The Department of Health and Human Services reduced its fines for violations of HIPAA — the law requiring health care industries to protect customer data, according to a notice this week in the Federal Register. Driving the news: The new rules reduce a maximum fine of $1.5 million to a maximum fine of $250,000.
The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.