Lafourche Medical Group to pay $480K in landmark HHS phishing action
By 
Kyle Brasseur2023-12-08T16:48:00
Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) has reached under the Health Insurance Portability and Accountability Act (HIPAA).
Lafourche additionally consented to be monitored by the OCR for a period of two years, as well as agreeing to a corrective action plan, the agency announced Thursday.
In May 2021, Lafourche reported to the HHS it was breached through a phishing attack that occurred two months prior. The attack affected the electronic protected health information of nearly 35,000 individuals, the agency’s investigation found.
Related articles
-
News BriefChange Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
-
News BriefMontefiore Medical Center to pay $4.8M over employee’s data theft
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
-
News BriefHHS: New cybersecurity regs on the way for hospitals
Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.
More from Regulatory Enforcement
-
ArticleSeven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
-
News BriefDOJ charges crypto executive with laundering $530M for sanctioned Russian banks
The Department of Justice has charged the founder of cryptocurrency company Evita with 22 violations for allegedly laundering more than $500 million through U.S. banks and cryptocurrency exchanges, on behalf of sanctioned Russian entities.
-
News BriefSEC Chair Atkins signals end to ‘regulation by enforcement’ in line with Trump’s pro-crypto agenda
The Securities and Exchange Commission Chair Paul Atkins explained his agency’s shift on cryptocurrency regulation to a Senate committee as legislators bargain over President Donald Trump’s “One Big Beautiful Bill” and the GENIUS Act, which would have the federal government invest heavily in cryptocurrency.