Home Health Law OCR Takes Enforcement Motion for Phishing Assault

OCR Takes Enforcement Motion for Phishing Assault

0
OCR Takes Enforcement Motion for Phishing Assault

[ad_1]

Final week, the Workplace for Civil Rights (“OCR”) introduced a settlement with Lafourche Medical Group (“LMG”), a Louisiana medical group, for a 2021 phishing assault and breach that affected the protected well being info (“PHI”) of 34,862 people. Along with paying $480,000 to OCR, LMG agreed to a corrective motion plan that may embody implementing safety measures to guard digital PHI, creating written insurance policies and procedures to adjust to HIPAA guidelines, and coaching employees members.

Via a phishing assault, in March 2021, a hacker gained entry to an proprietor’s e-mail account. The e-mail account contained sufferers’ PHI, and since LMG was unable to find out the precise sufferers affected, it notified all 34,862 of its sufferers. OCR investigated and located that LMG by no means performed a safety danger evaluation previous to the incident. LMG additionally had not applied procedures to often overview data of data system exercise.

Phishing continues to be probably the most pervasive assault vector in cybersecurity incidents, typically leading to breaches of PHI and different delicate info. It due to this fact stays important for lined entities and enterprise associates to implement measures to scale back the chance related to phishing assaults, together with often coaching workforce members on easy methods to acknowledge and keep away from falling prey to phishing assaults. Organizations also needs to think about conducting phishing simulations whereby simulated phishing emails are despatched to workforce members to imitate real-world phishing assaults. This not solely gives invaluable instructing moments to those that fail these simulations but in addition gives invaluable metrics to organizations.

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here