1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Nice Healthcare Management Company, Inc (Healthcare Provider, MN) reported a HIPAA breach affecting 10,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with Saturn Technologies, developer of the Saturn social networking app for high school students, over failures to protect young users’ privacy. The Office of the Attorney General found the company disabled required email verification for thousands of schools, used inadequate age and identity checks, retained user contact data after access was revoked, and failed to maintain proper privacy records. Saturn will pay $650,000 in penalties and implement enhanced privacy protections for minor users, including mandatory bi-annual privacy setting reviews and data deletion requirements.
$650K
Fort Wayne Medical Education Program (Healthcare Provider, IN) reported a HIPAA breach affecting 28,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Total Medical Imaging (Healthcare Provider, FL) reported a HIPAA breach affecting 27,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Gaylord Hospital, Inc (Healthcare Provider, CT) reported a HIPAA breach affecting 62,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CEI Vision Partners, LLC (Business Associate, MO) reported a HIPAA breach affecting 10,841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Carolina Arthritis Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 36,961 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Lake Washington Vascular (Healthcare Provider, WA) reported a HIPAA breach affecting 21,534 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Somnia, Inc. (Business Associate, NY) reported a HIPAA breach affecting 19,069 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Restorix Health, Inc. (Business Associate, LA) reported a HIPAA breach affecting 38,553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
UNITED BACKCARE PS dba Pacific Rehabilitation Centers (Healthcare Provider, WA) reported a HIPAA breach affecting 18,900 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
St. Marys NDS LLC (Business Associate, AZ) reported a HIPAA breach affecting 11,715 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Primary Health-SMMPP, L.C. (Business Associate, AZ) reported a HIPAA breach affecting 67,567 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
U.S. HEALTHWORKS-SMMPP, L.C. (Business Associate, AZ) reported a HIPAA breach affecting 10,673 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Primary Health Services Center, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 17,202 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mental Health Association Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 12,633 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $450,000 settlement from three companies distributing eufy-branded home security cameras for failing to implement adequate data security measures. The companies’ cameras had unencrypted video streams accessible without authentication, exposing private consumer footage. The settlement requires the companies to implement stronger security protocols, including encryption, vulnerability testing, and a comprehensive information security program.
$450K
Alpine Ears, Nose & Throat, P.L.L.C. (Healthcare Provider, CO) reported a HIPAA breach affecting 65,648 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Behavioral Health Resources (Healthcare Provider, WA) reported a HIPAA breach affecting 49,213 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a $1.5 million settlement with Carvana to resolve hundreds of consumer complaints about delays in title and registration, delayed payments to sellers, and deceptive vehicle representations. The settlement includes a $1 million restitution fund for affected consumers and a $500,000 penalty to the state, with $250,000 suspended if Carvana complies. Carvana must comply with Connecticut laws and improve customer service.
$500K
New York Attorney General Letitia James announced a settlement with Equifax Information Services, LLC for inaccurately reporting credit scores to lenders due to a coding error, which lowered consumers' scores and inflated costs for loans and insurance between March and April 2022. Equifax will pay $725,000 and implement safeguards to prevent future errors, with restitution for affected consumers.
$725K
Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Healthcare Provider, MN) reported a HIPAA breach affecting 41,792 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Buffalo Surgery Center (Healthcare Provider, NY) reported a HIPAA breach affecting 64,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Plastic Surgery Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 64,813 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watsonville Community Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 30,312 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Legacy Treatment Services, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 29,898 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with auto insurance company Noblr for $500,000 over a data breach that exposed personal information of approximately 80,000 New York residents. The breach, discovered in January 2021, was caused by Noblr’s failure to implement reasonable data security safeguards, including exposing plaintext driver’s license numbers and failing to monitor site traffic for malicious activity. In addition to the monetary penalty, Noblr must enhance its data security program, implement monitoring systems, and maintain a data inventory of private information.
$500K
The California Privacy Protection Agency (CPPA) settled with two data brokers, Infillion and The Data Group, for failing to register and pay annual fees as required by the Delete Act. Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms. This is part of a broader enforcement effort against non-compliant data brokers.
$101K
PracticeSuite, Inc. (Business Associate, FL) reported a HIPAA breach affecting 13,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Teton Orthopaedics (Healthcare Provider, PA) reported a HIPAA breach affecting 13,409 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.