsuit seeks an injunction to end these practices and restore competition.
Pomona Community Health Center dba ParkTree Community Health Center (Healthcare Provider, CA) reported a HIPAA breach affecting 40,964 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excelsior Orthopaedics, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 292,913 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VeriSource Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 112,726 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Acadian Ambulance Service, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 2,896,985 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Contents Trader, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 27,329 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The Federal Trade Commission filed an amicus brief in a lawsuit where parents sued IXL Learning for allegedly collecting and selling children's data without proper consent. The FTC argued that under COPPA, school district agreements to arbitration do not bind parents. The brief opposes IXL Learning's attempt to compel arbitration.
Kerber, Eck & Braeckel LLP (Business Associate, IL) reported a HIPAA breach affecting 134,918 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Specialty Networks, Inc. (Business Associate, TN) reported a HIPAA breach affecting 411,037 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
New York Attorney General Letitia James, along with the Attorneys General of Connecticut and New Jersey, settled with Enzo Biochem, Inc. for $4.5 million over a 2023 ransomware attack that exposed health and personal data of 2.4 million patients, including 1.4 million New York residents. The investigation found Enzo had inadequate data security practices, including shared employee login credentials, lack of multi-factor authentication, no suspicious activity monitoring, and unencrypted personal information. As part of the settlement, Enzo will pay the penalty and implement enhanced cybersecurity measures including MFA, encryption, risk assessments, and an incident response plan.
$4.5M
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
Texas Attorney General Ken Paxton filed a lawsuit against General Motors for unlawfully collecting private driving data from over 1.5 million Texas drivers without consent and selling the data to third parties including insurance companies. GM allegedly deceived customers into enrolling in products like OnStar Smart Driver by falsely claiming enrollment was required to retain vehicle safety features, while concealing that enrollment authorized systematic collection and sale of detailed driving data. The action follows an investigation launched in June 2024 as part of the Texas AG’s data privacy initiative, and seeks to hold GM accountable for violating state privacy laws.
Turning Point of Central California, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 53,737 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pemiscot Memorial Health System (Healthcare Provider, MO) reported a HIPAA breach affecting 33,279 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 4,300,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gramercy Surgery Center, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 52,372 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
siParadigm LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pocahontas Medical Clinic, PA (Healthcare Provider, AR) reported a HIPAA breach affecting 31,216 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wayne Memorial Hospital (Healthcare Provider, GA) reported a HIPAA breach affecting 2,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Calibrated Healthcare, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,890 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.