Lafourche Medical Group to pay $480K in landmark HHS phishing action
By 
Kyle Brasseur2023-12-08T16:48:00
Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) has reached under the Health Insurance Portability and Accountability Act (HIPAA).
Lafourche additionally consented to be monitored by the OCR for a period of two years, as well as agreeing to a corrective action plan, the agency announced Thursday.
In May 2021, Lafourche reported to the HHS it was breached through a phishing attack that occurred two months prior. The attack affected the electronic protected health information of nearly 35,000 individuals, the agency’s investigation found.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefChange Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
-
News BriefMontefiore Medical Center to pay $4.8M over employee’s data theft
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
-
News BriefHHS: New cybersecurity regs on the way for hospitals
Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
More from Regulatory Enforcement
-
ArticleFrench investigators target anticompetitive practices in largest accounting firms
Major accountancy firms in France are under investigation for anti-competitive practices. The French competition watchdog embarked on a series of “unannounced inspections” and removed documents relating to audit and reporting on Jan. 13.
-
ArticleEU investigation into Grok may expose problems with DSA rather than compliance failings
The European Commission has launched a formal investigation against Elon Musk’s X under the Digital Services Act over fears that its AI tool Grok may be producing and disseminating illegal material.
-
ArticleFormer ADM execs inflated operating profits, SEC alleges
Three former executives at Archer-Daniels-Midland intentionally misled investors by inflating the performance of the company’s Nutrition unit, the U.S. Securities and Exchange Commission has alleged.