Lafourche Medical Group to pay $480K in landmark HHS phishing action

By Kyle Brasseur2023-12-08T16:48:00+00:00

No comments

Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) has reached under the Health Insurance Portability and Accountability Act (HIPAA).

Lafourche additionally consented to be monitored by the OCR for a period of two years, as well as agreeing to a corrective action plan, the agency announced Thursday.

The details: In May 2021, Lafourche reported to the HHS it was breached through a phishing attack that occurred two months prior. The attack affected the electronic protected health information of nearly 35,000 individuals, the agency’s investigation found.

The OCR determined Lafourche failed to conduct a proper risk analysis of potential threats to electronic protected health information as required by HIPAA and did not have policies or procedures in place to regularly review information system activity.

Compliance considerations: Under its corrective action plan, Lafourche agreed to:

Implement security measures to reduce risks to electronic protected health information;
Develop, maintain, and revise written policies and procedures as necessary to comply with HIPAA; and
Provide training to all staff members who have access to patients’ protected health information on HIPAA policies and procedures.

Lafourche did not admit liability in reaching settlement. The company could not be reached for comment.

Kyle Brasseur

Kyle Brasseur is Editor in Chief of Compliance Week. His background includes expertise in user personalization with ESPN.com.View full Profile

Topics

No comments

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor.

News Brief
Change Healthcare facing HHS probe following crippling cyberattack

2024-03-14T19:45:00Z By Adrianne Appel

Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
News Brief
Montefiore Medical Center to pay $4.8M over employee’s data theft

2024-02-07T21:51:00Z By Adrianne Appel

Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
News Brief
HHS: New cybersecurity regs on the way for hospitals

2023-12-07T18:34:00Z By Adrianne Appel

Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from Regulatory Enforcement

News Brief
TikTok bans mount across globe amid EU, U.S. crackdown

2024-04-26T17:40:00Z By Jeff Dale

TikTok is suspending new features amid an inquiry by the European Commission into its compliance with the Digital Services Act, all while responding to a U.S. ban just signed into law.
News Brief
Czech DPA fines Avast $15M over GDPR violations

2024-04-25T16:33:00Z By Jeff Dale

The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
News Brief
Consolidated Nuclear Security to pay $18.4M over timecard false claims

2024-04-24T14:55:00Z By Jeff Dale

Consolidated Nuclear Security agreed to pay $18.4 million to settle alleged False Claims Act violations regarding the submission of timecards for unworked hours to the National Nuclear Security Administration.

Lafourche Medical Group to pay $480K in landmark HHS phishing action

More from Kyle Brasseur

CW2024 panelists explain why BYOD at center of off-channel comms debate

FCA exploring how Big Tech data can aid financial services

Intersection of compliance, IT one of opportunity

Topics

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor.

Related articles

Change Healthcare facing HHS probe following crippling cyberattack

Montefiore Medical Center to pay $4.8M over employee’s data theft

HHS: New cybersecurity regs on the way for hospitals

No comments yet

Only registered users can comment on this article.

More from Regulatory Enforcement

TikTok bans mount across globe amid EU, U.S. crackdown

Czech DPA fines Avast $15M over GDPR violations

Consolidated Nuclear Security to pay $18.4M over timecard false claims

“For tracking litigation, enforcement, and regulatory developments, Compliance Weekshould be your prime source.”

Lafourche Medical Group to pay $480K in landmark HHS phishing action

Topics

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor. googletag.cmd.push(function() { googletag.display('div-gpt-ad-B'); });

Related articles

No comments yet

Only registered users can comment on this article.

More from Regulatory Enforcement

“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact the CW Editor.