Home Health & Hospice Week
Consider Running A Phishing Simulation In Light Of Newly Settled Case
Feds set a punishing precedent for healthcare providers that fall victim to this common cyberattack. If you think the feds will be sympathetic to a HIPAA data breach that was caused by phishing, think again. New case: Last month, the HHS Office for Civil Rights settled its first investigation of a phishing cyberattack. Louisiana-based Lafourche Medical Group identified an email phishing scheme that had impacted 34,862 individuals’ electronic protected health information (ePHI) and filed a HIPAA breach in March 2021. OCR investigated and uncovered that Lafourche had “failed to conduct a risk analysis to identify potential threats or vulnerabilities to electronic protected health information across the organization as required by HIPAA,” a release notes. Plus Lafourche “had no policies or procedures in place to regularly review information system activity to safeguard protected health information against cyberattacks,” the agency says. Lafourche agreed to pay OCR a whopping $480,000 in fines and enter into a two-year corrective action plan (CAP) to resolve the investigation. A large part of the organization’s CAP includes devising a compliance program, implementing risk analysis practices, and training staff. The somewhat stiff penalty comes even though Lafourche self-disclosed the problem, notes attorney Amy O’Neill with law firm King & Spalding in California, in online analysis. “Phishing is the most common way that hackers gain access to health care systems to steal sensitive data and health information,” says OCR Director Melanie Fontes Rainer in the release. “It is imperative that the healthcare industry be vigilant in protecting its systems and sensitive medical records, which includes regular training of staff and consistently monitoring and managing system risk to prevent these attacks. We all have a role to play in keeping our health care system safe and taking preventive steps against phishing attacks,” Fontes Rainer maintains. “Phishing continues to be the most pervasive attack vector in cybersecurity incidents, often resulting in breaches of PHI and other sensitive information,” emphasize attorneys Jodi Daniel and Brandon Ge with law firm Crowell & Moring in Washington, D.C. “It therefore remains critical for covered entities and business associates to implement measures to reduce the risk associated with phishing attacks, including regularly training workforce members on how to recognize and avoid falling prey to phishing attacks,” Daniel and Ge stress in the C&M Health Law blog. Try this: “Organizations should … consider conducting phishing simulations whereby simulated phishing emails are sent to workforce members to mimic real-world phishing attacks,” Daniel and Ge recommend. “This not only provides valuable teaching moments to those who fail these simulations but also provides valuable metrics to organizations,” they say.
Home Health & Hospice Week
- OASIS:
Get Your First Look At Updated OASIS-E1 Tool
Item for COVID vax quality measure is now on deck. For once, Medicare officials are [...] - Hospice:
Third-Ever Hospice Topic Approved For RAC Review
Hot seat gets even toastier for feds’ favorite fraud targets. Hospices should brace for even [...] - Fraud & Abuse:
Will Your State’s Error Rate Land You On Medicare’s ‘Most Wanted’ List For Medical Review?
Meet your CERT contractor before it’s too late. Where your state falls on Medicare’s payment [...] - Medical Review:
Check Out CERT Details With This Resource
Keep tabs on your CERT-requested charts, for starters. If you’re stumped by CERT updates and [...] - Human Resources:
Heed This OSHA Requirement That Changed As Of Jan. 1
Large providers narrowly miss out on regulatory relief. Now that 2024 has arrived, make sure [...] - Compliance:
Follow 4 Key Tips To Sidestep Compliance Pitfalls Under Updated OSHA Reg
Keep close tabs on your employee count if you are anywhere close to the reporting [...] - HIPAA:
Consider Running A Phishing Simulation In Light Of Newly Settled Case
Feds set a punishing precedent for healthcare providers that fall victim to this common cyberattack. [...] - Industry Notes:
Stay Tuned To IQIES For Upcoming VBP Data
Plus: TEP mulls adding equity points, like in SNF VBP. The New Year brings new [...] - Industry Notes:
Don't Forget: New Year Brings New dNPWT Billing Procedures
Don’t let a post-holiday haze scramble your new billing for certain wound care supplies. “Effective [...] - Industry Notes:
NAHC-NHPCO Merger Advances
The potential merger between the National Association for Home Care & Hospice and the National [...] - Industry Notes:
Brookdale Sells Remaining Home Health Interest
Brookdale Senior Living Inc. has sold “its remaining 20 percent equity interest in its Health [...] - Industry Notes:
Pennant Partners With Nonprofit
The Pennant Group Inc. has entered a home health joint venture with nonprofit John Muir [...] - Industry Notes:
Learn Health Equity Report Details
If you missed Medicare’s November question-and-answer session about its new Health Equity Confidential Feedback Reports [...]
