Blog - Page 5 of 5 - HIPAA Training

HIPAA Fine of $480,000 imposed by HHS’ Office for Civil Rights on Louisiana Medical Group Following Discovery of Extensive Phishing Cyber Attack Impacting Almost 35,000 Patients

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), disclosed a resolution with Lafourche Medical Group, a Louisiana-based medical entity specializing in emergency medicine, occupational medicine, and laboratory testing. The agreement concludes an inquiry prompted by a phishing attack that impacted the electronic protected health information of around 34,862 individuals. Phishing, a form of cybersecurity attack, involves deceiving individuals into revealing sensitive information through electronic means, like email, by posing as a trustworthy entity. This settlement represents the first instance in which OCR has addressed a phishing attack under the Health Insurance Portability and Accountability Act [...]

How Sanction Policies Can Support HIPAA Compliance

Last year, the Health Sector Cybersecurity Coordination Center (HC3) under the Department of Health and Human Services (HHS) issued a threat brief outlining various social engineering tactics employed by hackers to infiltrate healthcare information systems. The brief recommended multiple protective measures to counter social engineering, one of which emphasized holding every department accountable for security. An organization's sanction policies foster accountability and enhance cybersecurity and data protection. Sanction policies serve as valuable tools in addressing the deliberate actions of malicious insiders, such as data theft by identity theft rings, and addressing instances where workforce members fail to adhere to policies and [...]