Breaches.net

Tell the truth or someone will tell it for you.

Menu
  • Home
  • About
  • Privacy
Menu

ENFORCEMENT: So many data breaches, so little enforcement?

Posted on March 8, 2024March 9, 2024 by Dissent Doe

This article introduces an upcoming series of posts scrutinizing federal and state regulators’ enforcement of data security and breach notification laws.

The inaugural post will consider how the U.S. Department of Health and Human Services  (HHS) enforces the 60-day notification requirement when covered entities do not notify everyone by 60 days, misrepresent when they actually discovered the breach, and fail to update their report to HHS after their initial report.  Does HHS really believe only 500 patients were affected by a ransomware attack or hack? If not, what are they doing to get entities to notify them and affected patients?

The second post in the series lists enforcement actions related to data security and breach notifications, categorized by federal agencies and state attorneys general.

The third post questions whether entities really fear enforcement by HHS OCR given how relatively seldom HHS OCR imposes monetary penalties or corrective action plans.

Other posts on enforcement will follow relating to other federal agencies and issues. And as time allows, Breaches will submit Freedom of Information requests and watchdog complaints to regulators.

While enforcement is a key issue and theme of this site, it’s not the only one. Be sure to look for posts on other subjects such as misleading data breach notification letters and the lack of transparency in incident response.

Category: Blog

Post navigation

← Welcome!
ENFORCEMENT: How does HHS follow up on reports that “500” were affected? →

Recent Posts

  • ENFORCEMENT: How does HHS follow up on reports that “500” were affected?
  • ENFORCEMENT: So many data breaches, so little enforcement?
  • Welcome!

Thanks to a Sponsor

Thanks to “KM” who has been sponsoring this site by paying for monthly hosting fees and providing technical support and advice when needed.  Their support is much appreciated.

Categories

RSS Recent Posts on DataBreaches.net

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”

Contact

Email: [email protected]
infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516-776-7756

 

Contact

Email: [email protected]
Infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516 776 7756

Associated Sites

PogoWasRight.org
DataBreaches.net

©2025 Breaches.net