HHS Reaches First Cybersecurity Settlement

Medical group agrees to pay a $480,000 fine for sub-par security.

The Department of Health and Human Services (HHS) reached its first cybersecurity settlement this month, fining Lafourche Medical Group $480,000 for failing to maintain secure connections in their computer network. 

In 2021, Lafourche Medical Group filed a breach report with HHS, telling the department that a hacker succeeded in launching a phishing attack against their network, and gained access to a highly sensitive email account. This account contained the electronic health information of approximately 34,862 individuals, all of which were compromised after the attack.

After concluding an investigation into the matter, the department determined that this attack was possible due to the security failures of the medical group, which should have had procedures in place to regularly review system activity. Along with the fine, the medical group agreed to be monitored by HHS for two years, ensuring the implementation of a new cybersecurity plan for its computer networks.

As the Lord Leads, Pray with Us…

  • For Secretary Becerra to be led by the Lord as he oversees the Health and Human Services Department.
  • For HHS cyber security specialists as they seek to ensure the private health information of Americans is adequately protected.

Sources: Department of Health and Human Services


Back to top