1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Legacy Health, LLC (Business Associate, TX) reported a HIPAA breach affecting 6,547 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Express Canna Cards, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 5,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
New York Attorney General Letitia James settled with public accounting firm Wojeski & Company over two data breaches in 2023 and 2024 that exposed personal information of over 4,700 New York residents, including social security numbers and medical benefits. The firm failed to implement adequate data security measures, did not encrypt sensitive data, and delayed notifying affected consumers of the breaches for over a year. Wojeski must pay $60,000 in penalties and implement enhanced cybersecurity measures including encryption, incident response plans, and employee training.
$60K
North Atlantic States Carpenters Health Benefits Fund (Health Plan, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
River City Eye Care, LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 6,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Coalesce, LLC dba Benefitelect (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton secured a settlement agreement with Austin Diagnostic Clinic to end its policy of restricting parental access to children’s electronic health records. The agreement requires the clinic to provide parents with full, real-time access to their children’s medical information except where restricted by state or federal law, and the AG will monitor compliance.
Wellpoint, Inc. (Business Associate, IN) reported a HIPAA breach affecting 579 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cardiovascular Medicine Associates (doing business as MyCardiologist) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,248 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Harris County Hospital District d/b/a Harris Health (Healthcare Provider, TX) reported a HIPAA breach affecting 5,357 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Arizona Health Care Cost Containment System- State Medicaid Agency (Health Plan, AZ) reported a HIPAA breach affecting 3,177 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Florida Health Sciences Center, Inc (Healthcare Provider, FL) reported a HIPAA breach affecting 896 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Weekend Health, LLC (Business Associate, NY) reported a HIPAA breach affecting 1,643 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 607 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Belkorp Ag, LLC (Health Plan, CA) reported a HIPAA breach affecting 942 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gainwell Technologies LLC (Business Associate, TX) reported a HIPAA breach affecting 912 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
VIVA Health (Health Plan, AL) reported a HIPAA breach affecting 4,945 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Intercommunity Action Inc. (Healthcare Provider, PA) reported a HIPAA breach affecting 2,680 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Interactive (Business Associate, MD) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Trusteed Plan Services Corporation (Business Associate, WA) reported a HIPAA breach affecting 7,977 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Munson Healthcare (Healthcare Provider, MI) reported a HIPAA breach affecting 1,186 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
North Penn Comprehensive Health Services d.b.a Laurel Health Centers (Healthcare Provider, PA) reported a HIPAA breach affecting 991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Cookeville Regional Medical Center (Healthcare Provider, TN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Saint Anthony Hospital (Healthcare Provider, IL) reported a HIPAA breach affecting 6,679 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Franklin Dermatology Group, PLC (Healthcare Provider, TN) reported a HIPAA breach affecting 2,457 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Western Skies Wellness LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,700 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Texas Center for Infectious Disease Associates (Healthcare Provider, TX) reported a HIPAA breach affecting 1,236 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Somerset County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 2,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Coos County Family Health Services (Healthcare Provider, NH) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Twin Cities Pain Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 3,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.