Skip to content Skip to navigation

OCR Issues Alert about Phishing Email Disguised as Official OCR Audit Email

November 28, 2016
by Heather Landi
| Reprints
Click To View Gallery

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert Monday regarding a phishing email disguised as an official OCR audit communication.

“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates,” OCR stated in the alert.

The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services, according to OCR.

“In no way is this firm associated with the U.S. Department of Health and Human Services or the Office for Civil Rights. We take the unauthorized use of this material by this firm very seriously,” OCR stated.

The agency advises that any organizations with questions as to whether they have received an official communication from OCR regarding a HIPAA audit should contact that agency via email at OSOCRAudit@hhs.gov.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Trump Administration Appoints Peter Severino to Head Office for Civil Rights

Roger Severino, a former staffer at The Heritage Foundation, has been appointed as the director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS).

ACP: EHRs Have Great Benefits, but Raise Ethical Questions, Too

Electronic health records (EHRs) should facilitate high value patient-centered care, strong patient-physician relationships, and effective training of future physicians, but they also raise ethical questions, the ACP wrote.

Allegheny Health Network, VA Pittsburgh Integrate EMR Systems

Allegheny Health Network (AHN), based in Pittsburgh, and VA Pittsburgh Healthcare System (VAPHS), have announced the successful integration of their electronic medical record (EMR) platforms.

Wisconsin Urology Group Notifies Patients of Data Breach Due to Ransomware Attack

Wauwatosa, Wis.-based Metropolitan Urology Group has notified its patients of a breach of unsecured patient health information due to a ransomware attack back in November 2016.

Study: For Post-Op Patients, Mobile Apps for Follow-Up Care Led to Fewer In-Person Visits

For patients undergoing ambulatory surgery, those who used a mobile app for follow-up care attended fewer in-person visits post- operation than patients who did not use the app, according to a study in JAMA Surgery.

Information Blocking is Routine and Fairly Widespread, Survey of HIEs Finds

In a survey, 50 percent of HIE leaders said electronic health record (EHR) vendors "routinely" engage in information blocking, and 25 percent reported that hospitals and health systems routinely engage in business practices that interfere with electronic health information exchange.