Risk Alert — Phishing Emails Being Sent as Official OCR Communication

November 23, 2016 Cathy Bryant

The Office of Civil Rights (OCR) is alerting physician practices, their business associates, and other HIPAA-covered entities about phishing emails that are being sent disguised as official OCR audit communication.

The emails are being sent on falsified U.S. Department of Health and Human Services (HHS) letterhead under the signature of OCR’s Director, Jocelyn Samuels.

The emails prompt recipients to click on a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link leads to a non-governmental website marketing a firm’s cyber security services. In no way is this firm associated with the HHS or OCR. 

The phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at http://www.hhs-gov.us. This is a subtle difference from the official email address for our HIPAA audit program, OSOCRAudit@hhs.gov, but such subtlety is typical in phishing scams.

Official

Scam

OSOCRAudit@hhs.gov

OSOCRAudit@hhs-gov.us

 

 

 

 

Covered entities and business associates should alert their employees of this issue and note that official communications regarding the HIPAA audit program are sent from the email address OSOCRAudit@hhs.gov.

In addition, OCR has notified select business associates of their inclusion in Phase 2 HIPAA audits.  For more information on the HIPAA Phase 2 Audits, please visit the OCR’s audit program website.

TMLT provides Cyber Risk Management services to physicians. Learn more at our cyber risk management page.

 

 

 

About the Author

Cathy Bryant

Cathy joined TMLT in 2010 and serves as the Senior Compliance and Risk Management Representative. Cathy leads the development and implementation of TMLT’s cyber risk management services. Cathy Bryant can be reached at cathy-bryant@tmlt.org.

More Content by Cathy Bryant
Previous Article
Authentication — A Vulnerability in Your Practice?

Under the ever-present threat of an attack by cyber criminals, health care entities are taking a closer loo...

Next Article
8 Tips For Improving Patient Satisfaction

View "8 Tips for Improving Patient Satisfaction," part two of a three part video series on improving physic...