Lexology December 12, 2023
Crowell & Moring LLP

Last week, the Office for Civil Rights (“OCR”) announced a settlement with Lafourche Medical Group (“LMG”), a Louisiana medical group, for a 2021 phishing attack and breach that affected the protected health information (“PHI”) of 34,862 individuals. In addition to paying $480,000 to OCR, LMG agreed to a corrective action plan that will include implementing security measures to protect electronic PHI, developing written policies and procedures to comply with HIPAA rules, and training staff members.

Through a phishing attack, in March 2021, a hacker gained access to an owner’s email account. The email account contained patients’ PHI, and because LMG was unable to determine the specific patients affected, it notified all 34,862 of its patients. OCR investigated and found that...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Govt Agencies, HHS, Provider
Related Articles:
HIMSS25: Other News From Around the Conference
AI model uses ECGs to detect females at high risk of heart disease
Decline in breast cancer death rates has stalled for youngest and oldest women
What are people asking about COVID-19—and what do doctors wish patients knew?
Everything You Need to Know About Sterilization Cases and Their Role in Healthcare

Share This Article