HHS Settles with PIH Health Over Phishing Attack and HIPAA Violations

The United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), has announced a settlement with PIH Health, Inc. (PIH), a healthcare network in California, regarding potential violations of the 1996 HIPAA law. The violations stem from a phishing attack that exposed unsecured electronic protected health data. The attack resulted in a $600,000 fine for PIH Health.