- Home
- About
- Insurance
- Quote
- Dental/Health
- Service
- Notary
- News
- Referral Partners
- Agent Resources
Interested in Cyber?
Get automatic alerts for this topic.
[ad_1]
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), last month announced that Lafourche Medical Group, a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing, agreed to a settlement over a 2021 phishing attack.
The settlement resolves an investigation following a phishing incident that affected the electronic protected health information of approximately 34,862 individuals This marks the first settlement OCR has resolved involving a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Rules. HIPAA is the federal law that protects the privacy and security of health information.
Lafourche Medical Group agreed to pay $480,000 to OCR and to implement a corrective action plan that will be monitored by OCR for two years.
On May 28, 2021, Lafourche Medical Group filed a breach report with HHS stating that a hacker, through a successful phishing attack on March 30, 2021, gained access to an email account that contained electronic protected health information. When protected health information is compromised by a cyber-attack breach such as phishing, incredibly sensitive information about an individual’s medical records is at risk. The types of sensitive information can include medical diagnoses, frequency of visits to a therapist or other health care professionals, and where an individual seeks medical treatment.
OCR’s investigation revealed that, prior to the 2021 reported breach, Lafourche Medical Group failed to conduct a risk analysis to identify potential threats or vulnerabilities to electronic protected health information across the organization as required by HIPAA. OCR also discovered that Lafourche Medical Group had no policies or procedures in place to regularly review information system activity to safeguard protected health information against cyberattacks.
Lafourche Medical Group will take the following steps to resolve and comply with:
Source: HHS
Was this article valuable?
Here are more articles you may enjoy.
Get automatic alerts for this topic.
[ad_2]
Source link
Comment (0)