I’m aware of them.

Let’s look at some of the most historic:

• NY Presbyterian Hospital - with no real efforts on their end to prevent the violation of thousands of records, they got a whopping fine of… Under $5 million.
• AHC - lack of risk analysis, failures in procedures and policies, etc - Just over $5 million.
• Data breaches - usually around $4-5mil, the worst case being Anthem, about 80 million people effected - $16 million in fines. A record.

Criminal offenses? Yeah, plenty of those - with individuals, usually related to that information then being used for other purposes (scams, theft, etc).

But a company like Microsoft, you’re going to have a hard time convincing me it’s going to ruin the company. The history of HIPAA violations and their fines tell a very different story.

You’re right they don’t, but only for covered entities which MS is not in any shape or form

It’s just like when Grindr or whatever leaked people’s STD status, they nor MS are a medical provider or “covered business entity”

HIPAA is an ok privacy law, but it is not the all supreme health privacy law you think it is

You should read up on anyone even coming close to being beholden to those penalties, because they absolutely do fuck around when its corporations.