HIPAA TIP: OCR Enforcement

HHS Office for Civil Rights Settles Landmark Phishing Cyber-Attack Investigation

Louisiana Medical Group settles after investigation reveals large cybersecurity breach affecting nearly 35,000 patients

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Lafourche Medical Group that specializes in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a phishing attack that affected the electronic protected health information of approximately 34,862 individuals.

“Phishing is the most common way that hackers gain access to health care systems to steal sensitive data and health information,” said OCR Director Melanie Fontes Rainer. “It is imperative that the health care industry be vigilant in protecting its systems and sensitive medical records, which includes regular training of staff and consistently monitoring and managing system risk to prevent these attacks. We all have a role to play in keeping our health care system safe and taking preventive steps against phishing attacks.”

The dangers of email phishing cannot be stressed enough with your employees, owners and C Suite, and the importance of looking for the red flags:

  • Email address that is not recognized
  • Misspelled words within the email
  • A request that doesn’t make sense or seems suspicious
  • There is a sense of urgency to complete the request

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.