1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
QualDerm Partners, LLC (Healthcare Provider, TN) reported a HIPAA breach affecting 3,117,874 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a massive data breach at Conduent that exposed the protected health information of approximately four million Texans. The breach occurred between October 21, 2024 and January 13, 2025, affecting Texas Medicaid recipients and other residents. The AG's office is investigating the security failures and compliance with Texas law.
TriZetto Provider Solutions (Business Associate, MO) reported a HIPAA breach affecting 3,433,965 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consumer protection case: Oregon Attorney General filed a lawsuit against six major drug companies and pharmacy benefit managers for allegedly coordinating to inflate insulin prices, seeking $900 million in damages under the Unlawful Trade Practices Act.
$900.0M
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to implement reasonable data security controls, leading to data breaches that exposed over 825,000 New Yorkers' personal information including driver's license numbers and dates of birth. Hackers exploited vulnerabilities in the companies' online quoting tools to steal the data, which was later used to file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including data inventory maintenance, multifactor authentication, and improved threat response procedures.
$14.2M
Aflac Incorporated (“Aflac”) (Health Plan, GA) reported a HIPAA breach affecting 13,924,906 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DaVita Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 2,689,826 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anne Arundel Dermatology (Healthcare Provider, MD) reported a HIPAA breach affecting 1,905,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Radiology Associates of Richmond, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 1,419,091 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Episource, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,725,572 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Absolute Dental Group, LLC (Business Associate, NV) reported a HIPAA breach affecting 1,223,635 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 4,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southeast Series of Lockton Companies, LLC (Lockton) (Business Associate, GA) reported a HIPAA breach affecting 1,124,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong filed a lawsuit against President Trump and the U.S. Treasury Department to stop DOGE's unauthorized access to the Treasury's central payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the new policy granting access to Elon Musk and DOGE members is unlawful and jeopardizes data security.
Community Health Center, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 1,060,936 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne Harris settled with auto insurers GEICO and Travelers for $11.3 million combined over data breaches that exposed over 120,000 New Yorkers’ personal information, including driver’s license numbers and dates of birth. The breaches stemmed from insufficient data security controls, allowing hackers to steal information and file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including comprehensive information security programs, data inventories, and improved access controls.
$11.3M
Lubbock County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 1,461,776 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Pathology and Summit Pathology Laboratories, Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 1,813,538 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A multistate coalition of 50 attorneys general led by New York AG Letitia James reached a $52 million settlement with Marriott International, Inc. over a 2014-2018 data breach of its Starwood subsidiary’s guest reservation database that exposed 131.5 million consumers’ personal information. The breach, which went undetected for four years, compromised contact details, dates of birth, passport numbers, payment card information, and loyalty program data. Marriott is required to overhaul its data security practices, implement new compliance measures, and allow customers to delete their stored data as part of the settlement.
$52.0M
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
$52.0M
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
Acadian Ambulance Service, Inc. (Healthcare Provider, LA) reported a HIPAA breach affecting 2,896,985 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 4,300,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Change Healthcare, Inc. (Business Associate, MN) reported a HIPAA breach affecting 192,700,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ascension Health (Healthcare Provider, MO) reported a HIPAA breach affecting 5,466,931 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palomar Health Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 1,140,221 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A&A Services d/b/a Sav-Rx (Business Associate, NE) reported a HIPAA breach affecting 2,812,336 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Superior Air-Ground Ambulance Service, Inc. (Healthcare Provider, IL) reported a HIPAA breach affecting 1,039,972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.