1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Spindletop Center (Healthcare Provider, TX) reported a HIPAA breach affecting 88,863 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond Behavioral Health Authority (Healthcare Provider, VA) reported a HIPAA breach affecting 113,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Center for Urologic Care of Berks CO (Healthcare Provider, PA) reported a HIPAA breach affecting 543 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Persante Health Care (Business Associate, NJ) reported a HIPAA breach affecting 111,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Keystone Alliance, Inc. (Business Associate, IL) reported a HIPAA breach affecting 1,021 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Davies, McFarland & Carroll LLC (Business Associate, PA) reported a HIPAA breach affecting 54,712 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VITAS Hospice Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 319,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Millcreek Pediatrics (Healthcare Provider, DE) reported a HIPAA breach affecting 14,095 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Delta Dental of Virginia (Health Plan, VA) reported a HIPAA breach affecting 126,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Med Atlantic, Inc. (Business Associate, VA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NS Support, LLC (Healthcare Provider, ID) reported a HIPAA breach affecting 92,845 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nura PLLC (Healthcare Provider, MN) reported a HIPAA breach affecting 5,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (Healthcare Provider, NY) reported a HIPAA breach affecting 3,426 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 238,615 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NAHGA Claim Services (Health Plan, ME) reported a HIPAA breach affecting 26,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anchorage Neighborhood Health Center (Healthcare Provider, AK) reported a HIPAA breach affecting 70,555 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personic Management Company LLC (Business Associate, VA) reported a HIPAA breach affecting 10,929 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
County of Catawba (Health Plan, NC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dermatology Associates of Concord (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
St. John’s Riverside Hospital (Healthcare Provider, NY) reported a HIPAA breach affecting 2,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Morton Drug Company (Healthcare Provider, WI) reported a HIPAA breach affecting 40,051 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Steven J. Pearlman MD PC (Healthcare Provider, NY) reported a HIPAA breach affecting 10,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Therapy Services, Inc. (Healthcare Provider, IN) reported a HIPAA breach affecting 15,027 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marshfield Clinic Health System (Healthcare Provider, WI) reported a HIPAA breach affecting 35,952 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Loving and Living Center, PC dba Awakenings Center (Healthcare Provider, NC) reported a HIPAA breach affecting 17,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
Illuminate Education, Inc. suffered a data breach in 2021 due to security failures, exposing sensitive student data including medical conditions across millions of students. The company has agreed to pay $5.1 million in settlements to California, Connecticut, and New York and implement injunctive relief to strengthen data security practices.
$5.1M
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
The Chase Group Employee Benefit Plan (Health Plan, NM) reported a HIPAA breach affecting 817 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Archer Health (Healthcare Provider, CA) reported a HIPAA breach affecting 4,285 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.