The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert Monday regarding a phishing email disguised as an official OCR audit communication.
“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates,” OCR stated in the alert.
The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services, according to OCR.
“In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously,” OCR stated.
The agency advises that any organizations with questions as to whether they have received an official communication from OCR regarding a HIPAA audit should contact that agency via email at [email protected].
