Health system pays feds $600K to settle HIPAA breach case

A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 breach triggered by a phishing attack.

The U.S. Department of Health and Human Services on Wednesday said the resolution agreement with Whittier, California-based PIH Health comes in the wake of the federal agency’s investigation into a breach report PIH Health filed in January 2020 – seven months after a June 2019 phishing attack compromised 45 employee email accounts.

Read more at Healthcare Info Security