"It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services. In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously."
Networking, Governance, Risk and Compliance, MSP, Vertical markets
Fake HIPAA Audit Emails: Phishing Attacks Continue, Ransomware Next?

Sometimes an alleged HIPAA audit isn't an actual HIPAA audit. Indeed, healthcare organizations and their partners should be on the lookout for phishing emails that allegedly involve HIPAA audits. In reality, the illegitimate emails could be an attempt to steal personal information.The Office for Civil Rights (OCR), part of the U.S. Department of Health and Human Services (HHS), issued a warning about the phishing attempts on November 28, 2016. At the time the OCR stated:The OCR goes on to describe specific email addresses and websites that could be cause for concern.
You can skip this ad in 5 seconds