April 24, 2020
By Gracie Awalt, Marketing Associate
The Office for Civil Rights (OCR) is alerting health care professionals about an increase in malicious behavior by cyber criminals seeking protected health information (PHI). This increase is occurring as physician practices, hospitals, and other health care organizations are focused on the COVID-19 public health emergency.
According to the alert, an individual posing as an OCR Investigator is calling health care organizations and asking for patient PHI. When the caller is asked for an OCR complaint transaction number or other verifiable information, the caller does not provide the information.
Alert staff members about this caller and instruct them to not release any PHI without first obtaining authentication or confirmation that the request is legitimate. Ask for the investigator’s email address, which will end in @hhs.gov signifying its authenticity. If the investigator provides this valid address, ask for a confirmation email from this address before providing any PHI.
According to the FBI, current scams involving cyber criminals include:
- sending fake emails from the Centers for Disease Control that contain links to malware designed to compromise systems;
- sending phishing emails that ask for the recipient’s personal information in order to receive economic stimulus checks; and
- selling counterfeit personal protective equipment and treatments.
Read the FBI’s public service announcement on COVID-19 fraud schemes to learn more.
Contact OCRMail@hhs.gov if you have additional questions or concerns.