1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Academic Urology & Urogynecology of Arizona (Healthcare Provider, AZ) reported a HIPAA breach affecting 73,281 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Resource Corporation of America (Business Associate, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Communications Workers of America Local 1180 Security Benefits Fund (Health Plan, NY) reported a HIPAA breach affecting 18,550 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
VPS Medical PLLC (Healthcare Provider, PA) reported a HIPAA breach affecting 4,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cedar Point Health, LLC (Healthcare Provider, CO) reported a HIPAA breach affecting 23,114 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
University Spine Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 582 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server, Other.
Alexes Hazen MD, PLLC (Healthcare Provider, NY) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email, Network Server.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a data breach that exposed the protected health information of approximately four million Texans. The breach, which occurred between October 21, 2024 and January 13, 2025, is believed to be the largest in U.S. history. The investigation focuses on Conduent's security measures and BCBS's compliance with state data protection laws.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a massive data breach at Conduent that exposed the protected health information of approximately four million Texans. The breach occurred between October 21, 2024 and January 13, 2025, affecting Texas Medicaid recipients and other residents. The AG's office is investigating the security failures and compliance with Texas law.
The California Attorney General settled with The Walt Disney Company for $2.75 million over CCPA violations. Disney's opt-out processes failed to stop the sale or sharing of consumer data across all devices and services associated with accounts, requiring consumers to navigate cumbersome methods. Disney must pay the penalty and implement comprehensive opt-out mechanisms.
$2.8M
First Choice Community Home Care, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 725 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 1,670 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ApolloMD Business Services, LLC (Business Associate, GA) reported a HIPAA breach affecting 626,540 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Five Star Home Health, Inc. (Healthcare Provider, OK) reported a HIPAA breach affecting 1,575 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Houston Health Department (Healthcare Provider, TX) reported a HIPAA breach affecting 7,445 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC issued warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans' Data from Foreign Adversaries Act (PADFAA), which bans the sale or disclosure of sensitive personal data to foreign adversaries like China, Russia, Iran, and North Korea. The letters cite instances where recipients offered data on Armed Forces members, which is protected under PADFAA. Non-compliance could result in civil penalties up to $53,088 per violation.
Carolina Foot & Ankle Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a civil investigative demand into Concierge Apartments management for alleged mismanagement leading to unsafe living conditions, including loss of hot water, ignored work orders, and evacuation orders. The investigation seeks records on tenant complaints, repairs, and documentation of $2 million in repairs promised. The property owner, J.R.K Property Holdings, is a private equity-backed real estate firm with $15 billion in assets.
Wendy Foster OD (Healthcare Provider, KS) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Counseling Center of Wayne & Holmes Counties (Healthcare Provider, OH) reported a HIPAA breach affecting 83,354 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Adapt Integrated Health Care (Healthcare Provider, OR) reported a HIPAA breach affecting 2,908 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
Marin Cancer Care (Healthcare Provider, CA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
EDGAR A MARTORELL MD LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 1,107 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cottage Hospital (Healthcare Provider, NH) reported a HIPAA breach affecting 1,005 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriZetto Provider Solutions (Business Associate, MO) reported a HIPAA breach affecting 3,433,965 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Apex Spine & Neurosurgery, LLC (Healthcare Provider, GA) reported a HIPAA breach affecting 2,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Triad Radiology Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 11,011 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Florida Attorney General's Office launched the CHINA Prevention Unit and issued a subpoena to Shein for deceptive trade practices and data privacy violations. The unit focuses on combating threats from foreign adversaries like the Chinese Communist Party to consumer data and economic security. This action is part of broader efforts to audit and hold accountable companies with ties to China.
WIRX Pharmacy (Healthcare Provider, PA) reported a HIPAA breach affecting 20,047 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.