1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Health Services LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 75,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Family Centers, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 12,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Western Wayne Family Physicians (Healthcare Provider, MI) reported a HIPAA breach affecting 62,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Concord Orthopaedics (Healthcare Provider, NH) reported a HIPAA breach affecting 72,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
MedRevenu, LLC (Business Associate, CA) reported a HIPAA breach affecting 17,775 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fyzical Acquisition Holdings, LLC (Business Associate, FL) reported a HIPAA breach affecting 43,045 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Mid Florida Primary Care, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 16,435 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a $975,000 settlement with Root Insurance Company over a data breach that exposed the personal information of approximately 45,000 New York residents. The breach, discovered in January 2021, stemmed from Root’s inadequate data security measures, including unencrypted driver’s license numbers in quote PDFs and insufficient controls against automated attacks. In addition to the monetary penalty, Root must implement enhanced data security measures including a comprehensive information security program, data inventory, and monitoring systems.
$975K
Heart to Heart Hospice Holdings, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 19,034 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Klickitat Valley Health (Healthcare Provider, WA) reported a HIPAA breach affecting 26,339 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nice Healthcare Management Company, Inc (Healthcare Provider, MN) reported a HIPAA breach affecting 10,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with Saturn Technologies, developer of the Saturn social networking app for high school students, over failures to protect young users’ privacy. The Office of the Attorney General found the company disabled required email verification for thousands of schools, used inadequate age and identity checks, retained user contact data after access was revoked, and failed to maintain proper privacy records. Saturn will pay $650,000 in penalties and implement enhanced privacy protections for minor users, including mandatory bi-annual privacy setting reviews and data deletion requirements.
$650K
Fort Wayne Medical Education Program (Healthcare Provider, IN) reported a HIPAA breach affecting 28,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CEI Vision Partners, LLC (Business Associate, MO) reported a HIPAA breach affecting 10,841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gaylord Hospital, Inc (Healthcare Provider, CT) reported a HIPAA breach affecting 62,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carolina Arthritis Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 36,961 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Lake Washington Vascular (Healthcare Provider, WA) reported a HIPAA breach affecting 21,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Somnia, Inc. (Business Associate, NY) reported a HIPAA breach affecting 19,069 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
UNITED BACKCARE PS dba Pacific Rehabilitation Centers (Healthcare Provider, WA) reported a HIPAA breach affecting 18,900 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
U.S. HEALTHWORKS-SMMPP, L.C. (Business Associate, AZ) reported a HIPAA breach affecting 10,673 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Primary Health-SMMPP, L.C. (Business Associate, AZ) reported a HIPAA breach affecting 67,567 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
St. Marys NDS LLC (Business Associate, AZ) reported a HIPAA breach affecting 11,715 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Primary Health Services Center, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 17,202 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $450,000 settlement from three companies distributing eufy-branded home security cameras for failing to implement adequate data security measures. The companies’ cameras had unencrypted video streams accessible without authentication, exposing private consumer footage. The settlement requires the companies to implement stronger security protocols, including encryption, vulnerability testing, and a comprehensive information security program.
$450K
Behavioral Health Resources (Healthcare Provider, WA) reported a HIPAA breach affecting 49,213 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Healthcare Provider, MN) reported a HIPAA breach affecting 41,792 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Buffalo Surgery Center (Healthcare Provider, NY) reported a HIPAA breach affecting 64,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Plastic Surgery Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 64,813 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Legacy Treatment Services, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 29,898 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watsonville Community Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 30,312 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.