LaFourche Medical Group pays $480,000 to settle ransomware attack affecting 35.000 patients: An emergency and occupational medicine practice in Louisiana was a ransomware victim in 2021, the result of a successful email phishing attack. While it does not appear that the attack involved encryption, it did allow the hacker to access patient information, which gave the attacker the ability to seek a ransom payment for the return of the PHI.
Unsurprisingly, OCR cited lack of risk analysis and lack of sufficient policies and procedures as the basis of the fine.