“Our office is available 24 hours, 7 Days a week. Post Coronavirus, we mainly operate remotely and we are available in our office by appointment. We have several representatives available to take care of your needs however we understand the need to sometimes come into our place of business in order for you to meet with one of our Protection Specialists and discuss your concerns. We highly value the person to person relationship and are readily available to meet with you in person”.
888-995-6019 Office No Ext. 813-995-6013 x 101 Direct.
Email: info@centurioninsuranceafs.com

Louisiana Medical Group to Pay $480K Over Phishing Attack *Centurion Insurance AFS*

Jan 31, 2024 (0) comment , , , , , , , , ,


The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), last month announced that Lafourche Medical Group, a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing, agreed to a settlement over a 2021 phishing attack.

The settlement resolves an investigation following a phishing incident that affected the electronic protected health information of approximately 34,862 individuals This marks the first settlement OCR has resolved involving a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Rules. HIPAA is the federal law that protects the privacy and security of health information.

Lafourche Medical Group agreed to pay $480,000 to OCR and to implement a corrective action plan that will be monitored by OCR for two years.

On May 28, 2021, Lafourche Medical Group filed a breach report with HHS stating that a hacker, through a successful phishing attack on March 30, 2021, gained access to an email account that contained electronic protected health information. When protected health information is compromised by a cyber-attack breach such as phishing, incredibly sensitive information about an individual’s medical records is at risk. The types of sensitive information can include medical diagnoses, frequency of visits to a therapist or other health care professionals, and where an individual seeks medical treatment.

OCR’s investigation revealed that, prior to the 2021 reported breach, Lafourche Medical Group failed to conduct a risk analysis to identify potential threats or vulnerabilities to electronic protected health information across the organization as required by HIPAA. OCR also discovered that Lafourche Medical Group had no policies or procedures in place to regularly review information system activity to safeguard protected health information against cyberattacks.

Lafourche Medical Group will take the following steps to resolve and comply with:

  • Establishing and implementing security measures to reduce security risks and vulnerabilities to electronic protect health information in order to keep patients’ protected health information secure;
  • Developing, maintaining, and revising written policies and procedures as necessary to comply with the HIPAA Rules; and
  • Providing training to all staff members who have access to patients’ protected health information on HIPAA policies and procedures.

Source: HHS


Was this article valuable?

Here are more articles you may enjoy.

Interested in Cyber?

Get automatic alerts for this topic.


Source link

Comment (0)

Leave a Comments