Skip to main content
Skip to navigation

Regulatory Enforcement

Lafourche Medical Group to pay $480K in landmark HHS phishing action

By Kyle Brasseur2023-12-08T16:48:00

Louisiana-based Lafourche Medical Group agreed to pay $480,000 as part of the first phishing attack-related settlement the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) has reached under the Health Insurance Portability and Accountability Act (HIPAA).

Lafourche additionally consented to be monitored by the OCR for a period of two years, as well as agreeing to a corrective action plan, the agency announced Thursday.

In May 2021, Lafourche reported to the HHS it was breached through a phishing attack that occurred two months prior. The attack affected the electronic protected health information of nearly 35,000 individuals, the agency’s investigation found.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
Change Healthcare facing HHS probe following crippling cyberattack

2024-03-14T19:45:00Z By Adrianne Appel

Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
News Brief
Montefiore Medical Center to pay $4.8M over employee’s data theft

2024-02-07T21:51:00Z By Adrianne Appel

Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
News Brief
HHS: New cybersecurity regs on the way for hospitals

2023-12-07T18:34:00Z By Adrianne Appel

Hospitals can soon expect to see new draft cybersecurity regulations and benchmarking goals, according to the Department of Health and Human Services.

More from Regulatory Enforcement

News Brief
SEC’s Uyeda: ‘Enforcement is the wrong way’ to handle off-channel communications

2026-03-19T21:08:00Z By Aaron Nicodemus

The U.S. Securities and Exchange Commission’s Mark Uyeda told an audience of investment advisers that the SEC will no longer prioritize stand-alone enforcement actions for violations of the SEC’s rules on off-channel communications.
News Brief
Adobe agrees to $150M settlement over alleged cancellation fee violations

2026-03-17T21:22:00Z By Oscar Gonzalez

Adobe agreed to a $150 million settlement with the U.S. Department of Justice over accusations that it concealed software termination fees and made it difficult for customers to cancel.
Article
U.K. competition regulator ‘very likely’ to use new enforcement powers despite government’s pro-growth agenda

2026-03-13T21:06:00Z By Neil Hodge

New powers granted to the U.K.’s main competition watchdog will result in greater scrutiny, tougher enforcement, and a stark warning for companies to review their sales and marketing promotions—especially since some practices have been pushed firmly into the spotlight thanks to legislation that came into effect last year.