1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Pomona Community Health Center dba ParkTree Community Health Center (Healthcare Provider, CA) reported a HIPAA breach affecting 40,964 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Contents Trader, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 27,329 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Pemiscot Memorial Health System (Healthcare Provider, MO) reported a HIPAA breach affecting 33,279 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Turning Point of Central California, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 53,737 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gramercy Surgery Center, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 52,372 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Pocahontas Medical Clinic, PA (Healthcare Provider, AR) reported a HIPAA breach affecting 31,216 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Surgery Center of Mid Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 48,684 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Counseling of Bristol County, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 44,991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Regional Obstetrical Consultants PC (Healthcare Provider, TN) reported a HIPAA breach affecting 25,650 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Lash Group, LLC (Business Associate, PA) reported a HIPAA breach affecting 15,196 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Neurobehavioral Medicine Consultants, P.C. (Healthcare Provider, OH) reported a HIPAA breach affecting 18,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Alliance Rehabilitation Services (Healthcare Provider, NE) reported a HIPAA breach affecting 10,750 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Insurance ACE/Humana Inc. (Health Plan, KY) reported a HIPAA breach affecting 15,003 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Easterseals Central Illinois (Healthcare Provider, IL) reported a HIPAA breach affecting 14,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Trionfo Solutions, LLC (Business Associate, IL) reported a HIPAA breach affecting 81,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Healthcare Financial Holdings (Business Associate, NC) reported a HIPAA breach affecting 16,852 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Victoria Eye Center/Victoria Surgery Center/Victoria Vision Center (Healthcare Provider, TX) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Hypertension-Nephrology Associates, P.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 39,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Medical Billing Specialists, Inc. (Business Associate, MA) reported a HIPAA breach affecting 43,673 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gaia Software, LLC (Business Associate, CO) reported a HIPAA breach affecting 56,676 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Strive Holdco, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 51,477 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
US Radiology Specialists, Inc. failed to upgrade its firewall, leading to a ransomware attack that compromised the personal and health data of over 198,000 patients, including 92,000 New Yorkers. The company agreed to pay $450,000 in penalties and implement comprehensive data security measures, including encryption and data deletion policies.
$450K
New York Attorney General Letitia James secured a $350,000 settlement from Personal Touch Holding Corporation for failing to protect patient and employee data. A ransomware attack in January 2021 compromised the personal and medical information of approximately 316,845 New Yorkers due to inadequate security measures. As part of the agreement, Personal Touch must pay penalties, enhance its cybersecurity program, and provide free credit monitoring to affected individuals.
$350K
The FTC finalized an order against CafePress for failing to secure consumer data and covering up a data breach. The company must implement comprehensive security measures, and its former owner must pay $500,000 in redress to victims.
$500K
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
$500K
The FTC settled with CafePress's former owner Residual Pumpkin Entity, LLC and buyer PlanetArt, LLC over data security failures that led to a breach exposing Social Security numbers and other sensitive data. Residual Pumpkin paid $500,000 for victim compensation, and both companies must implement comprehensive security programs. A claims process is open for affected consumers until March 10, 2024.
$500K
Command Marketing Innovations, LLC and Strategic Content Imaging, LLC settled allegations that they violated the New Jersey Consumer Fraud Act and HIPAA by failing to safeguard protected health information, exposing the data of 55,715 New Jersey residents. The companies agreed to pay $130,000 in penalties and implement comprehensive security measures, including appointing security officers and providing employee training.
$130K
EmblemHealth, Inc. settled with the New Jersey Attorney General over a 2016 data breach where Medicare Health Insurance Claim Numbers (containing Social Security numbers) were improperly disclosed on mailing labels to over 81,000 customers, including 6,443 in New Jersey. The company agreed to pay a $100,000 civil penalty and implement compliance reforms including ceasing use of HICNs with SSNs, enhancing employee training, and notifying the state of future breaches.
$100K
Aetna, Inc. settled with New Jersey and other states over allegations that it improperly disclosed protected health information of thousands of individuals through mailings that revealed HIV/AIDS status and AFib study participation. The settlement requires Aetna to implement policy reforms, hire an independent consultant, and pay a civil penalty of $365,211.59 to New Jersey.
$365K
Anthem Blue Cross printed Social Security numbers on mailed letters, exposing the personal information of over 33,000 Medicare subscribers. The settlement requires the company to improve data security measures, provide employee training, and pay $150,000. This action aims to prevent future privacy violations.
$150K
All data sourced from official government enforcement pages.