1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Madison Healthcare Services (Healthcare Provider, MN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ConvenientMD LLC (Healthcare Provider, NH) reported a HIPAA breach affecting 1,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
California Attorney General Rob Bonta co-led a coalition of 18 attorneys general in submitting a comment letter opposing the Department of Homeland Security's expansion of the Systematic Alien Verification for Entitlements (SAVE) program to include U.S.-born citizens. The coalition argues the expansion violates the Privacy Act of 1974, creates a massive surveillance database, increases data breach risks, and will lead to inaccurate verifications and denial of benefits.
FedEx Corporation Group Health Plan (Health Plan, TN) reported a HIPAA breach affecting 1,066 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sports Medicine & Orthopaedics (Healthcare Provider, RI) reported a HIPAA breach affecting 4,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cerenade (Business Associate, CA) reported a HIPAA breach affecting 987 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Center for Urologic Care of Berks CO (Healthcare Provider, PA) reported a HIPAA breach affecting 543 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Henry Ford Health (Healthcare Provider, MI) reported a HIPAA breach affecting 1,984 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Consumer protection case where Oregon AG Dan Rayfield led a multi-state lawsuit to block USDA guidance that unlawfully restricts SNAP eligibility for legal immigrants, arguing it contradicts federal law and could cause wrongful benefit terminations.
Keystone Alliance, Inc. (Business Associate, IL) reported a HIPAA breach affecting 1,021 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
California Attorney General Rob Bonta joined a bipartisan coalition of 36 state attorneys general in sending a letter to Congress opposing a proposed provision in the National Defense Authorization Act that would preempt state laws addressing AI risks. The coalition argues that states must retain authority to mitigate AI harms, particularly to children, and that state-level enforcement is critical for protecting residents from emerging threats like deepfakes and harmful AI interactions.
Civil rights and housing policy enforcement action where Oregon Attorney General Dan Rayfield, with a coalition of 20 states and two governors, sued HUD for unlawfully changing Continuum of Care grant requirements that would slash permanent housing funding by ~70% and impose barriers like gender recognition restrictions, threatening housing stability for tens of thousands.
Civil rights enforcement action where Oregon Attorney General and three local District Attorneys issued a formal demand letter to federal agencies, citing a pattern of excessive and unlawful force by DHS officers during immigration operations that endangered residents and other law enforcement, and threatening investigations and potential prosecutions if conduct does not change.
Attorney General William Tong and a bipartisan coalition of 36 attorneys general sent a letter to Congress opposing efforts to ban state AI laws. They argue that state laws are necessary to protect residents from AI harms in the absence of federal protections. The coalition urges Congress to work with them on federal AI protections instead.
Med Atlantic, Inc. (Business Associate, VA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nura PLLC (Healthcare Provider, MN) reported a HIPAA breach affecting 5,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (Healthcare Provider, NY) reported a HIPAA breach affecting 3,426 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers under the CCPA and Delete Act. The strike force will focus on compliance with registration requirements and other obligations, building on previous enforcement actions to increase accountability.
County of Catawba (Health Plan, NC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dermatology Associates of Concord (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Marrs Ear, Nose & Throat, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 6,376 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
St. John’s Riverside Hospital (Healthcare Provider, NY) reported a HIPAA breach affecting 2,238 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
West Suburban Eye Surgery Center LLC (Business Associate, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Connecticut Attorney General William Tong filed an expanded complaint against Altice/Optimum Online for deceptive advertising and hidden 'Network Enhancement' fees that collected at least $39.1 million from consumers. The company allegedly misled customers with 'price for life' deals while burying fees in fine print and targeting Spanish speakers with English-only disclosures. The complaint seeks penalties and disgorgement under the Connecticut Unfair Trade Practices Act.
The Chase Group Employee Benefit Plan (Health Plan, NM) reported a HIPAA breach affecting 817 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Archer Health (Healthcare Provider, CA) reported a HIPAA breach affecting 4,285 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tampa Bay Treatment Associates (Healthcare Provider, FL) reported a HIPAA breach affecting 3,682 individuals. Breach type: Theft. Location of breached information: Electronic Medical Record.
All data sourced from official government enforcement pages.