Chat with us, powered by LiveChat

ALERT! Email Disguised as OCR Communication

In recent years, many of us have become familiar with email phishing scams. These fraudulent messages are designed to take the recipients money and/or identity under false pretenses. Often, phishing emails create confusion and are attached to familiar, trusted sources. Examples of these include:

  1. FedEx/UPS/USPS or other shipping notices
  2. Online banking
  3. Invoices sent from impersonated email addresses
  4. Facebook and social mediaHealth and Human Services

Yesterday, the Office for Civil Rights (OCR) issued a notice regarding a phishing email scam targeting employees of HIPAA covered entities and their business associates.

The email being circulated appears to be official government communication on mock U.S. Department of Health & Human Services (HHS) Departmental letterhead and includes the signatures of OCR’s Director, Jocelyn Samuels.

The fraudulent email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.  Upon doing so, the link directs individuals to a non-governmental website marketing a firm’s cyber security services.

It is imperative that covered entities and their business associates understand that in no way is this cyber security firm associated with their audit communication and the email should not be acted upon if received.  We recommend training and awareness that includes this type of email phishing as part of the over-arching cyber security program.

In the event that you or your organization has a question as to whether it has received an official communication from OCR regarding a HIPAA audit, email:

Speak Your Mind