HIPAA Fine of $480,000 imposed by HHS’ Office for Civil Rights on Louisiana Medical Group Following Discovery of Extensive Phishing Cyber Attack Impacting Almost 35,000 Patients

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), disclosed a resolution with Lafourche Medical Group, a Louisiana-based medical entity specializing in emergency medicine, occupational medicine, and laboratory testing. The agreement concludes an inquiry prompted by a phishing attack that impacted the electronic protected health information of around 34,862 individuals. Phishing, a form of cybersecurity attack, involves deceiving individuals into revealing sensitive information through electronic means, like email, by posing as a trustworthy entity. This settlement represents the first instance in which OCR has addressed a phishing attack under the Health Insurance Portability and Accountability Act [...]