WellPoint, Inc. Data Breach (2009)

A security weakness in an online application database left the electronic protected health information of 612,402 individuals accessible to unauthorized individuals over the internet. The organization was investigated by the HHS OCR and found to be at fault. The resulting fine was $1.7 million to settle.