1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Winkler County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 637 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued subpoenas to Contec and Epsimed for selling medical devices that transmit patient data to China without adequate security. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by misrepresenting FDA approval and concealing cybersecurity vulnerabilities. The AG seeks damages, civil penalties, and injunctive relief to protect consumers.
Florida Attorney General James Uthmeier issued subpoenas to Contec, a Chinese medical device manufacturer, and Epsimed, a Miami-based reseller, over allegations that their patient monitors contain backdoors and automatically transmit patient data to China without consent. The companies are accused of violating Florida's Deceptive and Unfair Trade Practices Act by omitting material security vulnerabilities andmaking false representations about FDA approval and product quality. The AG may seek damages, civil penalties, and injunctive relief in future enforcement.
AltaMed Health Services Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 4,530 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a lawsuit in the 23andMe bankruptcy case to prevent the sale of Texans' genetic data without proper consent. The action seeks to confirm Texans' property rights over their genetic information under the Texas Data Privacy and Security Act and the Texas Direct-to-Consumer Genetic Testing Act. The AG argues that 23andMe's proposed asset sale would violate Texas law requiring separate express consent for disclosure of genetic information.
New York Attorney General Letitia James, joined by 27 other state attorneys general and the District of Columbia, filed a lawsuit against 23andMe to block the company’s planned sale of 15 million customers’ genetic and health data without their consent or knowledge. The coalition argues 23andMe must comply with state laws requiring express informed consent for the sale or transfer of sensitive genetic data. The lawsuit seeks to prevent misuse, exposure in future breaches, and unauthorized use of customers’ private genetic information.
Connecticut joined a coalition of 28 attorneys general to object to 23andMe's proposed sale of genetic data in bankruptcy without customer consent. The states argue such sensitive information requires express consent and cannot be sold like ordinary property. Attorney General Tong also advised consumers to delete their data and genetic samples.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 1,543 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Centivo Corporation (Business Associate, GA) reported a HIPAA breach affecting 630 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Public Health Trust of Miami Dade County DBA Jackson Health System (Healthcare Provider, FL) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Jupiter Family Medicine PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The Smith Institute for Urology (Healthcare Provider, NY) reported a HIPAA breach affecting 2,263 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of the North Shore, P.L.L.C (Healthcare Provider, NY) reported a HIPAA breach affecting 6,195 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
NHPP Physical Medicine and Rehabilitation (Healthcare Provider, NY) reported a HIPAA breach affecting 1,353 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
North Shore University Hospital Sleep Disorders Center (Healthcare Provider, NY) reported a HIPAA breach affecting 13,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Insulet Corporation (Healthcare Provider, MA) reported a HIPAA breach affecting 841 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
CVS Caremark (Business Associate, RI) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Blue Cross Blue Shield of Texas (Business Associate, IL) reported a HIPAA breach affecting 593 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Texas Attorney General Ken Paxton has notified several Chinese companies, including TP-Link, Alibaba, and CapCut, that they are violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA requirements to disclose data processing, allow consumer opt-outs, and enable data deletion within 30 days. Failure to comply will result in further legal action.
Texas Attorney General Ken Paxton announced legal action against several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies have been given 30 days to comply with requirements to disclose data processing, allow consumers to opt out of data collection, and enable data deletion. Failure to comply will result in further legal action to protect Texans' privacy rights and prevent data from being accessed by the Chinese Communist Party.
Monongalia Health System, Inc. (Healthcare Provider, WV) reported a HIPAA breach affecting 4,895 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Canby Clinic (Healthcare Provider, OR) reported a HIPAA breach affecting 549 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Physician Wound Solutions, LLC dba Apollo Medical Supply (Healthcare Provider, FL) reported a HIPAA breach affecting 3,561 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Maximus, Inc. (Business Associate, VA) reported a HIPAA breach affecting 4,955 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Icon Family Healthcare LLC (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a motion to appoint a Consumer Privacy Ombudsman in the Chapter 11 bankruptcy case of 23andMe to protect the sensitive genetic and personal data of Texans. The genetic testing company seeks to sell assets that may include genetic data, health information, and personally identifiable information. The AG's office is also informing Texans of their rights under Texas law to request deletion of their data and genetic samples.
Recovery Epicenter Foundation (Healthcare Provider, FL) reported a HIPAA breach affecting 800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HEALTH AND WELLNESS OF TEXAS (Healthcare Provider, TX) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Email.
AHS Sherman LLC dba AHS Sherman Medical Center (Healthcare Provider, TX) reported a HIPAA breach affecting 908 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
All data sourced from official government enforcement pages.