1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Columbia Medical Practice (Healthcare Provider, MD) reported a HIPAA breach affecting 3,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NCH Corporation Employee Benefits Plan (Health Plan, TX) reported a HIPAA breach affecting 3,098 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
Greater St. Louis Oral & Maxillofacial Surgery PC (Healthcare Provider, MO) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 5,901 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced Phase 2 of Operation Robocall Roundup, a multistate investigation targeting four major voice service providers—Inteliquent, Bandwidth, Peerless, and Lumen—for routing suspected illegal robocalls. The Anti-Robocall Multistate Litigation Task Force sent warning letters demanding they stop transmitting such calls, following Phase 1 which already led to some providers being removed from the FCC's database. The AG emphasized that these companies have a heightened responsibility to block call traffic from known bad actors.
Attorney General William Tong announced Phase 2 of Operation Robocall Roundup, investigating four major voice providers—Inteliquent, Bandwidth, Lumen, and Peerless—for transmitting suspected illegal robocalls. The Anti-Robocall Multistate Litigation Task Force directed these companies to stop such transmissions. Phase 1 already removed 13 companies from the FCC's Robocall Mitigation Database and stopped 19 from appearing in traceback results.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
$57K
Madison Healthcare Services (Healthcare Provider, MN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ConvenientMD LLC (Healthcare Provider, NH) reported a HIPAA breach affecting 1,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
California Attorney General Rob Bonta co-led a coalition of 18 attorneys general in submitting a comment letter opposing the Department of Homeland Security's expansion of the Systematic Alien Verification for Entitlements (SAVE) program to include U.S.-born citizens. The coalition argues the expansion violates the Privacy Act of 1974, creates a massive surveillance database, increases data breach risks, and will lead to inaccurate verifications and denial of benefits.
FedEx Corporation Group Health Plan (Health Plan, TN) reported a HIPAA breach affecting 1,066 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sports Medicine & Orthopaedics (Healthcare Provider, RI) reported a HIPAA breach affecting 4,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cerenade (Business Associate, CA) reported a HIPAA breach affecting 987 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Center for Urologic Care of Berks CO (Healthcare Provider, PA) reported a HIPAA breach affecting 543 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Henry Ford Health (Healthcare Provider, MI) reported a HIPAA breach affecting 1,984 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Consumer protection case where Oregon AG Dan Rayfield led a multi-state lawsuit to block USDA guidance that unlawfully restricts SNAP eligibility for legal immigrants, arguing it contradicts federal law and could cause wrongful benefit terminations.
Keystone Alliance, Inc. (Business Associate, IL) reported a HIPAA breach affecting 1,021 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
California Attorney General Rob Bonta joined a bipartisan coalition of 36 state attorneys general in sending a letter to Congress opposing a proposed provision in the National Defense Authorization Act that would preempt state laws addressing AI risks. The coalition argues that states must retain authority to mitigate AI harms, particularly to children, and that state-level enforcement is critical for protecting residents from emerging threats like deepfakes and harmful AI interactions.
New Jersey Attorney General Matthew Platkin joined a bipartisan coalition of 36 state attorneys general in sending a letter to Congress opposing proposed legislation that would ban state laws regulating artificial intelligence. The letter warns that such a ban would leave residents, particularly children and senior citizens, vulnerable to harmful AI practices including scams, misinformation, and privacy violations. The coalition urges Congress to instead collaborate on federal AI safeguards rather than preempting state-level protections.
Civil rights and housing policy enforcement action where Oregon Attorney General Dan Rayfield, with a coalition of 20 states and two governors, sued HUD for unlawfully changing Continuum of Care grant requirements that would slash permanent housing funding by ~70% and impose barriers like gender recognition restrictions, threatening housing stability for tens of thousands.
Civil rights enforcement action where Oregon Attorney General and three local District Attorneys issued a formal demand letter to federal agencies, citing a pattern of excessive and unlawful force by DHS officers during immigration operations that endangered residents and other law enforcement, and threatening investigations and potential prosecutions if conduct does not change.
Attorney General William Tong and a bipartisan coalition of 36 attorneys general sent a letter to Congress opposing efforts to ban state AI laws. They argue that state laws are necessary to protect residents from AI harms in the absence of federal protections. The coalition urges Congress to work with them on federal AI protections instead.
Med Atlantic, Inc. (Business Associate, VA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nura PLLC (Healthcare Provider, MN) reported a HIPAA breach affecting 5,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dr. Michael Kaplan DO PC DBA Long Island Weight Loss Institute (Healthcare Provider, NY) reported a HIPAA breach affecting 3,426 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers under the CCPA and Delete Act. The strike force will focus on compliance with registration requirements and other obligations, building on previous enforcement actions to increase accountability.
All data sourced from official government enforcement pages.