From the Wire
Regulatory enforcement actions, court decisions, and compliance developments that matter most across FCRA, FDCPA, HIPAA, TCPA, FINRA, FMCSA, and federal and state law.
HHS OCR Settles with Software Vendor Over 15 Million Patient Records Exposed in 2020 Breach
A Maryland dental software company agreed to a HIPAA settlement after a 2020 breach exposed the records of 15 million individuals. The case illustrates OCR's ongoing focus on business associates and their obligations under the Security Rule.
FINRA and SEC Hit Canaccord Genuity with $80 Million AML Penalty โ Largest BSA Fine Ever Against a Broker-Dealer
FinCEN, FINRA, and the SEC coordinated an $80 million enforcement action against Canaccord Genuity for Bank Secrecy Act violations spanning six years. It is the largest BSA penalty ever imposed against a broker-dealer and a wake-up call for the entire industry on AML program adequacy.
Kaiser Permanente Pays $10.5 Million to Settle TCPA Class Action Over Texts Sent After Opt-Out
Kaiser Permanente agreed to a $10.5 million TCPA class action settlement for sending marketing texts to consumers who had already replied STOP. The case is a clean illustration of why opt-out processing infrastructure is not optional for any organization running text marketing campaigns.
CFPB Medical Debt Credit Reporting Rule Vacated by Texas Federal Court
A Texas federal court vacated the CFPB's rule that would have prohibited furnishing and consideration of medical debt information on credit reports, agreeing with the bureau and industry plaintiffs that the rule exceeded statutory authority under the FCRA.
OCR Fines Four Healthcare Organizations $1.1 Million for HIPAA Failures That Led to Ransomware Attacks
HHS OCR announced four enforcement actions totaling more than $1.1 million against healthcare organizations that experienced ransomware attacks. In each case, OCR found HIPAA Security Rule violations โ particularly inadequate risk analysis โ that predated and contributed to the attacks.
Ruggable Hit With TCPA Class Action Over 6 A.M. Marketing Texts
A California federal court class action accuses Ruggable of sending marketing text messages at 6 a.m. โ before the TCPA's 8 a.m. permissible contact window. The case highlights a TCPA quiet hours obligation that many marketing teams fail to account for in their automated messaging systems.
FINRA Suspends CCOs in Two Separate Cases for Supervisory Failures โ A Signal on Individual Accountability
FINRA suspended chief compliance officers in two recent enforcement actions โ one for Regulation Best Interest failures, one for recordkeeping violations. The cases signal that FINRA remains prepared to hold individual CCOs accountable, not just the firms they work for.
FMCSA Clearinghouse Violations Topped 7,000 in 2025 โ Missed Queries Are the Most Common Failure
FMCSA enforcement data from 2025 showed more than 7,000 Drug and Alcohol Clearinghouse violations โ the overwhelming majority involving missed pre-employment or annual queries. The data reveals an ongoing pattern of Clearinghouse compliance failures five years into the mandate.
Congress Introduces SAFER in Transport Act to Give FMCSA Criminal Enforcement Authority Over Freight Fraud
H.R. 8267, introduced April 20, would give FMCSA criminal enforcement authority over freight fraud and establish new coordination mechanisms between DOT, DOJ, and Customs and Border Protection. The bill has bipartisan support and backing from the American Trucking Associations.
FMCSA Revokes 14 ELDs from Approved List โ Carriers Have Until February to Replace Devices or Face Out-of-Service Orders
FMCSA removed 14 electronic logging devices from its registered list after the manufacturers failed to meet minimum technical requirements. Carriers using the revoked devices had until February 7, 2026 to replace them or face hours-of-service violations at roadside inspections.