Breaches.net

Tell the truth or someone will tell it for you.

Menu
  • Home
  • About
  • Privacy
Menu

ENFORCEMENT: So many data breaches, so little enforcement?

Posted on March 8, 2024March 9, 2024 by Dissent Doe

This article introduces an upcoming series of posts scrutinizing federal and state regulators’ enforcement of data security and breach notification laws.

The inaugural post will consider how the U.S. Department of Health and Human Services  (HHS) enforces the 60-day notification requirement when covered entities do not notify everyone by 60 days, misrepresent when they actually discovered the breach, and fail to update their report to HHS after their initial report.  Does HHS really believe only 500 patients were affected by a ransomware attack or hack? If not, what are they doing to get entities to notify them and affected patients?

The second post in the series lists enforcement actions related to data security and breach notifications, categorized by federal agencies and state attorneys general.

The third post questions whether entities really fear enforcement by HHS OCR given how relatively seldom HHS OCR imposes monetary penalties or corrective action plans.

Other posts on enforcement will follow relating to other federal agencies and issues. And as time allows, Breaches will submit Freedom of Information requests and watchdog complaints to regulators.

While enforcement is a key issue and theme of this site, it’s not the only one. Be sure to look for posts on other subjects such as misleading data breach notification letters and the lack of transparency in incident response.

Category: Blog

Post navigation

← Welcome!
ENFORCEMENT: How does HHS follow up on reports that “500” were affected? →

Recent Posts

  • ENFORCEMENT: How does HHS follow up on reports that “500” were affected?
  • ENFORCEMENT: So many data breaches, so little enforcement?
  • Welcome!

Thanks to a Sponsor

Thanks to “KM” who has been sponsoring this site by paying for monthly hosting fees and providing technical support and advice when needed.  Their support is much appreciated.

Categories

RSS Recent Posts on DataBreaches.net

  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks

Contact

Email: [email protected]
infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516-776-7756

 

Contact

Email: [email protected]
Infosec.exchange/@pogowasright
Telegram: @DissentDoe
Signal: +1 516 776 7756

Associated Sites

PogoWasRight.org
DataBreaches.net

©2025 Breaches.net