1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Ciox Health LLC, d/b/a Datavant Group (Business Associate, AZ) reported a HIPAA breach affecting 320,702 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Omni Family Health (Healthcare Provider, CA) reported a HIPAA breach affecting 468,344 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ATSG, Inc (Business Associate, NY) reported a HIPAA breach affecting 909,469 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Muskogee City County Enhanced 911 Trust Authority (Business Associate, OK) reported a HIPAA breach affecting 180,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General announced a $1.73 million settlement with Enzo Clinical Labs for overbilling the state Medicaid program. The lab billed Medicaid full prices while offering discounted rates to other payers, violating the state False Claims Act. The settlement resolves both an audit repayment and claims from a whistleblower investigation.
$1.7M
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
EngageMED, Inc (Business Associate, AR) reported a HIPAA breach affecting 249,297 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Excelsior Orthopaedics, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 292,913 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VeriSource Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 112,726 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kerber, Eck & Braeckel LLP (Business Associate, IL) reported a HIPAA breach affecting 134,918 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Specialty Networks, Inc. (Business Associate, TN) reported a HIPAA breach affecting 411,037 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
New York Attorney General Letitia James, along with the Attorneys General of Connecticut and New Jersey, settled with Enzo Biochem, Inc. for $4.5 million over a 2023 ransomware attack that exposed health and personal data of 2.4 million patients, including 1.4 million New York residents. The investigation found Enzo had inadequate data security practices, including shared employee login credentials, lack of multi-factor authentication, no suspicious activity monitoring, and unencrypted personal information. As part of the settlement, Enzo will pay the penalty and implement enhanced cybersecurity measures including MFA, encryption, risk assessments, and an incident response plan.
$4.5M
Alabama Cardiovascular Group (Healthcare Provider, AL) reported a HIPAA breach affecting 280,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Deer Oaks Behavioral Health (Healthcare Provider, TX) reported a HIPAA breach affecting 171,871 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Delta County Memorial Hospital District (Delta Health) (Healthcare Provider, CO) reported a HIPAA breach affecting 148,363 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
United of Omaha Life Insurance Company (Health Plan, NE) reported a HIPAA breach affecting 107,894 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
Signature Performance, Inc. (Business Associate, NE) reported a HIPAA breach affecting 130,228 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Panorama Eyecare (Healthcare Provider, CO) reported a HIPAA breach affecting 377,911 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AmerisourceBergen Specialty Group, LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 252,214 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tri-City Healthcare District (Healthcare Provider, CA) reported a HIPAA breach affecting 108,149 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong filed a lawsuit against Altice for charging unlawful 'Network Enhancement Fees' and failing to adequately disclose internet speed limits. The complaint seeks to stop the fees, recover millions for consumers, and address deceptive marketing practices including language barriers.
Watson Clinic (Healthcare Provider, FL) reported a HIPAA breach affecting 280,278 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medical Express Ambulance Inc. D/B/A Medex Ambulance (Healthcare Provider, IL) reported a HIPAA breach affecting 121,190 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
United Seating and Mobility, L.L.C., d/b/a Numotion (Healthcare Provider, TN) reported a HIPAA breach affecting 602,265 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Kootenai Health (Healthcare Provider, ID) reported a HIPAA breach affecting 464,088 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NorthBay Healthcare Corporation (Healthcare Provider, CA) reported a HIPAA breach affecting 569,012 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.