The U.S. Department of Health and Human Services' Office for Civil Rights announced its first ever phishing settlement, a USD480,000 fine to Lafourche Medical Group. OCR said Lafourche Medical Group did not conduct a risk analysis to identify potential threats to its health information systems, leading to a data breach involving 34,862 patients.
OCR reaches first phishing settlement
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
