1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Spindletop Center (Healthcare Provider, TX) reported a HIPAA breach affecting 88,863 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond Behavioral Health Authority (Healthcare Provider, VA) reported a HIPAA breach affecting 113,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Center for Urologic Care of Berks CO (Healthcare Provider, PA) reported a HIPAA breach affecting 543 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Persante Health Care (Business Associate, NJ) reported a HIPAA breach affecting 111,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Keystone Alliance, Inc. (Business Associate, IL) reported a HIPAA breach affecting 1,021 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Davies, McFarland & Carroll LLC (Business Associate, PA) reported a HIPAA breach affecting 54,712 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VITAS Hospice Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 319,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Millcreek Pediatrics (Healthcare Provider, DE) reported a HIPAA breach affecting 14,095 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Delta Dental of Virginia (Health Plan, VA) reported a HIPAA breach affecting 126,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Med Atlantic, Inc. (Business Associate, VA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NS Support, LLC (Healthcare Provider, ID) reported a HIPAA breach affecting 92,845 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nura PLLC (Healthcare Provider, MN) reported a HIPAA breach affecting 5,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (Healthcare Provider, NY) reported a HIPAA breach affecting 3,426 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 238,615 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NAHGA Claim Services (Health Plan, ME) reported a HIPAA breach affecting 26,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anchorage Neighborhood Health Center (Healthcare Provider, AK) reported a HIPAA breach affecting 70,555 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personic Management Company LLC (Business Associate, VA) reported a HIPAA breach affecting 10,929 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
County of Catawba (Health Plan, NC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dermatology Associates of Concord (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
St. John’s Riverside Hospital (Healthcare Provider, NY) reported a HIPAA breach affecting 2,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Morton Drug Company (Healthcare Provider, WI) reported a HIPAA breach affecting 40,051 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Steven J. Pearlman MD PC (Healthcare Provider, NY) reported a HIPAA breach affecting 10,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Therapy Services, Inc. (Healthcare Provider, IN) reported a HIPAA breach affecting 15,027 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marshfield Clinic Health System (Healthcare Provider, WI) reported a HIPAA breach affecting 35,952 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Loving and Living Center, PC dba Awakenings Center (Healthcare Provider, NC) reported a HIPAA breach affecting 17,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
California Attorney General Rob Bonta, joined by Connecticut and New York Attorneys General, secured a $5.1 million multistate settlement with edtech company Illuminate Education, Inc. over a 2021 data breach that exposed sensitive personal and medical information of millions of students, including over 434,000 California students. The investigation found Illuminate failed to implement basic security measures, including failing to terminate former employee credentials, lacking suspicious activity monitoring, and unsecured backup databases, as well as making false statements in its privacy policy. Illuminate must pay $3.25 million to California, implement enhanced security practices, and notify the CA DOJ of future student data breaches.
$5.1M
The Chase Group Employee Benefit Plan (Health Plan, NM) reported a HIPAA breach affecting 817 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Archer Health (Healthcare Provider, CA) reported a HIPAA breach affecting 4,285 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.