Health Law Highlights

OCR Increases Focus on Phishing Attacks Against Healthcare Providers

Summary of article from Morgan Lewis, by Amy M. Magnano, Michael J. Madderra:

In response to a significant rise in phishing attacks, the US Department of Health and Human Services’ Office for Civil Rights (OCR) is emphasizing the importance of regular risk assessments and best practices to protect sensitive data. The OCR’s first phishing cyberattack settlement involved the Lafourche Medical Group, which failed to implement necessary safeguards, resulting in a breach that compromised the data of nearly 35,000 individuals. The OCR’s resolution included a $480,000 fine and a two-year monitoring period for Lafourche. Future phishing attacks are anticipated to become more sophisticated due to advancements in AI, further emphasizing the need for regular security policy updates and employee education.