1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Consumer protection case: Oregon Attorney General filed a lawsuit against six major drug companies and pharmacy benefit managers for allegedly coordinating to inflate insulin prices, seeking $900 million in damages under the Unlawful Trade Practices Act.
$900.0M
Pit River Health Service Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Methodist Homes of Alabama and Northwest Florida (Healthcare Provider, AL) reported a HIPAA breach affecting 1,406 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Mid Michigan Medical Billing Service, Inc. (Business Associate, MI) reported a HIPAA breach affecting 28,185 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Virginia Attorney General Jay Jones announced intent to enforce new provisions of the Virginia Consumer Data Protection Act that limit minors' social media usage to one hour per day without parental consent. The law, effective January 1, 2026, requires age verification and verifiable parental consent to change time limits, with potential penalties up to $7,500 per violation and injunctive relief. This follows a motion to dismiss a lawsuit by NetChoice challenging the law.
Andover Eye Associates (Healthcare Provider, MA) reported a HIPAA breach affecting 1,638 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Steel Encounters, Inc. (Healthcare Provider, UT) reported a HIPAA breach affecting 959 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
Advanced Healthcare Professionals (Healthcare Provider, TX) reported a HIPAA breach affecting 800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Connecticut Attorney General reached an agreement with Hartford Healthcare to address antitrust concerns in the acquisition of Manchester Memorial and Rockville General hospitals from Prospect Medical. The agreement includes conditions to limit cost increases, waive physician non-compete clauses, and maintain medical staff privileges to protect competition and physician mobility. This resolves the antitrust review under the state's notice of material change statute.
Associated Radiologists of the Finger Lakes, P.C. (Business Associate, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Exact Sciences Laboratories LLC (Healthcare Provider, WI) reported a HIPAA breach affecting 2,658 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Docs Medical Group, Inc. dba Pulse Urgent Care (Healthcare Provider, CA) reported a HIPAA breach affecting 4,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CareOregon (Health Plan, OR) reported a HIPAA breach affecting 5,473 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $500,000 settlement with orthopedics practice OrthopedicsNY, LLP for failing to implement adequate data security measures, leading to a 2023 cyberattack that exposed personal and health information of approximately 656,000 patients and employees. The settlement requires OrthopedicsNY to pay the penalty, fund one year of free credit monitoring for affected individuals, and adopt enhanced data security practices including multifactor authentication, encryption, and annual risk assessments.
$500K
BlueCross BlueShield of Tennessee, Inc. (Business Associate, TN) reported a HIPAA breach affecting 780 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Glendale Obstetrics & Gynecology PCA (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Health and civil rights enforcement action. Oregon Attorney General Dan Rayfield led a coalition of 19 states and the District of Columbia in filing a lawsuit against the U.S. Department of Health and Human Services (HHS). The suit challenges a December 18, 2025 HHS 'declaration' that claims certain gender-affirming care is 'unsafe and ineffective' and threatens to exclude providers from Medicare/Medicaid for offering such care. The attorneys general argue HHS violated federal administrative law by implementing a major policy change without required notice-and-comment rulemaking, creating fear for patients and providers and threatening state Medicaid programs.
Connecticut Attorney General William Tong, leading a coalition of 35 attorneys general, urged Meta to enforce its policies against misleading AI-generated weight loss ads on Instagram and Facebook. The ads promote non-FDA approved GLP-1 drugs without disclosing risks and use fake AI content. The coalition demands Meta restrict such ads, require clear risk disclosures, and label AI-generated content.
AllerVie Health (Healthcare Provider, TX) reported a HIPAA breach affecting 80,521 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York Hospital (Healthcare Provider, ME) reported a HIPAA breach affecting 1,259 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Artemis Healthcare Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 45,867 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Riverland Community Health (Healthcare Provider, MN) reported a HIPAA breach affecting 940 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Attorney General William Tong joined a coalition of 21 states and D.C. in suing the Trump administration to prevent the defunding of the Consumer Financial Protection Bureau (CFPB). The lawsuit argues that the defunding is unlawful and would cripple consumer protection efforts and state enforcement capabilities. The coalition seeks a court order to ensure CFPB continues to receive funding and fulfill its duties.
HAP (Health Alliance Plan) (Health Plan, MI) reported a HIPAA breach affecting 1,059 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Consumer protection case where Oregon AG sued the Trump administration to prevent defunding of the CFPB, arguing it would harm consumers and state enforcement efforts. The CFPB provides critical data and complaint handling for financial consumer protection.
Environmental and consumer protection enforcement action where Mercedes-Benz USA agreed to a nearly $150 million settlement for installing emissions defeat devices in diesel vehicles and misleading consumers about their environmental compliance. The settlement includes significant consumer relief and practice reforms.
$149.7M
Attorney General William Tong led a coalition of 15 attorneys general in submitting a comment letter to the EPA opposing the Trump Administration's proposal to roll back PFAS reporting requirements under the Toxic Substances Control Act. The coalition argues that the exemptions would shield most manufacturers from reporting critical information about PFAS chemicals, hindering efforts to protect public health and the environment.
Chicago Cosmetic Surgery and Dermatology (Healthcare Provider, IL) reported a HIPAA breach affecting 700 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TapestryHealth (Healthcare Provider, CT) reported a HIPAA breach affecting 6,494 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
All data sourced from official government enforcement pages.