HHS settles first phishing cyberattack investigation with Louisiana medical group

The Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) has agreed a $480,000 settlement with Lafourche Medical Group following a data breach in 2021. It is the first agreement related to a phishing cyberattack resolved by the agency. Lafourche’s failure to conduct a risk analysis and lack of system review procedures were highlighted during OCR’s investigation. The medical group must also follow a corrective action plan monitored by OCR for two years.