1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
CVS Caremark (Business Associate, RI) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Blue Cross Blue Shield of Texas (Business Associate, IL) reported a HIPAA breach affecting 593 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Texas Attorney General Ken Paxton has notified several Chinese companies, including TP-Link, Alibaba, and CapCut, that they are violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA requirements to disclose data processing, allow consumer opt-outs, and enable data deletion within 30 days. Failure to comply will result in further legal action.
Texas Attorney General Ken Paxton announced legal action against several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies have been given 30 days to comply with requirements to disclose data processing, allow consumers to opt out of data collection, and enable data deletion. Failure to comply will result in further legal action to protect Texans' privacy rights and prevent data from being accessed by the Chinese Communist Party.
Monongalia Health System, Inc. (Healthcare Provider, WV) reported a HIPAA breach affecting 4,895 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Canby Clinic (Healthcare Provider, OR) reported a HIPAA breach affecting 549 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Physician Wound Solutions, LLC dba Apollo Medical Supply (Healthcare Provider, FL) reported a HIPAA breach affecting 3,561 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Maximus, Inc. (Business Associate, VA) reported a HIPAA breach affecting 4,955 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Icon Family Healthcare LLC (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a motion to appoint a Consumer Privacy Ombudsman in the Chapter 11 bankruptcy case of 23andMe to protect the sensitive genetic and personal data of Texans. The genetic testing company seeks to sell assets that may include genetic data, health information, and personally identifiable information. The AG's office is also informing Texans of their rights under Texas law to request deletion of their data and genetic samples.
Recovery Epicenter Foundation (Healthcare Provider, FL) reported a HIPAA breach affecting 800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HEALTH AND WELLNESS OF TEXAS (Healthcare Provider, TX) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Email.
AHS Sherman LLC dba AHS Sherman Medical Center (Healthcare Provider, TX) reported a HIPAA breach affecting 908 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Blue Cross and Blue Shield of Oklahoma (Health Plan, IL) reported a HIPAA breach affecting 1,020 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Illinois (Health Plan, IL) reported a HIPAA breach affecting 6,903 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Health Care Service Corporation (Health Plan, IL) reported a HIPAA breach affecting 2,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Summit Healthcare Medical Associates (Healthcare Provider, AZ) reported a HIPAA breach affecting 1,861 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Dallas County MHMR dba Metrocare Services (Healthcare Provider, TX) reported a HIPAA breach affecting 553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email, Network Server.
Federal Trade Commission Chairman Andrew N. Ferguson issued a letter to the U.S. Trustee overseeing the 23andMe bankruptcy proceeding, expressing concerns about the potential sale or transfer of consumers' personal genetic data. The letter underscores the importance of companies honoring their privacy promises to consumers, particularly regarding sensitive information, during bankruptcy proceedings.
Mayo Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 1,869 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
AmeriHealth Caritas Louisiana (Health Plan, LA) reported a HIPAA breach affecting 1,552 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server, Other.
Palmetto Operating LLC d/b/a Palmetto Subacute Care Center (‘Palmetto’) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,746 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
New York Attorney General Letitia James led a 19-state coalition to secure a preliminary injunction blocking the Trump administration from granting Elon Musk and the Department of Government Efficiency (DOGE) unauthorized access to the Treasury Department’s central payment system and Americans’ sensitive personal information, including Social Security numbers and bank account details. A prior temporary restraining order required immediate destruction of all records already obtained by DOGE and Musk. The lawsuit remains ongoing to permanently prevent unauthorized access to private consumer data.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
New York Attorney General Letitia James led a coalition of 18 other state attorneys general in suing the Trump administration and Department of Government Efficiency (DOGE) to stop unauthorized access to Americans' sensitive personal data held in U.S. Treasury payment systems. A federal judge granted a temporary restraining order blocking DOGE from accessing the data and requiring immediate destruction of any copies already obtained. A hearing on a motion for preliminary injunction is scheduled for February 14, 2025.
New York Attorney General Letitia James led a coalition of 11 other attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the Treasury Department’s central payment system, exposing Social Security numbers, bank account information, and other private data of tens of millions of Americans. A federal judge granted a temporary restraining order on February 8, 2025, blocking access and ordering destruction of all obtained records, with the coalition seeking a preliminary injunction to continue the bar on unauthorized access.
A coalition of 18 state attorneys general, led by Illinois AG Kwame Raoul, filed a lawsuit against the Trump administration to stop a policy that grants Elon Musk and DOGE unauthorized access to the Treasury Department's payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the policy is unlawful, arguing it violates federal law and jeopardizes data security.
New York Attorney General Letitia James led a coalition of 19 states in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE access to the Treasury's payment system, exposing Americans' sensitive personal information. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
New York Attorney General Letitia James led a coalition of 19 state attorneys general in filing a lawsuit against the Trump administration and U.S. Department of the Treasury over unauthorized access to Americans’ sensitive personal data. The lawsuit alleges the Treasury Department illegally granted Elon Musk and the Department of Government Efficiency (DOGE) access to its central payment system containing bank account details, Social Security numbers, and other private information, violating federal law and the U.S. Constitution. The coalition seeks an injunction to halt the policy and a declaration that the access expansion is unlawful and unconstitutional.
All data sourced from official government enforcement pages.