Skip to main content

The First Phishing Attack Settlement $480,000 Announced!

Written by Modern Practice Solutions on . Posted in Modern Practice Solutions.

Gavel on money laying wooden table

The OCR reached a $480,000 settlement with a Louisiana medical group after a phishing attack compromised the information of 35,000 patients. Phishing attacks can result in identity theft, financial loss, discrimination, stigma, mental anguish, negative consequences to reputation, health, or physical safety of the individuals, or to others identified in the individual’s protected health information, according to the Office of Civil Rights.

Training on Phishing Attacks

Modern Practice Solutions has been providing on phishing attacks for quite a few years in our standard HIPAA-Cyber courses. We demonstrate how the cybercriminal mimics a reputable site to pretend the email is from that organization. For example, rather than someone@amazon.com, the email may be from someone@mazon.com. Without carefully reviewing the sender’s information, the person receiving the email may be deceived. The body of the email may indicate that the person’s account was compromised and to click on the link to secure the account. By clicking on the link, the receiver has now compromised the data.

OCR Findings in the Recent Breach

When the OCR investigated this recent phishing attack, they learned that the medical group did not conduct a risk analysis. This process critically identifies potential threats or vulnerabilities to electronic protected health information.

HIPAA Security Risk Assessment

Have you conducted your HIPAA Security Risk Assessment? If not, please schedule this important service.

Reviewing System Activity

The OCR also noted in this recent breach that the medical group did not have policies or procedures in place to regularly review information system activity to safeguard protected health information. Have you contracted with your IT group or 3rd party to review your system activity? This is critical in order to safeguard the information you maintain on patients against cyberattacks.

Required Corrective Actions

The medical group needed to complete the following:

  • Establish and implement security means to reduce security risks and vulnerabilities to ePHI.
  • Develop, maintain, and revise written policies and procedures to comply with HIPAA.
  • Provide training to staff.

Importance of Compliance

Complying with HIPAA and recognized security practices isn’t just a good idea—it’s mandatory. If you experience a cyberattack and you have no proof you’re endeavoring to be in compliance, you too will be subject to hefty penalties. Avoid facing a Phishing Attack Settlement similar to this case.

Protect Your Practice and Reputation

Protect your practice and your reputation; get into compliance!

Contact Us

Author

  • Modern Practice Solutions

    If you need support with OSHA and HIPAA compliance, you’re in the right place. Since 2000, we’ve been helping dental practices navigate these complex regulations. We understand the increasing challenges posed by evolving compliance requirements, cyber threats, and the significant government penalties for non-compliance. Let us help you stay protected and compliant.

    View all posts

Compliance Law, Dental Law, HIPAA, Modern Practice Solutions, Phishing Attack Settlement

Modern Practice Solutions

If you need support with OSHA and HIPAA compliance, you’re in the right place. Since 2000, we’ve been helping dental practices navigate these complex regulations. We understand the increasing challenges posed by evolving compliance requirements, cyber threats, and the significant government penalties for non-compliance. Let us help you stay protected and compliant.