1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Alpine Ears, Nose & Throat, P.L.L.C. (Healthcare Provider, CO) reported a HIPAA breach affecting 65,648 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service (Healthcare Provider, MN) reported a HIPAA breach affecting 41,792 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Buffalo Surgery Center (Healthcare Provider, NY) reported a HIPAA breach affecting 64,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Plastic Surgery Center (Healthcare Provider, NJ) reported a HIPAA breach affecting 64,813 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Legacy Treatment Services, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 29,898 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Watsonville Community Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 30,312 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James settled with auto insurance company Noblr for $500,000 over a data breach that exposed personal information of approximately 80,000 New York residents. The breach, discovered in January 2021, was caused by Noblr’s failure to implement reasonable data security safeguards, including exposing plaintext driver’s license numbers and failing to monitor site traffic for malicious activity. In addition to the monetary penalty, Noblr must enhance its data security program, implement monitoring systems, and maintain a data inventory of private information.
$500K
PracticeSuite, Inc. (Business Associate, FL) reported a HIPAA breach affecting 13,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Teton Orthopaedics (Healthcare Provider, PA) reported a HIPAA breach affecting 13,409 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
River Region Cardiology (Healthcare Provider, AL) reported a HIPAA breach affecting 48,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Connections (Healthcare Provider, DC) reported a HIPAA breach affecting 18,949 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $550,000 settlement from Hudson Valley health care operator HealthAlliance over a 2023 data breach that compromised the personal and medical information of 242,641 New Yorkers. The breach occurred after HealthAlliance failed to patch a known vulnerability in its web application system, allowing cyberattackers to exfiltrate patient and employee data. As part of the settlement, HealthAlliance must pay the penalty and implement enhanced cybersecurity measures including a comprehensive security program, patch management policy, and data inventory requirements.
$550K
Conceptions Reproductive Associates of Colorado (Healthcare Provider, CO) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
East Central Missouri Behavioral Health Services, Inc. (Healthcare Provider, MO) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AuthoraCare Collective (Healthcare Provider, NC) reported a HIPAA breach affecting 57,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
New York Attorney General Letitia James reached a $250,000 settlement with National Amusements, Inc. after an investigation found the movie theater operator failed to implement adequate data security, leading to a breach exposing personal information of over 23,000 New York employees. The company also violated the New York Shield Act by delaying notification to affected individuals for more than a year after the breach. As part of the settlement, National Amusements must pay the penalty and implement enhanced cybersecurity measures including encryption, password policies, and an incident response plan.
$250K
ESHA, Inc. (Business Associate, TX) reported a HIPAA breach affecting 76,922 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Radiologic Medical Services, P.C. (Healthcare Provider, IA) reported a HIPAA breach affecting 56,902 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
South West Family Medicine Associates, PA (Healthcare Provider, TX) reported a HIPAA breach affecting 36,959 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a settlement with Albany ENT & Allergy Services (AENT) over two 2023 ransomware attacks that compromised the medical records of over 200,000 New Yorkers. The OAG found AENT failed to maintain reasonable data security safeguards, inadequately oversaw third-party security vendors, and initially failed to disclose all exposed consumer data to the state. AENT will pay $1 million in penalties (with $500,000 suspended pending $2.25 million in security investments) and implement comprehensive data security measures including encryption, multi-factor authentication, and vendor oversight.
$1.0M
Hawaii Radiologic Associates, Ltd. (Healthcare Provider, HI) reported a HIPAA breach affecting 23,205 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gandara Mental Health Center (Healthcare Provider, MA) reported a HIPAA breach affecting 20,024 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
Advanced Recovery Equipment & Supplies, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 56,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Clay Platte Family Medicine (Healthcare Provider, MO) reported a HIPAA breach affecting 53,916 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Valleygate Dental Surgery Centers of Charlotte, Fayetteville, and the West, LLC. (Healthcare Provider, NC) reported a HIPAA breach affecting 14,589 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wilmington Community Clinic (Healthcare Provider, CA) reported a HIPAA breach affecting 11,601 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dr. Daniel J. Leeman, M.D. (Healthcare Provider, TX) reported a HIPAA breach affecting 50,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Asheville Arthritis and Osteoporosis Center, P.A. (Healthcare Provider, NC) reported a HIPAA breach affecting 58,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 32,120 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.