25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

Posted By on Jun 8, 2021

Lafourche Medical Group, a Louisiana-based urgent care center operator, has notified 34,862 patients about a security breach that potentially involved some of their protected health information.

On March 30, 2021, Lafourche Medical Group learned that an external accountant had responded to a phishing email that spoofed one of the owners of Lafourche Medical Group and disclosed login credentials to the attacker. The compromised credentials were used to gain access to the group’s Microsoft 365 environment.

A third-party IT company was engaged to assist with the investigation, but found no evidence to suggest its on-premise systems or cloud-based electronic medical record system were compromised; however, the credentials could have been used to view or download data from its Microsoft 365 environment, which contained some patient information. “Due to the size of the email system, we are unable to identify all potential patient information that may have been contained in the system,” explained Lafourche Medical Group in its substitute breach notice.

Clinical information was not compromised; however, emails were used to communicate certain patient information for billing and other clinic purposes. The types of information often sent via email includes names, addresses, dates of birth, dates of service, e-mail addresses, telephone numbers, medical record numbers, insurance and health plan beneficiary numbers, guarantor names, diagnoses, treating practitioner names, and lab test results.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A more robust vetting process has been implemented for business associates and a third-party IT consultancy was engaged to reassess its computer system and security measures and to recommend best practices for improving information security.  Several measures have now been implemented to improve security, including strengthening the firewall and spam and malware filters, implementing stricter password policies, adding multi-factor authentication for mobile access, and retraining the staff on cybersecurity, social engineering, and phishing.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist