Lafourche Medical Group to pay $480K in landmark HHS phishing action
By 
Kyle Brasseur2023-12-08T16:48:00
Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) has reached under the Health Insurance Portability and Accountability Act (HIPAA).
Lafourche additionally consented to be monitored by the OCR for a period of two years, as well as agreeing to a corrective action plan, the agency announced Thursday.
In May 2021, Lafourche reported to the HHS it was breached through a phishing attack that occurred two months prior. The attack affected the electronic protected health information of nearly 35,000 individuals, the agency’s investigation found.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefChange Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
-
News BriefMontefiore Medical Center to pay $4.8M over employee’s data theft
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
-
News BriefHHS: New cybersecurity regs on the way for hospitals
Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
More from Regulatory Enforcement
-
News BriefFTC orders GoDaddy to upgrade cybersecurity defenses following three breaches
The Federal Trade Commission has ordered web hosting company GoDaddy to implement a “robust” information security program following at least three data breaches that the agency said were aided by lax cybersecurity measures.
-
News BriefFTC shuts down student loan firms over deceptive debt relief practices
The U.S. Federal Trade Commission (FTC) took action against a pair of student loan debt relief companies for allegedly deceiving borrowers. The move came despite the Trump administration’s broader efforts to roll back enforcement actions against businesses since taking office.
-
News BriefCoinbase faces a leftover SEC probe as crypto enforcement loses steam
After dismissing its lawsuit against the crypto exchange Coinbase in March, a second investigation into the exchange by the Securities and Exchange Commission has surfaced, according to a report from the New York Times. This comes as a bit of a surprise after the Trump administration has been scaling down ...