1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Motorola Solutions (Health Plan, IL) reported a HIPAA breach affecting 22,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Denton MHMR Center (Healthcare Provider, TX) reported a HIPAA breach affecting 108,967 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Expert MRI (Healthcare Provider, CA) reported a HIPAA breach affecting 209,560 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Judson Center (Healthcare Provider, MI) reported a HIPAA breach affecting 976 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tri Century Eye Care PC (Healthcare Provider, PA) reported a HIPAA breach affecting 200,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Beverly Hills Oncology Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 57,655 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Hale Makua Health Services (Healthcare Provider, HI) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton opened an investigation into Lorex Technology Inc. for allegedly deceptively selling security cameras with components from CCP-linked Dahua, posing privacy and national security risks. The investigation will determine if Lorex misrepresented the cameras as secure and safe for residential use despite known supply chain vulnerabilities and federal restrictions on Dahua products.
Northwest Radiologists, Inc./Mount Baker Imaging (Healthcare Provider, WA) reported a HIPAA breach affecting 362,713 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Health Management Systems of America (Healthcare Provider, MI) reported a HIPAA breach affecting 4,213 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
REACH, Inc (Healthcare Provider, AK) reported a HIPAA breach affecting 1,195 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
VirMedice, LLC (Business Associate, AZ) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Physicians to Children & Adolescents (Healthcare Provider, KY) reported a HIPAA breach affecting 9,536 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southwest Urology (Healthcare Provider, OH) reported a HIPAA breach affecting 1,310 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fairbanks Urology (Healthcare Provider, AK) reported a HIPAA breach affecting 1,446 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Saint Mary’s Home of Erie (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Michael R. Schwartz, MD Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 9,080 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
New York Attorney General Letitia James settled with public accounting firm Wojeski & Company over two data breaches in 2023 and 2024 that exposed personal information of over 4,700 New York residents, including social security numbers and medical benefits. The firm failed to implement adequate data security measures, did not encrypt sensitive data, and delayed notifying affected consumers of the breaches for over a year. Wojeski must pay $60,000 in penalties and implement enhanced cybersecurity measures including encryption, incident response plans, and employee training.
$60K
North Atlantic States Carpenters Health Benefits Fund (Health Plan, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Modernizing Medicine, Inc. (Business Associate, FL) reported a HIPAA breach affecting 198,795 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Heartland Health Center (Healthcare Provider, NE) reported a HIPAA breach affecting 43,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
River City Eye Care, LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 6,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Coalesce, LLC dba Benefitelect (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to implement reasonable data security controls, leading to data breaches that exposed over 825,000 New Yorkers' personal information including driver's license numbers and dates of birth. Hackers exploited vulnerabilities in the companies' online quoting tools to steal the data, which was later used to file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including data inventory maintenance, multifactor authentication, and improved threat response procedures.
$14.2M
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
Visiting Nurse Association of Texas, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 28,515 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Conduent Business Services LLC (Business Associate, NJ) reported a HIPAA breach affecting 42,616 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wellpoint, Inc. (Business Associate, IN) reported a HIPAA breach affecting 579 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
OB-GYN Associates, Ltd. dba OBGYN Associates (Healthcare Provider, NV) reported a HIPAA breach affecting 62,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cardiovascular Medicine Associates (doing business as MyCardiologist) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,248 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.