Breaches.net

Tell the truth or someone will tell it for you.

Menu
  • Home
  • About
  • Privacy
Menu

ENFORCEMENT: So many data breaches, so little enforcement?

Posted on March 8, 2024March 9, 2024 by Dissent Doe

This article introduces an upcoming series of posts scrutinizing federal and state regulators’ enforcement of data security and breach notification laws.

The inaugural post will consider how the U.S. Department of Health and Human Services  (HHS) enforces the 60-day notification requirement when covered entities do not notify everyone by 60 days, misrepresent when they actually discovered the breach, and fail to update their report to HHS after their initial report.  Does HHS really believe only 500 patients were affected by a ransomware attack or hack? If not, what are they doing to get entities to notify them and affected patients?

The second post in the series lists enforcement actions related to data security and breach notifications, categorized by federal agencies and state attorneys general.

The third post questions whether entities really fear enforcement by HHS OCR given how relatively seldom HHS OCR imposes monetary penalties or corrective action plans.

Other posts on enforcement will follow relating to other federal agencies and issues. And as time allows, Breaches will submit Freedom of Information requests and watchdog complaints to regulators.

While enforcement is a key issue and theme of this site, it’s not the only one. Be sure to look for posts on other subjects such as misleading data breach notification letters and the lack of transparency in incident response.

Category: Blog

Post navigation

← Welcome!
ENFORCEMENT: How does HHS follow up on reports that “500” were affected? →

Recent Posts

  • ENFORCEMENT: How does HHS follow up on reports that “500” were affected?
  • ENFORCEMENT: So many data breaches, so little enforcement?
  • Welcome!

Thanks to a Sponsor

Thanks to “KM” who has been sponsoring this site by paying for monthly hosting fees and providing technical support and advice when needed.  Their support is much appreciated.

Categories

RSS Recent Posts on DataBreaches.net

  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta

Contact

Email: [email protected]
infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516-776-7756

 

Contact

Email: [email protected]
Infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516 776 7756

Associated Sites

PogoWasRight.org
DataBreaches.net

©2025 Breaches.net